Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e20383334.roa
File:                     34352e38382e31302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          MJldh7BkG+9LAkmvkfDRjPNAhzMs3rtaA1Or79pZ1eY=
Subject key identifier:   2B:E7:BD:60:EC:90:FE:1B:C7:47:07:9B:76:B8:C7:2C:18:E0:B8:CA
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       1CC3108D34FA394F100BC2BF5083FE5C31C0A792
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 Nov 2024 09:31:30 +0000
ROA not before:           Mon 18 Nov 2024 09:26:30 +0000
ROA not after:            Mon 17 Nov 2025 09:31:30 +0000
asID:                     834
IP address blocks:        45.88.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c3:10:8d:34:fa:39:4f:10:0b:c2:bf:50:83:fe:5c:31:c0:a7:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Nov 18 09:26:30 2024 GMT
            Not After : Nov 17 09:31:30 2025 GMT
        Subject: CN=2BE7BD60EC90FE1BC747079B76B8C72C18E0B8CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dd:3d:e5:5c:94:ca:7a:fc:8c:bc:c8:46:cc:
                    86:8d:98:a2:e6:bb:44:6a:56:a2:72:20:69:c0:16:
                    e5:74:40:e6:79:52:59:e0:a2:65:92:44:3e:ad:7e:
                    1f:c6:dd:7d:6e:23:c9:c7:06:1d:33:fa:bb:9f:0a:
                    5e:a8:19:df:e1:67:dd:c0:f6:10:2b:ca:4b:de:ec:
                    9c:fa:46:96:40:f3:38:a3:e5:ae:3e:2a:3e:55:80:
                    3a:5f:27:1e:02:62:b0:90:7d:2c:5d:af:30:93:70:
                    7f:34:94:79:10:84:26:d0:b2:83:8d:a4:fc:09:27:
                    73:9f:34:60:3a:d1:6f:e2:82:5d:7e:1a:f0:17:fe:
                    a4:f0:ee:7f:c6:49:13:11:b2:5c:99:37:07:e5:cb:
                    1f:6e:c2:56:07:cd:f9:7f:46:23:8c:e7:13:94:dd:
                    9d:48:fb:d5:d1:8e:76:47:dd:7b:13:6e:5d:fa:f5:
                    b2:8e:c2:61:0a:0d:e9:8e:13:dc:ec:4c:64:ac:39:
                    92:ab:cd:20:08:ed:a9:6e:9b:7e:a2:b4:c8:b2:ff:
                    b0:62:6a:20:ac:84:15:ba:16:80:1a:32:3b:85:b3:
                    f8:b5:ab:4a:77:64:06:1d:9a:ce:da:30:5d:a0:8b:
                    be:4f:48:3a:7b:91:a9:38:be:93:f6:44:9a:df:5f:
                    61:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E7:BD:60:EC:90:FE:1B:C7:47:07:9B:76:B8:C7:2C:18:E0:B8:CA
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:5c:03:01:31:3a:53:ac:78:25:fe:3c:9c:6e:a0:9f:e1:35:
         a5:92:de:e5:3a:11:c5:66:64:84:f7:f5:a8:c7:de:9b:87:73:
         b6:ca:ff:8b:f5:d3:de:2f:03:18:2c:23:08:a0:c0:4c:44:87:
         32:1c:1a:10:d5:b0:72:e0:d8:56:ed:a7:ea:b6:02:80:47:4a:
         42:f0:79:5f:4f:e9:06:9e:b3:25:2d:b2:41:8b:b6:1e:f2:f5:
         97:c5:87:72:07:05:06:08:73:8e:9a:2a:94:94:06:72:1f:4e:
         1a:73:3c:06:d6:bd:39:9c:65:0b:e4:25:03:42:00:ba:84:42:
         9b:9d:fe:af:b7:b8:57:f4:2b:e3:82:f1:7d:98:37:f4:e2:6b:
         ea:d6:7e:91:74:de:63:1c:01:d7:bb:f8:3a:70:ed:8e:d0:19:
         b8:95:dc:9c:0d:55:95:8e:aa:97:99:92:a2:e9:49:f2:13:19:
         66:6c:b9:98:fe:d3:8e:8c:81:c2:fe:4c:e4:de:2b:a4:de:e5:
         2f:f3:72:42:1c:dd:cf:f6:40:34:f4:8b:bb:c4:e4:12:b0:0b:
         0a:61:ea:1f:85:5a:6b:a2:2f:50:e1:e6:d3:0e:71:09:fd:a9:
         68:75:c5:6c:45:bd:95:d5:44:dc:03:bc:98:06:db:6c:42:27:
         86:76:de:d9
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUHMMQjTT6OU8QC8K/UIP+XDHAp5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDExMTgwOTI2MzBaFw0yNTExMTcwOTMxMzBaMDMxMTAvBgNV
BAMTKDJCRTdCRDYwRUM5MEZFMUJDNzQ3MDc5Qjc2QjhDNzJDMThFMEI4Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT3T3lXJTKevyMvMhGzIaNmKLm
u0RqVqJyIGnAFuV0QOZ5UlngomWSRD6tfh/G3X1uI8nHBh0z+rufCl6oGd/hZ93A
9hArykve7Jz6RpZA8zij5a4+Kj5VgDpfJx4CYrCQfSxdrzCTcH80lHkQhCbQsoON
pPwJJ3OfNGA60W/igl1+GvAX/qTw7n/GSRMRslyZNwflyx9uwlYHzfl/RiOM5xOU
3Z1I+9XRjnZH3XsTbl369bKOwmEKDemOE9zsTGSsOZKrzSAI7alum36itMiy/7Bi
aiCshBW6FoAaMjuFs/i1q0p3ZAYdms7aMF2gi75PSDp7kak4vpP2RJrfX2EjAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUK+e9YOyQ/hvHRwebdrjHLBjguMowHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzEzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1YCjANBgkq
hkiG9w0BAQsFAAOCAQEA4FwDATE6U6x4Jf48nG6gn+E1pZLe5ToRxWZkhPf1qMfe
m4dztsr/i/XT3i8DGCwjCKDATESHMhwaENWwcuDYVu2n6rYCgEdKQvB5X0/pBp6z
JS2yQYu2HvL1l8WHcgcFBghzjpoqlJQGch9OGnM8Bta9OZxlC+QlA0IAuoRCm53+
r7e4V/Qr44LxfZg39OJr6tZ+kXTeYxwB17v4OnDtjtAZuJXcnA1VlY6ql5mSoulJ
8hMZZmy5mP7TjoyBwv5M5N4rpN7lL/NyQhzdz/ZANPSLu8TkErALCmHqH4Vaa6Iv
UOHm0w5xCf2paHXFbEW9ldVE3AO8mAbbbEInhnbe2Q==
-----END CERTIFICATE-----