Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa
File:                     34352e38382e382e302f32342d3234203d3e20323031393439.roa (raw, json)
Hash identifier:          bZzsXNC0tv6Qmy4YN0u3xfR/PL/fC2/U7wLvqX1nw3g=
Subject key identifier:   18:D5:8A:33:EE:B7:6E:ED:BE:65:FF:97:79:62:01:95:99:BE:A2:D2
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       4A19E47268B5AC3AE82D72E184B68BCC2F02C8F7
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa
Signing time:             Mon 23 Sep 2024 09:43:19 +0000
ROA not before:           Mon 23 Sep 2024 09:38:19 +0000
ROA not after:            Mon 22 Sep 2025 09:43:19 +0000
asID:                     201949
IP address blocks:        45.88.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:19:e4:72:68:b5:ac:3a:e8:2d:72:e1:84:b6:8b:cc:2f:02:c8:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Sep 23 09:38:19 2024 GMT
            Not After : Sep 22 09:43:19 2025 GMT
        Subject: CN=18D58A33EEB76EEDBE65FF977962019599BEA2D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:57:54:e2:1f:ee:fb:da:55:d0:cb:91:97:a3:
                    e6:74:4d:58:02:09:85:b2:e8:33:c8:5e:ca:33:cb:
                    b4:d0:29:a2:e7:de:41:33:be:42:0a:5d:ee:f4:a2:
                    ed:06:27:d7:34:5e:6e:b2:af:bd:93:f2:fd:8e:d8:
                    a1:4b:6c:d6:40:92:16:a6:5a:6e:4c:08:f3:02:a8:
                    d4:38:42:43:1b:06:fb:86:fd:0b:c6:85:b6:a7:f8:
                    73:17:f6:10:40:41:62:ea:4a:64:44:38:cc:24:e4:
                    37:e7:21:f0:e9:ef:ab:00:24:d4:a7:6a:27:30:02:
                    f6:2d:5f:5b:74:d5:eb:cb:f0:b2:5d:fa:94:84:b4:
                    97:08:fc:e6:2a:47:c7:9a:7a:c3:64:28:87:35:8e:
                    df:70:c9:88:76:0b:ca:64:e7:9d:02:fd:4e:fb:28:
                    7b:64:c8:60:0c:11:a6:8c:69:a5:6a:fe:37:2f:27:
                    3a:e8:37:12:4b:bb:80:fb:c7:04:0c:ef:66:04:c1:
                    ba:ef:75:78:ca:bd:e2:49:a2:9a:d8:3e:64:9b:de:
                    8e:41:c3:9c:cd:c3:7c:96:d3:ea:01:7f:ee:3f:81:
                    ef:d7:1e:9d:7d:33:c6:01:17:48:42:98:61:53:c6:
                    42:88:5f:01:35:e8:3a:b3:f5:a8:40:dc:e2:41:b4:
                    e9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D5:8A:33:EE:B7:6E:ED:BE:65:FF:97:79:62:01:95:99:BE:A2:D2
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:24:58:c6:62:14:57:ff:46:fc:e9:d0:90:de:1a:fe:da:af:
         45:8c:a0:56:3f:95:c8:0e:56:d2:4d:f7:be:4f:f5:ad:a0:87:
         5a:b6:84:1f:f4:a4:07:29:70:08:77:d1:75:91:ef:97:43:69:
         c6:32:8d:c0:41:da:dd:e8:6b:81:6f:88:33:7f:1d:42:9e:00:
         ea:5b:8c:37:2d:a9:15:bb:ac:87:60:fd:3f:57:2c:ca:db:e9:
         f1:5a:ba:59:41:1e:c2:b7:f6:c6:6f:4f:9b:2b:a9:bb:29:04:
         db:ad:0d:f3:cd:7a:f0:b3:23:48:4b:3a:06:72:c8:fb:da:58:
         ad:53:21:3f:f1:14:dd:e6:5c:27:80:d2:14:fa:23:62:15:f7:
         0a:07:a3:39:be:51:d0:de:e2:55:5d:5a:c1:14:0e:a2:f3:13:
         74:a7:18:27:c6:51:a6:2c:97:3d:7c:c5:2b:be:fd:c3:74:48:
         ff:43:88:b5:32:c3:8b:07:d2:e9:a8:d4:52:0c:5e:fe:ff:bc:
         a8:83:db:00:ef:4f:5b:6e:1d:be:78:1c:d9:e4:38:a5:b2:33:
         09:a7:f1:95:cb:0b:a0:24:80:de:ef:c1:1e:5d:9c:0b:91:4d:
         ae:86:3b:8e:d7:4b:07:55:83:b7:93:23:fd:aa:cd:c4:a7:05:
         82:e5:d8:2e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUShnkcmi1rDroLXLhhLaLzC8CyPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA5MjMwOTM4MTlaFw0yNTA5MjIwOTQzMTlaMDMxMTAvBgNV
BAMTKDE4RDU4QTMzRUVCNzZFRURCRTY1RkY5Nzc5NjIwMTk1OTlCRUEyRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaV1TiH+772lXQy5GXo+Z0TVgC
CYWy6DPIXsozy7TQKaLn3kEzvkIKXe70ou0GJ9c0Xm6yr72T8v2O2KFLbNZAkham
Wm5MCPMCqNQ4QkMbBvuG/QvGhban+HMX9hBAQWLqSmREOMwk5DfnIfDp76sAJNSn
aicwAvYtX1t01evL8LJd+pSEtJcI/OYqR8eaesNkKIc1jt9wyYh2C8pk550C/U77
KHtkyGAMEaaMaaVq/jcvJzroNxJLu4D7xwQM72YEwbrvdXjKveJJoprYPmSb3o5B
w5zNw3yW0+oBf+4/ge/XHp19M8YBF0hCmGFTxkKIXwE16Dqz9ahA3OJBtOmFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUGNWKM+63bu2+Zf+XeWIBlZm+otIwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzOTM0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWAgw
DQYJKoZIhvcNAQELBQADggEBAEQkWMZiFFf/Rvzp0JDeGv7ar0WMoFY/lcgOVtJN
975P9a2gh1q2hB/0pAcpcAh30XWR75dDacYyjcBB2t3oa4FviDN/HUKeAOpbjDct
qRW7rIdg/T9XLMrb6fFaullBHsK39sZvT5srqbspBNutDfPNevCzI0hLOgZyyPva
WK1TIT/xFN3mXCeA0hT6I2IV9woHozm+UdDe4lVdWsEUDqLzE3SnGCfGUaYslz18
xSu+/cN0SP9DiLUyw4sH0umo1FIMXv7/vKiD2wDvT1tuHb54HNnkOKWyMwmn8ZXL
C6AkgN7vwR5dnAuRTa6GO47XSwdVg7eTI/2qzcSnBYLl2C4=
-----END CERTIFICATE-----