Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e2037303138.roa
File:                     34352e3134382e3134302e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          NaXy2Xd9XM0LT90BqZtiXYPB5AAQsmY2Dv4UOmXfybQ=
Subject key identifier:   9B:0D:FC:4E:49:74:9E:92:12:FC:0A:3F:87:3F:3B:6B:40:99:41:8A
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       2A67BF3487AD0A73AEACB83AFF536D450BADF18A
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e2037303138.roa
Signing time:             Wed 14 Feb 2024 08:08:12 +0000
ROA not before:           Wed 14 Feb 2024 08:03:12 +0000
ROA not after:            Wed 12 Feb 2025 08:08:12 +0000
asID:                     7018
IP address blocks:        45.148.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:67:bf:34:87:ad:0a:73:ae:ac:b8:3a:ff:53:6d:45:0b:ad:f1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Feb 14 08:03:12 2024 GMT
            Not After : Feb 12 08:08:12 2025 GMT
        Subject: CN=9B0DFC4E49749E9212FC0A3F873F3B6B4099418A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d1:c6:92:73:20:d1:a7:eb:15:86:84:30:18:
                    63:44:28:75:56:95:0d:93:b1:d0:7d:7e:06:e7:c5:
                    59:26:c4:69:7c:c7:15:b1:80:dd:56:dc:89:db:ea:
                    3b:1d:53:2e:9a:fa:67:ee:0e:49:4a:a3:4f:c7:e8:
                    0a:dc:d5:a6:22:18:d0:4c:75:be:9b:4b:74:17:71:
                    76:28:1b:e5:f0:ce:3f:bd:73:a5:f5:85:09:ce:51:
                    55:40:3e:3a:cd:b0:c7:4e:11:83:e3:f7:27:1b:8c:
                    f3:8e:b4:47:a9:3d:44:ea:e2:3e:3c:a1:80:d5:6f:
                    db:5d:3a:23:da:2d:15:2b:de:08:87:f8:94:9e:61:
                    9c:4a:39:2f:e9:f1:58:68:ca:57:83:74:2b:3e:8e:
                    ef:44:3a:d0:5d:ca:e8:b1:92:ef:35:55:d4:70:86:
                    0c:27:a8:34:0d:6e:03:b3:bb:e1:39:26:9e:0c:fd:
                    6b:71:9b:73:3a:79:ea:fd:69:73:2a:ad:96:fb:78:
                    7d:14:7f:54:d0:f9:6b:e0:91:0d:76:71:79:de:51:
                    c6:64:5b:88:52:1e:f1:eb:c2:51:70:d2:e0:34:09:
                    09:6c:02:c1:1b:83:24:e8:e3:8a:0a:29:15:ee:3f:
                    1c:08:e1:5e:06:f2:43:18:8b:11:c9:54:01:fc:2a:
                    49:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:0D:FC:4E:49:74:9E:92:12:FC:0A:3F:87:3F:3B:6B:40:99:41:8A
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:43:86:f8:3b:72:49:86:1e:2d:7b:a4:33:1b:1a:42:61:63:
         80:ab:5f:ee:4f:a7:b4:f6:75:6e:0f:4e:35:7b:30:44:05:15:
         27:96:6b:d4:a5:77:41:2c:1c:44:c5:25:3c:0c:12:4a:57:9c:
         a5:f6:a4:d6:36:18:b1:54:38:6f:9e:7d:78:ca:9e:01:0f:24:
         a8:0e:9a:48:5c:f0:de:9c:22:3e:80:60:80:fb:1e:65:b4:2d:
         7b:ff:54:28:8c:09:10:d5:a1:59:71:40:10:61:97:9e:c4:81:
         b0:23:b6:07:68:a7:aa:7e:c8:e6:68:45:ff:af:6d:3a:e8:17:
         8f:10:59:de:a5:7e:b9:67:f7:f7:7b:52:a3:be:52:35:86:11:
         67:98:b8:fa:f5:e2:0b:24:04:71:b3:e9:0c:68:2a:fa:5f:1e:
         ab:8f:1d:e7:9f:4e:4f:ee:11:c3:4e:9d:14:31:6b:ec:53:13:
         1f:83:a2:bf:74:05:ce:33:f9:f2:0a:15:0d:b3:60:14:55:1d:
         8e:65:8b:30:e8:c8:28:32:81:a5:6d:d2:46:ab:35:c3:82:e6:
         71:0a:da:b7:88:7c:01:05:74:e2:9b:99:f6:3f:42:f5:bf:3a:
         97:f5:54:ff:f4:25:db:49:bb:72:17:96:90:1d:2a:c8:5b:df:
         ce:4b:c6:86
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKme/NIetCnOurLg6/1NtRQut8YowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDAyMTQwODAzMTJaFw0yNTAyMTIwODA4MTJaMDMxMTAvBgNV
BAMTKDlCMERGQzRFNDk3NDlFOTIxMkZDMEEzRjg3M0YzQjZCNDA5OTQxOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC00caScyDRp+sVhoQwGGNEKHVW
lQ2TsdB9fgbnxVkmxGl8xxWxgN1W3Inb6jsdUy6a+mfuDklKo0/H6Arc1aYiGNBM
db6bS3QXcXYoG+Xwzj+9c6X1hQnOUVVAPjrNsMdOEYPj9ycbjPOOtEepPUTq4j48
oYDVb9tdOiPaLRUr3giH+JSeYZxKOS/p8VhoyleDdCs+ju9EOtBdyuixku81VdRw
hgwnqDQNbgOzu+E5Jp4M/Wtxm3M6eer9aXMqrZb7eH0Uf1TQ+WvgkQ12cXneUcZk
W4hSHvHrwlFw0uA0CQlsAsEbgyTo44oKKRXuPxwI4V4G8kMYixHJVAH8KkkZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmw38Tkl0npIS/Ao/hz87a0CZQYowHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNDM4MmUzMTM0
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2U
jDANBgkqhkiG9w0BAQsFAAOCAQEA00OG+DtySYYeLXukMxsaQmFjgKtf7k+ntPZ1
bg9ONXswRAUVJ5Zr1KV3QSwcRMUlPAwSSlecpfak1jYYsVQ4b559eMqeAQ8kqA6a
SFzw3pwiPoBggPseZbQte/9UKIwJENWhWXFAEGGXnsSBsCO2B2inqn7I5mhF/69t
OugXjxBZ3qV+uWf393tSo75SNYYRZ5i4+vXiCyQEcbPpDGgq+l8eq48d559OT+4R
w06dFDFr7FMTH4Oiv3QFzjP58goVDbNgFFUdjmWLMOjIKDKBpW3SRqs1w4LmcQra
t4h8AQV04puZ9j9C9b86l/VU//Ql20m7cheWkB0qyFvfzkvGhg==
-----END CERTIFICATE-----