Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31312e302f32342d3234203d3e20323131343135.roa
File:                     34352e38382e31312e302f32342d3234203d3e20323131343135.roa (raw, json)
Hash identifier:          SLUpcSL5eDHhkncytAr9KK6uVpm0RvaOjMwo7fcDPHw=
Subject key identifier:   F1:79:6A:54:C4:F3:64:F4:B3:BB:C1:B7:E8:0D:62:63:05:6B:51:DA
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       76B8ECED03A71C79A16FB1BE623B179C5F4AEC52
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31312e302f32342d3234203d3e20323131343135.roa
Signing time:             Mon 23 Oct 2023 09:41:50 +0000
ROA not before:           Mon 23 Oct 2023 09:36:50 +0000
ROA not after:            Mon 21 Oct 2024 09:41:50 +0000
asID:                     211415
IP address blocks:        45.88.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:b8:ec:ed:03:a7:1c:79:a1:6f:b1:be:62:3b:17:9c:5f:4a:ec:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 23 09:36:50 2023 GMT
            Not After : Oct 21 09:41:50 2024 GMT
        Subject: CN=F1796A54C4F364F4B3BBC1B7E80D6263056B51DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3b:7a:60:91:9c:25:39:13:ad:52:1b:64:45:
                    1d:44:76:f8:9e:61:3e:54:73:27:7f:6f:bb:23:bc:
                    31:65:d7:4f:63:a7:05:93:98:07:d9:07:00:db:dd:
                    69:49:4d:a6:5c:82:21:15:78:7c:a2:e6:e7:20:3b:
                    14:24:50:3a:12:a0:39:32:30:96:13:90:16:c0:e2:
                    8b:95:04:1d:91:c3:45:87:33:42:e8:e5:40:51:91:
                    db:04:4b:b1:09:93:4f:04:9b:3d:a9:f0:a8:0d:51:
                    3d:92:d3:0a:71:d0:82:71:11:56:68:93:f2:75:05:
                    55:8f:4b:e3:c4:95:c8:79:ec:00:a5:73:2f:24:06:
                    4a:d6:67:22:14:2b:34:42:61:f9:f6:4e:40:0b:f3:
                    e2:77:9d:d8:cd:66:84:b0:f9:0d:3c:ed:30:c1:6c:
                    78:67:23:51:3e:9b:bf:77:d9:48:b1:3c:14:6b:6e:
                    60:d9:f9:49:c6:02:82:ec:67:48:05:15:97:25:71:
                    16:a8:85:73:f5:3f:d6:65:28:53:f3:4c:81:c5:c7:
                    d2:ab:e8:e7:66:a4:a4:dc:bc:7f:02:1c:35:53:15:
                    4b:3c:95:70:7b:12:75:1c:48:b4:15:76:66:e6:81:
                    06:98:bb:9d:0b:35:c0:2f:bb:9f:9b:04:fc:ec:25:
                    f4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:79:6A:54:C4:F3:64:F4:B3:BB:C1:B7:E8:0D:62:63:05:6B:51:DA
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31312e302f32342d3234203d3e20323131343135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e9:dc:09:28:8b:ea:02:d5:3b:fd:8e:5a:ff:22:35:c5:87:
         25:d4:2f:e9:e7:ad:58:41:71:c8:77:af:5c:23:2c:f5:da:d9:
         df:9b:74:f2:a0:2c:d0:c0:c2:49:12:a3:c5:15:e3:26:6e:b1:
         5f:c3:01:01:28:d6:49:f1:3a:4a:df:df:d4:07:46:01:dc:70:
         c3:dc:40:ec:ce:a3:8f:22:ce:19:20:27:23:48:e6:72:47:19:
         ae:7d:58:e9:95:c7:54:2a:66:a1:18:0f:36:b4:d3:cf:7f:5b:
         31:61:01:bf:2b:49:2d:8e:79:24:7b:0f:4c:41:e9:29:35:ad:
         6f:50:79:49:a0:d2:0e:33:ba:15:eb:c9:74:6a:ce:1d:b8:9b:
         a4:fb:9a:90:ba:2c:ea:43:73:f7:9c:86:ae:84:88:a7:77:81:
         1e:99:11:27:0c:9c:be:ae:d1:f3:a4:67:d5:6e:c8:df:57:c7:
         b0:38:dc:9e:40:41:48:b8:ae:9a:5a:3b:1f:7a:79:fa:66:f6:
         22:7f:80:2b:c3:02:d8:e6:45:4d:6c:8f:64:2e:cd:54:29:45:
         6d:df:8a:a1:48:d2:18:37:b7:d2:58:eb:4d:72:ae:33:f2:68:
         a5:a0:6a:24:d9:68:c8:5b:8f:47:1c:8c:e9:9f:38:9e:e1:9c:
         4f:bb:2b:f0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdrjs7QOnHHmhb7G+YjsXnF9K7FIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzEwMjMwOTM2NTBaFw0yNDEwMjEwOTQxNTBaMDMxMTAvBgNV
BAMTKEYxNzk2QTU0QzRGMzY0RjRCM0JCQzFCN0U4MEQ2MjYzMDU2QjUxREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyO3pgkZwlOROtUhtkRR1Edvie
YT5Ucyd/b7sjvDFl109jpwWTmAfZBwDb3WlJTaZcgiEVeHyi5ucgOxQkUDoSoDky
MJYTkBbA4ouVBB2Rw0WHM0Lo5UBRkdsES7EJk08Emz2p8KgNUT2S0wpx0IJxEVZo
k/J1BVWPS+PElch57AClcy8kBkrWZyIUKzRCYfn2TkAL8+J3ndjNZoSw+Q087TDB
bHhnI1E+m7932UixPBRrbmDZ+UnGAoLsZ0gFFZclcRaohXP1P9ZlKFPzTIHFx9Kr
6OdmpKTcvH8CHDVTFUs8lXB7EnUcSLQVdmbmgQaYu50LNcAvu5+bBPzsJfRjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8XlqVMTzZPSzu8G36A1iYwVrUdowHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzEzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM0MzEzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
CzANBgkqhkiG9w0BAQsFAAOCAQEAHOncCSiL6gLVO/2OWv8iNcWHJdQv6eetWEFx
yHevXCMs9drZ35t08qAs0MDCSRKjxRXjJm6xX8MBASjWSfE6St/f1AdGAdxww9xA
7M6jjyLOGSAnI0jmckcZrn1Y6ZXHVCpmoRgPNrTTz39bMWEBvytJLY55JHsPTEHp
KTWtb1B5SaDSDjO6FevJdGrOHbibpPuakLos6kNz95yGroSIp3eBHpkRJwycvq7R
86Rn1W7I31fHsDjcnkBBSLiumlo7H3p5+mb2In+AK8MC2OZFTWyPZC7NVClFbd+K
oUjSGDe30ljrTXKuM/JopaBqJNloyFuPRxyM6Z84nuGcT7sr8A==
-----END CERTIFICATE-----