Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa
File:                     34352e3134382e3134322e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          uSN+6Rwv+KFwhfyA+wbnIqAZFULBiswXcfAAuzwOadE=
Subject key identifier:   15:14:5F:DD:15:1E:13:9B:8A:7E:E6:78:9A:DE:D9:BE:43:CF:2B:D4
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       69EE83D19B94213B3F1B9EBE4E80349DC4398AB2
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 23 Apr 2024 16:01:05 +0000
ROA not before:           Tue 23 Apr 2024 15:56:05 +0000
ROA not after:            Tue 22 Apr 2025 16:01:05 +0000
asID:                     5065
IP address blocks:        45.148.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ee:83:d1:9b:94:21:3b:3f:1b:9e:be:4e:80:34:9d:c4:39:8a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Apr 23 15:56:05 2024 GMT
            Not After : Apr 22 16:01:05 2025 GMT
        Subject: CN=15145FDD151E139B8A7EE6789ADED9BE43CF2BD4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:57:0e:a6:13:f1:a6:8d:ae:70:ec:87:32:ab:
                    36:bb:5d:6a:86:34:e6:de:c5:3b:d0:d6:79:0b:8e:
                    17:01:cf:4c:d0:9a:9b:8e:8a:8e:7c:1b:e2:fb:b4:
                    76:8e:a6:33:66:ae:a5:9a:0d:03:ef:ac:84:40:6d:
                    72:c6:75:f4:f0:51:89:5d:b3:65:31:53:3d:ba:12:
                    59:7d:0c:d0:e3:70:d4:aa:47:3e:16:48:7e:61:ed:
                    4f:dd:5e:47:66:dc:6d:0c:2d:b5:64:e5:fa:5e:7a:
                    8d:fd:99:9d:f8:9f:b2:0d:c0:83:09:73:50:f8:e1:
                    19:80:4c:29:54:9d:42:68:87:17:31:c4:42:b5:42:
                    ee:eb:c4:85:37:95:2d:51:91:24:3e:83:0a:c8:c9:
                    ea:53:2b:22:cf:71:2c:70:15:d5:5e:97:a4:7d:2e:
                    b8:45:8f:5c:f0:43:21:ae:49:4a:10:6a:af:73:58:
                    af:05:29:4f:b1:25:66:fc:9d:10:f2:3f:34:f0:70:
                    a3:5e:b7:84:80:19:73:02:14:23:e0:80:3c:53:de:
                    04:d6:b0:56:a5:ad:81:de:68:88:04:a5:07:36:75:
                    ae:41:c5:25:08:65:40:28:e0:08:21:cc:c8:31:3a:
                    9c:62:69:15:b4:c5:db:25:91:9b:cc:03:99:e0:1a:
                    24:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:14:5F:DD:15:1E:13:9B:8A:7E:E6:78:9A:DE:D9:BE:43:CF:2B:D4
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:f7:78:d1:92:68:25:45:c6:c1:7b:15:38:27:1c:89:57:89:
         51:aa:44:e4:61:35:33:fd:50:e5:c4:5f:95:9d:0a:35:32:01:
         e2:2d:c3:27:d4:fa:e3:e2:43:d1:cb:e4:a9:74:b0:be:01:e6:
         03:7a:7e:80:19:6a:e8:d7:60:35:5e:3c:03:df:9d:c2:7d:8f:
         64:17:4c:8d:81:96:44:86:b7:e7:8a:17:07:2c:72:17:7c:8a:
         29:82:c5:82:97:de:ef:43:75:29:ff:02:86:f0:ca:31:d6:b5:
         66:b7:5b:f8:53:24:de:d9:d3:c6:0a:9f:74:a9:74:6a:d5:24:
         61:44:51:8c:ce:87:d5:01:fd:7d:6b:d7:d1:7c:34:ee:b8:c9:
         99:c1:98:b6:b6:b1:a6:8d:a7:7c:cb:da:5a:e3:00:08:7b:0e:
         a3:9d:71:3b:7a:06:e0:5c:66:9e:36:df:58:cd:00:24:85:5c:
         b2:ed:6a:f8:ee:11:fa:c0:80:b8:3c:79:3b:73:f1:db:df:0c:
         02:9e:52:8f:35:09:e6:86:6c:45:24:bb:4a:41:7f:41:b7:eb:
         15:a6:97:35:9c:32:fb:63:8b:ee:24:a2:12:c8:0b:50:2f:65:
         26:7e:be:c8:98:c5:34:20:6b:04:18:9c:e3:94:68:6e:86:84:
         ac:97:a4:5c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUae6D0ZuUITs/G56+ToA0ncQ5irIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA0MjMxNTU2MDVaFw0yNTA0MjIxNjAxMDVaMDMxMTAvBgNV
BAMTKDE1MTQ1RkREMTUxRTEzOUI4QTdFRTY3ODlBREVEOUJFNDNDRjJCRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzVw6mE/Gmja5w7Icyqza7XWqG
NObexTvQ1nkLjhcBz0zQmpuOio58G+L7tHaOpjNmrqWaDQPvrIRAbXLGdfTwUYld
s2UxUz26Ell9DNDjcNSqRz4WSH5h7U/dXkdm3G0MLbVk5fpeeo39mZ34n7INwIMJ
c1D44RmATClUnUJohxcxxEK1Qu7rxIU3lS1RkSQ+gwrIyepTKyLPcSxwFdVel6R9
LrhFj1zwQyGuSUoQaq9zWK8FKU+xJWb8nRDyPzTwcKNet4SAGXMCFCPggDxT3gTW
sFalrYHeaIgEpQc2da5BxSUIZUAo4AghzMgxOpxiaRW0xdslkZvMA5ngGiTzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFRRf3RUeE5uKfuZ4mt7ZvkPPK9QwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNDM4MmUzMTM0
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2U
jjANBgkqhkiG9w0BAQsFAAOCAQEAevd40ZJoJUXGwXsVOCcciVeJUapE5GE1M/1Q
5cRflZ0KNTIB4i3DJ9T64+JD0cvkqXSwvgHmA3p+gBlq6NdgNV48A9+dwn2PZBdM
jYGWRIa354oXByxyF3yKKYLFgpfe70N1Kf8ChvDKMda1Zrdb+FMk3tnTxgqfdKl0
atUkYURRjM6H1QH9fWvX0Xw07rjJmcGYtraxpo2nfMvaWuMACHsOo51xO3oG4Fxm
njbfWM0AJIVcsu1q+O4R+sCAuDx5O3Px298MAp5SjzUJ5oZsRSS7SkF/QbfrFaaX
NZwy+2OL7iSiEsgLUC9lJn6+yJjFNCBrBBic45RoboaErJekXA==
-----END CERTIFICATE-----