Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e392e302f32342d3234203d3e20323034393134.roa
File:                     34352e38382e392e302f32342d3234203d3e20323034393134.roa (raw, json)
Hash identifier:          3ax0BHfMDJBnonLFW3tTI/kQEqab/YJ6UQOlwYnwrkA=
Subject key identifier:   38:4D:81:9B:59:E2:DB:3A:6D:43:2D:87:AA:C2:23:56:A9:7D:10:02
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       336A04BDE5FCC8EB6076AE0E16D9D7CE338FA478
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e392e302f32342d3234203d3e20323034393134.roa
Signing time:             Mon 02 Sep 2024 09:10:04 +0000
ROA not before:           Mon 02 Sep 2024 09:05:04 +0000
ROA not after:            Mon 01 Sep 2025 09:10:04 +0000
asID:                     204914
IP address blocks:        45.88.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:6a:04:bd:e5:fc:c8:eb:60:76:ae:0e:16:d9:d7:ce:33:8f:a4:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Sep  2 09:05:04 2024 GMT
            Not After : Sep  1 09:10:04 2025 GMT
        Subject: CN=384D819B59E2DB3A6D432D87AAC22356A97D1002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e5:b1:40:64:d5:d9:90:53:1d:89:bb:5a:ef:
                    12:ea:fa:74:e7:0a:12:72:9c:7b:c0:b6:3a:a9:05:
                    22:df:d0:11:b3:c9:f5:31:00:b8:2d:8e:75:b3:f6:
                    0b:34:91:82:52:95:86:6c:2c:92:19:e7:58:37:bf:
                    2b:92:92:5d:26:a4:99:83:3e:8f:32:87:e6:69:36:
                    f2:ea:00:24:38:f1:e1:2e:44:73:63:cf:77:df:ee:
                    26:7a:91:60:43:6d:fe:03:50:cf:ae:36:a6:17:78:
                    0c:e5:a8:05:9a:f5:77:c9:e8:45:4b:15:dd:13:25:
                    b8:73:fe:26:f8:b9:cc:e5:15:0b:53:cb:da:5e:22:
                    49:db:19:1d:4d:96:65:f4:0e:18:57:33:24:79:03:
                    d7:e0:1a:84:a5:cc:e3:22:b6:5a:ec:b3:16:96:15:
                    c4:42:a8:c2:bb:42:05:ea:7a:f0:ea:f8:8d:bc:64:
                    4f:75:9c:fc:76:07:bc:60:98:d6:3d:da:f7:87:5b:
                    30:d0:a1:e0:6d:d7:ea:73:3c:d4:85:dc:ef:61:89:
                    35:d7:8e:a7:d2:da:31:fe:f6:34:9b:58:3f:75:f2:
                    96:9a:33:21:49:54:cf:1b:b7:7f:79:58:f0:14:3f:
                    f1:8e:c6:44:ff:67:7c:95:2d:bf:e3:49:90:c8:d6:
                    b0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:4D:81:9B:59:E2:DB:3A:6D:43:2D:87:AA:C2:23:56:A9:7D:10:02
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e392e302f32342d3234203d3e20323034393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d5:43:2b:e6:f3:9f:c8:01:f6:35:ef:07:86:e3:cc:50:5f:64:
         77:5c:d7:1b:d1:04:a9:7d:b9:44:72:3a:c0:b3:43:4e:1e:7e:
         fa:ca:48:ab:f8:22:2c:64:6c:3b:39:2e:95:3e:eb:fc:47:b1:
         65:81:f1:f6:ce:b4:65:f8:29:51:ae:9f:76:d3:23:c1:88:39:
         5f:73:3f:4a:24:db:1a:b4:21:fb:d1:24:e0:98:6d:f7:d7:ee:
         09:d1:15:4e:13:39:b1:06:93:79:33:9e:9b:73:35:56:43:1f:
         86:4a:25:21:4c:ab:03:b6:24:86:4c:2e:cf:f3:e0:e3:bd:54:
         10:30:49:31:bb:e5:39:ed:d7:64:fc:77:c7:ab:8b:36:60:77:
         75:13:c4:48:f3:0b:44:0d:ad:ab:2f:45:48:d4:f9:94:03:0a:
         ea:ba:b5:4c:96:52:de:58:f1:35:4d:9e:e8:c9:de:e6:22:07:
         b5:f5:1b:ca:11:a2:fe:10:98:00:84:45:04:3f:40:26:72:02:
         c7:99:7e:e8:c4:b8:5e:5d:30:47:26:2b:45:f3:a9:15:f6:38:
         66:62:1e:a5:b8:b1:9e:8a:6f:d3:c6:2f:12:06:61:0c:55:f0:
         7e:a7:e7:03:8a:86:6a:e0:5d:17:7f:91:66:39:7e:06:62:a7:
         b7:48:fe:02
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUM2oEveX8yOtgdq4OFtnXzjOPpHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA5MDIwOTA1MDRaFw0yNTA5MDEwOTEwMDRaMDMxMTAvBgNV
BAMTKDM4NEQ4MTlCNTlFMkRCM0E2RDQzMkQ4N0FBQzIyMzU2QTk3RDEwMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw5bFAZNXZkFMdibta7xLq+nTn
ChJynHvAtjqpBSLf0BGzyfUxALgtjnWz9gs0kYJSlYZsLJIZ51g3vyuSkl0mpJmD
Po8yh+ZpNvLqACQ48eEuRHNjz3ff7iZ6kWBDbf4DUM+uNqYXeAzlqAWa9XfJ6EVL
Fd0TJbhz/ib4uczlFQtTy9peIknbGR1NlmX0DhhXMyR5A9fgGoSlzOMitlrssxaW
FcRCqMK7QgXqevDq+I28ZE91nPx2B7xgmNY92veHWzDQoeBt1+pzPNSF3O9hiTXX
jqfS2jH+9jSbWD918paaMyFJVM8bt395WPAUP/GOxkT/Z3yVLb/jSZDI1rB1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUOE2Bm1ni2zptQy2HqsIjVql9EAIwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzQzOTMxMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWAkw
DQYJKoZIhvcNAQELBQADggEBANVDK+bzn8gB9jXvB4bjzFBfZHdc1xvRBKl9uURy
OsCzQ04efvrKSKv4IixkbDs5LpU+6/xHsWWB8fbOtGX4KVGun3bTI8GIOV9zP0ok
2xq0IfvRJOCYbffX7gnRFU4TObEGk3kznptzNVZDH4ZKJSFMqwO2JIZMLs/z4OO9
VBAwSTG75Tnt12T8d8erizZgd3UTxEjzC0QNrasvRUjU+ZQDCuq6tUyWUt5Y8TVN
nujJ3uYiB7X1G8oRov4QmACERQQ/QCZyAseZfujEuF5dMEcmK0XzqRX2OGZiHqW4
sZ6Kb9PGLxIGYQxV8H6n5wOKhmrgXRd/kWY5fgZip7dI/gI=
-----END CERTIFICATE-----