Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131382e302f32342d3234203d3e2039303837.roa
File:                     34352e36352e3131382e302f32342d3234203d3e2039303837.roa (raw, json)
Hash identifier:          jKE6jRbKvRD4y4MUo73LufNE8L+4Py6v4BVh3Hiyro8=
Subject key identifier:   1E:15:EA:A9:62:C8:19:66:9F:94:BC:0B:DF:80:FF:BD:2E:17:A5:FF
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       48DCD5877E8DDF15B362D548A0DF4B0518F2BFAD
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131382e302f32342d3234203d3e2039303837.roa
Signing time:             Mon 23 Sep 2024 09:43:19 +0000
ROA not before:           Mon 23 Sep 2024 09:38:19 +0000
ROA not after:            Mon 22 Sep 2025 09:43:19 +0000
asID:                     9087
IP address blocks:        45.65.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:dc:d5:87:7e:8d:df:15:b3:62:d5:48:a0:df:4b:05:18:f2:bf:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Sep 23 09:38:19 2024 GMT
            Not After : Sep 22 09:43:19 2025 GMT
        Subject: CN=1E15EAA962C819669F94BC0BDF80FFBD2E17A5FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7c:58:c4:09:02:1a:92:76:3f:d8:a9:85:74:
                    d2:9e:cf:f5:f5:c0:a4:ea:c2:7a:e2:2c:f8:e0:41:
                    9c:ef:2a:2a:74:3a:4d:a5:85:80:bb:c2:38:12:f6:
                    db:97:d9:e5:d0:0f:0f:ed:d7:cb:42:62:d7:16:e6:
                    15:06:11:a6:f9:58:fd:98:b4:8e:ae:11:64:1f:9b:
                    38:91:4a:22:46:b1:f4:81:5e:be:2b:6b:4e:ff:54:
                    a0:15:16:51:6c:24:c9:fe:6e:a8:c9:ff:b1:59:b6:
                    05:0c:44:d6:14:68:8a:87:fc:07:9e:6d:52:68:c2:
                    d0:64:fd:7f:96:d5:9b:03:bc:2d:e5:ae:c1:fd:c9:
                    d3:84:71:fd:a7:c1:36:ff:b9:d2:5a:f9:9c:17:4e:
                    9a:1f:b9:11:ab:cf:64:5e:03:50:56:56:69:92:14:
                    55:36:21:7f:7c:ab:a8:96:0e:eb:23:9a:58:d7:9a:
                    3c:b6:45:e7:cd:ec:b9:af:73:31:6d:d2:39:83:ea:
                    1c:7f:f4:78:88:ac:bd:d3:67:8f:e8:72:d2:54:8f:
                    61:7d:38:17:12:c3:4e:db:4d:b7:aa:4d:b8:f1:d2:
                    78:53:ed:f5:11:70:00:aa:92:36:dd:0b:b2:c1:65:
                    d6:64:1d:e1:b9:a2:90:de:cc:d8:35:0c:eb:c2:4d:
                    3c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:15:EA:A9:62:C8:19:66:9F:94:BC:0B:DF:80:FF:BD:2E:17:A5:FF
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131382e302f32342d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:e1:a8:03:6b:0e:50:aa:b9:8b:d5:b7:66:26:a2:5d:fd:53:
         6c:f7:7c:14:ee:99:b5:84:78:32:e4:7e:24:36:c5:e2:9c:99:
         34:c1:72:2f:bb:87:40:3f:8c:5e:93:de:72:5b:d2:2b:c8:a1:
         0d:93:53:24:99:65:8e:08:56:76:3e:9b:9b:ee:b5:ac:a8:47:
         35:df:47:1d:20:47:3b:8b:10:b7:77:1b:a8:13:04:71:ff:70:
         6a:54:e6:d0:05:ac:64:b4:73:81:65:7a:32:ae:47:e8:d2:15:
         2e:a2:3b:dc:56:be:12:1f:ff:45:57:12:a4:3e:f7:c8:d6:a1:
         f4:e2:be:ea:d3:c9:67:26:e1:2a:58:c7:36:6b:3b:ec:2b:9e:
         09:da:88:9f:44:d6:ff:82:23:f7:00:9f:3c:09:07:b7:2b:69:
         e2:89:10:cb:ef:37:d0:0d:ed:41:a2:6b:c6:28:57:c4:33:5c:
         86:f9:5e:f7:d2:a2:ea:73:9e:ed:45:10:5b:60:d0:18:11:6b:
         91:76:01:f3:a7:11:7a:0f:51:0b:86:ff:c2:1d:43:b3:be:d1:
         56:88:da:c2:e5:34:2d:79:d4:36:88:b7:90:17:95:e5:ec:bd:
         e7:34:fb:dd:0c:0a:54:94:34:a9:cf:6d:e9:80:f3:b0:c9:0a:
         ee:27:6d:15
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSNzVh36N3xWzYtVIoN9LBRjyv60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA5MjMwOTM4MTlaFw0yNTA5MjIwOTQzMTlaMDMxMTAvBgNV
BAMTKDFFMTVFQUE5NjJDODE5NjY5Rjk0QkMwQkRGODBGRkJEMkUxN0E1RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5fFjECQIaknY/2KmFdNKez/X1
wKTqwnriLPjgQZzvKip0Ok2lhYC7wjgS9tuX2eXQDw/t18tCYtcW5hUGEab5WP2Y
tI6uEWQfmziRSiJGsfSBXr4ra07/VKAVFlFsJMn+bqjJ/7FZtgUMRNYUaIqH/Aee
bVJowtBk/X+W1ZsDvC3lrsH9ydOEcf2nwTb/udJa+ZwXTpofuRGrz2ReA1BWVmmS
FFU2IX98q6iWDusjmljXmjy2RefN7LmvczFt0jmD6hx/9HiIrL3TZ4/octJUj2F9
OBcSw07bTbeqTbjx0nhT7fURcACqkjbdC7LBZdZkHeG5opDezNg1DOvCTTzHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUHhXqqWLIGWaflLwL34D/vS4Xpf8wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMDM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtQXYw
DQYJKoZIhvcNAQELBQADggEBAAnhqANrDlCquYvVt2Ymol39U2z3fBTumbWEeDLk
fiQ2xeKcmTTBci+7h0A/jF6T3nJb0ivIoQ2TUySZZY4IVnY+m5vutayoRzXfRx0g
RzuLELd3G6gTBHH/cGpU5tAFrGS0c4FlejKuR+jSFS6iO9xWvhIf/0VXEqQ+98jW
ofTivurTyWcm4SpYxzZrO+wrngnaiJ9E1v+CI/cAnzwJB7craeKJEMvvN9AN7UGi
a8YoV8QzXIb5XvfSoupznu1FEFtg0BgRa5F2AfOnEXoPUQuG/8IdQ7O+0VaI2sLl
NC151DaIt5AXleXsvec0+90MClSUNKnPbemA87DJCu4nbRU=
-----END CERTIFICATE-----