Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa
File:                     34352e38382e382e302f32342d3234203d3e20323031393439.roa (raw, json)
Hash identifier:          UHX7CReK70I/4A6gVMg09g0Bh82Usnu3+XUaMGk3DhM=
Subject key identifier:   BC:9D:72:E9:F1:A9:5B:86:B4:C9:23:20:D3:66:DF:FB:C8:E3:2E:7E
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       3CB821F7C63CF4687DF750DE4944B336C2F4559D
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa
Signing time:             Mon 23 Oct 2023 09:41:46 +0000
ROA not before:           Mon 23 Oct 2023 09:36:46 +0000
ROA not after:            Mon 21 Oct 2024 09:41:46 +0000
asID:                     201949
IP address blocks:        45.88.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b8:21:f7:c6:3c:f4:68:7d:f7:50:de:49:44:b3:36:c2:f4:55:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 23 09:36:46 2023 GMT
            Not After : Oct 21 09:41:46 2024 GMT
        Subject: CN=BC9D72E9F1A95B86B4C92320D366DFFBC8E32E7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:69:08:6f:48:f1:c0:f0:a3:eb:f4:46:6c:c4:
                    42:fb:9e:93:0f:a7:66:08:6d:b7:5f:6c:3c:71:80:
                    bf:65:ae:ef:61:42:6b:06:68:24:3c:86:a6:6f:78:
                    cc:89:5a:c2:e1:7d:e1:6d:fa:e4:4c:fb:b0:7e:99:
                    3f:0b:d7:6b:20:ab:d3:f2:e4:16:13:e9:04:e5:84:
                    6b:6a:59:4a:2d:93:df:79:d7:be:05:24:af:89:53:
                    8b:aa:fc:fb:99:5a:2a:32:28:e6:c3:d5:1d:80:4e:
                    aa:67:8e:98:6b:8a:ff:84:70:23:41:d4:4c:b5:f5:
                    88:61:68:d3:a6:ac:22:ae:7d:e7:b4:dd:19:ee:40:
                    a9:b7:39:4e:69:4f:90:70:b1:4c:f1:3d:98:a2:c5:
                    24:4c:5a:01:c1:2d:36:98:7c:53:63:ad:7c:88:f3:
                    3e:48:92:f6:d0:42:f8:e4:e2:28:08:f3:d1:1a:40:
                    ba:3e:3c:2d:b7:6b:01:a6:86:68:44:f0:64:9c:64:
                    ea:4a:7c:94:c4:e3:0e:62:cd:bd:85:73:50:29:7b:
                    a0:8c:af:45:e3:a2:3a:13:b2:ba:d0:47:89:49:66:
                    2f:20:47:09:3e:79:d7:7e:df:85:a4:ca:3e:37:54:
                    b2:09:26:22:3d:6f:c2:b0:a8:e9:1e:ca:9b:e7:1d:
                    c6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9D:72:E9:F1:A9:5B:86:B4:C9:23:20:D3:66:DF:FB:C8:E3:2E:7E
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:a2:d3:d3:1c:17:60:fb:30:95:67:70:28:ce:1c:a1:3a:b5:
         55:4d:cc:12:ea:69:72:09:3c:4b:10:bd:54:1a:e3:c5:63:26:
         71:39:c6:3e:9a:d7:b0:d4:32:9c:90:0c:64:61:60:51:41:90:
         ec:0f:e7:b2:87:84:5b:4d:e5:31:d3:31:2d:76:f0:51:0a:38:
         91:8f:66:2b:af:11:23:dd:e6:26:40:98:10:4d:b0:77:a8:78:
         b2:65:f2:3f:90:21:58:f1:13:ed:10:8b:f3:fc:99:90:30:62:
         b3:26:80:6b:e0:a3:d7:fc:81:8e:de:21:72:17:bd:3b:f6:7f:
         99:e5:cc:9f:78:a3:d4:6c:73:52:f4:02:f0:e0:f1:d2:86:6f:
         e8:1f:46:ab:0f:b7:ad:c1:08:6a:c7:e2:4c:c2:4a:05:29:b2:
         11:da:29:8c:96:bb:55:36:58:f0:2b:37:69:84:e8:00:1d:82:
         5c:3c:bd:24:da:86:31:7b:0f:bb:1a:f2:ce:b9:bf:95:6e:49:
         0c:cc:1c:0e:62:8c:26:86:ec:c5:ea:01:01:08:8c:97:ac:1f:
         b9:3f:08:73:2f:f9:ac:46:38:ca:4b:1d:98:e2:c6:d2:dd:f6:
         e0:31:cf:95:b0:f7:40:35:6f:51:8d:45:b7:21:d0:6d:8d:c7:
         ee:6b:35:58
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPLgh98Y89Gh991DeSUSzNsL0VZ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzEwMjMwOTM2NDZaFw0yNDEwMjEwOTQxNDZaMDMxMTAvBgNV
BAMTKEJDOUQ3MkU5RjFBOTVCODZCNEM5MjMyMEQzNjZERkZCQzhFMzJFN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpaQhvSPHA8KPr9EZsxEL7npMP
p2YIbbdfbDxxgL9lru9hQmsGaCQ8hqZveMyJWsLhfeFt+uRM+7B+mT8L12sgq9Py
5BYT6QTlhGtqWUotk995174FJK+JU4uq/PuZWioyKObD1R2ATqpnjphriv+EcCNB
1Ey19YhhaNOmrCKufee03RnuQKm3OU5pT5BwsUzxPZiixSRMWgHBLTaYfFNjrXyI
8z5IkvbQQvjk4igI89EaQLo+PC23awGmhmhE8GScZOpKfJTE4w5izb2Fc1Ape6CM
r0XjojoTsrrQR4lJZi8gRwk+edd+34Wkyj43VLIJJiI9b8KwqOkeypvnHcZ3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvJ1y6fGpW4a0ySMg02bf+8jjLn4wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzOTM0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWAgw
DQYJKoZIhvcNAQELBQADggEBACmi09McF2D7MJVncCjOHKE6tVVNzBLqaXIJPEsQ
vVQa48VjJnE5xj6a17DUMpyQDGRhYFFBkOwP57KHhFtN5THTMS128FEKOJGPZiuv
ESPd5iZAmBBNsHeoeLJl8j+QIVjxE+0Qi/P8mZAwYrMmgGvgo9f8gY7eIXIXvTv2
f5nlzJ94o9Rsc1L0AvDg8dKGb+gfRqsPt63BCGrH4kzCSgUpshHaKYyWu1U2WPAr
N2mE6AAdglw8vSTahjF7D7sa8s65v5VuSQzMHA5ijCaG7MXqAQEIjJesH7k/CHMv
+axGOMpLHZjixtLd9uAxz5Ww90A1b1GNRbch0G2Nx+5rNVg=
-----END CERTIFICATE-----