Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e2037303239.roa
File:                     34352e3134382e3134302e302f32342d3234203d3e2037303239.roa (raw, json)
Hash identifier:          1gt0z5tsQiZoPsTFjlI5sBt86mogwG8NxjddR8ctOqE=
Subject key identifier:   71:1E:99:2A:F1:5E:53:18:B9:1E:37:6E:82:59:CF:59:88:53:AD:99
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       0312A5DF86EAB8748BA5DF0F56EF6ABF85A55C84
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e2037303239.roa
Signing time:             Fri 22 Dec 2023 11:36:13 +0000
ROA not before:           Fri 22 Dec 2023 11:31:13 +0000
ROA not after:            Fri 20 Dec 2024 11:36:13 +0000
asID:                     7029
IP address blocks:        45.148.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:12:a5:df:86:ea:b8:74:8b:a5:df:0f:56:ef:6a:bf:85:a5:5c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Dec 22 11:31:13 2023 GMT
            Not After : Dec 20 11:36:13 2024 GMT
        Subject: CN=711E992AF15E5318B91E376E8259CF598853AD99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0e:a6:a1:2f:b1:e5:85:cb:f1:5f:c1:32:28:
                    b3:93:d5:19:49:f6:7f:59:99:a7:23:69:02:c4:fc:
                    4b:bf:cc:f0:5f:1c:37:57:ee:2e:3b:33:2a:ca:99:
                    90:33:d3:d6:ad:9a:a3:60:7c:e8:3c:15:69:af:1c:
                    55:5d:a9:5f:65:08:3e:1a:86:cc:e1:62:94:36:9a:
                    c1:ed:9f:20:38:f5:1f:fe:10:6d:1a:e5:03:1e:1c:
                    8d:6f:39:39:ac:ba:5d:0f:6b:d5:eb:35:e7:1c:7c:
                    98:f4:6e:cc:33:54:8f:76:49:54:2b:ac:27:54:ba:
                    38:51:73:9b:a3:b9:b6:a6:09:bc:8b:47:9c:7d:cf:
                    be:04:98:55:2b:00:4a:4e:99:e7:e9:e1:1c:71:d6:
                    88:6d:ed:1a:16:ed:43:db:c2:a7:d2:f4:1d:4c:a7:
                    65:2b:0e:76:6d:86:77:e3:40:a1:eb:16:89:cc:89:
                    47:4c:6b:76:77:ff:28:01:f6:43:c0:97:53:49:be:
                    d0:23:d3:c0:0f:3f:f1:72:bd:6c:7b:d4:2f:8e:98:
                    7d:2b:a4:9f:fe:67:95:43:a5:6f:b1:54:98:a4:7c:
                    7a:05:3f:7f:4b:bd:4b:c2:8d:c1:c1:5a:2b:6c:87:
                    43:93:4a:59:6f:38:ce:e8:10:93:fb:f3:b6:1b:da:
                    44:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:1E:99:2A:F1:5E:53:18:B9:1E:37:6E:82:59:CF:59:88:53:AD:99
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         db:46:8a:fe:0e:16:91:a4:49:d0:2a:78:e4:2e:5d:d2:89:d4:
         f3:dc:a3:b9:45:a8:b5:de:58:80:be:a4:c8:5d:4a:99:43:62:
         71:5b:9b:16:c9:f3:d0:34:ef:64:60:ea:9f:c5:60:b0:61:09:
         4f:51:b9:04:62:49:f5:3d:8c:16:bd:10:2d:d6:f8:ac:80:24:
         ea:dd:72:2e:80:80:70:f6:2d:60:73:02:cd:38:07:56:7e:d5:
         79:43:23:22:87:e8:75:ea:f1:e7:b9:93:66:22:cd:3d:57:d9:
         8e:6d:54:47:f5:2b:fd:99:a3:8f:23:4b:56:e5:66:39:69:c4:
         c3:ee:7d:8e:ec:54:48:c9:0c:b6:88:2d:ed:eb:49:eb:21:0d:
         57:e7:1a:eb:ed:f2:5c:81:73:b3:32:1c:f6:be:a6:10:09:85:
         93:77:3e:a1:ad:20:ef:86:d3:ca:fc:94:5b:05:57:e9:fe:4c:
         b7:02:f6:72:81:a6:34:bd:cc:51:7b:ed:96:7b:9f:aa:ac:a8:
         75:67:b4:28:32:cb:18:a2:00:71:de:b1:25:0e:7b:6b:5c:94:
         ff:06:0c:9f:36:f5:f1:38:a9:93:01:4f:db:17:a5:6d:d2:27:
         69:19:6d:6a:bf:8a:8e:06:08:28:01:3c:8b:f6:ac:89:9c:50:
         f3:8e:cc:0d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAxKl34bquHSLpd8PVu9qv4WlXIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzEyMjIxMTMxMTNaFw0yNDEyMjAxMTM2MTNaMDMxMTAvBgNV
BAMTKDcxMUU5OTJBRjE1RTUzMThCOTFFMzc2RTgyNTlDRjU5ODg1M0FEOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DqahL7HlhcvxX8EyKLOT1RlJ
9n9ZmacjaQLE/Eu/zPBfHDdX7i47MyrKmZAz09atmqNgfOg8FWmvHFVdqV9lCD4a
hszhYpQ2msHtnyA49R/+EG0a5QMeHI1vOTmsul0Pa9XrNeccfJj0bswzVI92SVQr
rCdUujhRc5ujubamCbyLR5x9z74EmFUrAEpOmefp4Rxx1oht7RoW7UPbwqfS9B1M
p2UrDnZthnfjQKHrFonMiUdMa3Z3/ygB9kPAl1NJvtAj08APP/FyvWx71C+OmH0r
pJ/+Z5VDpW+xVJikfHoFP39LvUvCjcHBWitsh0OTSllvOM7oEJP787Yb2kSZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcR6ZKvFeUxi5HjduglnPWYhTrZkwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNDM4MmUzMTM0
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2U
jDANBgkqhkiG9w0BAQsFAAOCAQEA20aK/g4WkaRJ0Cp45C5d0onU89yjuUWotd5Y
gL6kyF1KmUNicVubFsnz0DTvZGDqn8VgsGEJT1G5BGJJ9T2MFr0QLdb4rIAk6t1y
LoCAcPYtYHMCzTgHVn7VeUMjIofoderx57mTZiLNPVfZjm1UR/Ur/ZmjjyNLVuVm
OWnEw+59juxUSMkMtogt7etJ6yENV+ca6+3yXIFzszIc9r6mEAmFk3c+oa0g74bT
yvyUWwVX6f5MtwL2coGmNL3MUXvtlnufqqyodWe0KDLLGKIAcd6xJQ57a1yU/wYM
nzb18TipkwFP2xelbdInaRltar+KjgYIKAE8i/asiZxQ847MDQ==
-----END CERTIFICATE-----