Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e32322e302f32342d3234203d3e203432363839.roa
File:                     34362e33332e32322e302f32342d3234203d3e203432363839.roa (raw, json)
Hash identifier:          Tm0Z4xesgOk8Jxe3eNHvMomJFEBuzkiRI34ixxMUPYM=
Subject key identifier:   C3:6E:EE:2F:E1:B0:01:D0:02:DF:BF:F1:FB:26:79:63:07:ED:0D:47
Certificate issuer:       /CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
Certificate serial:       542B3DAA142E6200DE9B5638F5A6747050DF3ADE
Authority key identifier: 73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e32322e302f32342d3234203d3e203432363839.roa
Signing time:             Thu 07 Nov 2024 10:51:41 +0000
ROA not before:           Thu 07 Nov 2024 10:46:41 +0000
ROA not after:            Thu 06 Nov 2025 10:51:41 +0000
asID:                     42689
IP address blocks:        46.33.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:2b:3d:aa:14:2e:62:00:de:9b:56:38:f5:a6:74:70:50:df:3a:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=735d93706cbf4688ce7d60fc0ed693d4cc4a9326
        Validity
            Not Before: Nov  7 10:46:41 2024 GMT
            Not After : Nov  6 10:51:41 2025 GMT
        Subject: CN=C36EEE2FE1B001D002DFBFF1FB26796307ED0D47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b6:e9:1b:a4:bd:61:69:5d:dc:05:c9:60:32:
                    6d:00:17:b8:b3:12:c3:3c:ec:ec:6f:f6:7f:1d:5b:
                    3f:2e:f8:28:8a:84:e2:b9:2d:cf:5e:8e:e1:16:e6:
                    6c:de:c7:98:f3:51:5f:65:c9:e6:4f:0b:b9:3e:4a:
                    3d:4c:bb:d1:f2:8c:46:9c:2e:50:47:60:2d:4b:36:
                    bc:e2:e0:c5:52:37:8a:0e:6a:e4:16:10:0a:a5:6a:
                    7c:77:90:21:0f:87:48:d2:dc:61:46:67:ec:e2:71:
                    f2:ed:17:fb:a2:d5:50:56:f9:52:04:ba:3f:4f:20:
                    d4:a3:d8:65:40:db:df:43:8f:39:64:ed:04:a7:88:
                    56:46:c7:3f:3f:37:f0:ee:94:df:c5:7d:3d:fc:36:
                    fe:27:f8:49:a3:96:3a:41:48:50:f5:da:8d:d7:e7:
                    2e:c4:35:1a:60:77:8c:86:7b:ad:16:84:96:53:10:
                    3c:24:d3:b5:fd:44:fe:18:95:e6:ef:f7:da:fa:5e:
                    9e:5f:ff:d8:83:e0:cc:b4:a2:48:cc:ac:11:39:50:
                    26:7f:eb:23:74:ab:a1:b9:d7:8a:63:95:0d:b7:71:
                    2a:ab:d7:46:a2:46:ba:08:19:87:0b:df:33:27:d1:
                    d5:f2:a3:5a:07:56:2f:b8:d7:2c:0d:7a:d8:34:9a:
                    26:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:6E:EE:2F:E1:B0:01:D0:02:DF:BF:F1:FB:26:79:63:07:ED:0D:47
            X509v3 Authority Key Identifier:
                keyid:73:5D:93:70:6C:BF:46:88:CE:7D:60:FC:0E:D6:93:D4:CC:4A:93:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/735D93706CBF4688CE7D60FC0ED693D4CC4A9326.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c12TcGy_RojOfWD8DtaT1MxKkyY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2e6da5c7-670a-41b1-96eb-3899388b292c/0/34362e33332e32322e302f32342d3234203d3e203432363839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:4a:b5:cf:c4:8d:7a:b6:4a:69:32:91:cc:94:8b:aa:13:55:
         e3:a3:a6:a9:ec:45:21:47:80:6f:f6:04:64:58:85:44:ab:c4:
         22:a6:39:03:36:ce:92:63:81:cb:6a:6d:75:01:72:cf:de:e4:
         24:a4:bd:2b:cf:e8:04:db:9f:34:52:41:81:65:47:7a:ff:98:
         6c:45:25:23:9a:42:0f:dc:76:2a:4d:9b:a3:b1:5d:26:71:e4:
         b0:4f:c1:2a:62:57:2f:88:c9:df:e9:2c:72:3e:75:ea:46:b1:
         f1:33:ec:d1:df:ca:2b:cf:89:d0:aa:93:8f:38:07:ff:fa:00:
         2f:ca:51:1c:41:46:df:7a:6c:6f:d8:05:ee:11:2c:94:23:74:
         b4:36:fa:2a:86:54:76:80:9e:7a:27:50:f2:ce:d3:91:cd:08:
         36:62:ad:43:55:df:33:33:65:15:a9:fe:8a:67:21:a5:38:e6:
         22:eb:e4:93:b9:90:92:5a:40:32:67:53:68:28:9c:bb:67:d6:
         3c:ed:cd:e9:87:65:78:14:a4:60:14:84:fb:b7:36:28:72:40:
         29:40:4e:c1:c0:1d:61:3c:8a:e0:46:89:5a:6d:aa:7d:46:6d:
         ac:6f:9f:ee:ed:b5:c8:53:c1:b8:12:13:81:a3:c6:25:63:c4:
         db:18:59:bd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVCs9qhQuYgDem1Y49aZ0cFDfOt4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM1ZDkzNzA2Y2JmNDY4OGNlN2Q2MGZjMGVkNjkzZDRj
YzRhOTMyNjAeFw0yNDExMDcxMDQ2NDFaFw0yNTExMDYxMDUxNDFaMDMxMTAvBgNV
BAMTKEMzNkVFRTJGRTFCMDAxRDAwMkRGQkZGMUZCMjY3OTYzMDdFRDBENDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDitukbpL1haV3cBclgMm0AF7iz
EsM87Oxv9n8dWz8u+CiKhOK5Lc9ejuEW5mzex5jzUV9lyeZPC7k+Sj1Mu9HyjEac
LlBHYC1LNrzi4MVSN4oOauQWEAqlanx3kCEPh0jS3GFGZ+zicfLtF/ui1VBW+VIE
uj9PINSj2GVA299Djzlk7QSniFZGxz8/N/DulN/FfT38Nv4n+EmjljpBSFD12o3X
5y7ENRpgd4yGe60WhJZTEDwk07X9RP4Ylebv99r6Xp5f/9iD4My0okjMrBE5UCZ/
6yN0q6G514pjlQ23cSqr10aiRroIGYcL3zMn0dXyo1oHVi+41ywNetg0mia9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUw27uL+GwAdAC37/x+yZ5YwftDUcwHwYDVR0j
BBgwFoAUc12TcGy/RojOfWD8DtaT1MxKkyYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmU2ZGE1YzctNjcwYS00MWIxLTk2ZWItMzg5OTM4OGIy
OTJjLzAvNzM1RDkzNzA2Q0JGNDY4OENFN0Q2MEZDMEVENjkzRDRDQzRBOTMyNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MxMlRjR3lfUm9qT2ZXRDhEdGFUMU14
S2t5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMmU2ZGE1Yzct
NjcwYS00MWIxLTk2ZWItMzg5OTM4OGIyOTJjLzAvMzQzNjJlMzMzMzJlMzIzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzIzNjM4Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAuIRYw
DQYJKoZIhvcNAQELBQADggEBAHxKtc/EjXq2SmkykcyUi6oTVeOjpqnsRSFHgG/2
BGRYhUSrxCKmOQM2zpJjgctqbXUBcs/e5CSkvSvP6ATbnzRSQYFlR3r/mGxFJSOa
Qg/cdipNm6OxXSZx5LBPwSpiVy+Iyd/pLHI+depGsfEz7NHfyivPidCqk484B//6
AC/KURxBRt96bG/YBe4RLJQjdLQ2+iqGVHaAnnonUPLO05HNCDZirUNV3zMzZRWp
/opnIaU45iLr5JO5kJJaQDJnU2gonLtn1jztzemHZXgUpGAUhPu3NihyQClATsHA
HWE8iuBGiVptqn1Gbaxvn+7ttchTwbgSE4GjxiVjxNsYWb0=
-----END CERTIFICATE-----