Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36342e302f32342d3234203d3e20323131333733.roa
File:                     34352e39352e36342e302f32342d3234203d3e20323131333733.roa (raw, json)
Hash identifier:          ymV6rge25MkjEFNLiR90sMNerbkq3el7ZC3775jqrN8=
Subject key identifier:   05:54:4C:BD:C8:CD:98:8C:60:3D:07:58:70:54:E3:6E:62:6E:5E:38
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       109F9C925B6141B18F715409A2DF4409C9AC9637
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36342e302f32342d3234203d3e20323131333733.roa
Signing time:             Mon 23 Oct 2023 09:41:44 +0000
ROA not before:           Mon 23 Oct 2023 09:36:44 +0000
ROA not after:            Mon 21 Oct 2024 09:41:44 +0000
asID:                     211373
IP address blocks:        45.95.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9f:9c:92:5b:61:41:b1:8f:71:54:09:a2:df:44:09:c9:ac:96:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 23 09:36:44 2023 GMT
            Not After : Oct 21 09:41:44 2024 GMT
        Subject: CN=05544CBDC8CD988C603D07587054E36E626E5E38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:67:e2:52:bf:7d:c4:3e:da:43:7e:ea:77:77:
                    87:81:cd:7b:14:40:69:b5:ba:75:ba:b0:c2:f7:37:
                    e5:a3:c1:30:99:47:9f:20:ea:c7:6d:fa:9b:0e:bf:
                    96:92:96:91:3d:44:45:b7:6a:95:c2:fc:12:ba:19:
                    99:36:d2:67:0f:c4:2a:9a:16:dc:ec:a4:e4:88:b9:
                    30:e7:8e:f6:5f:99:1d:08:5a:3d:18:23:97:b9:fc:
                    d2:2f:3d:5b:af:45:b8:66:ae:2e:99:fb:7a:f5:24:
                    31:8a:58:78:29:92:53:87:0e:df:ca:33:71:32:4c:
                    c9:58:69:d1:1e:e8:bc:32:2b:d9:36:47:26:ad:a4:
                    13:90:49:fa:de:c3:2c:e5:0d:9c:ba:b0:a2:36:b7:
                    7c:bc:de:6a:32:f8:7b:56:49:c3:fe:7a:3d:f2:1b:
                    68:89:42:03:c8:e8:19:06:4a:cf:ad:1c:c6:03:8d:
                    e3:0c:47:b0:88:4d:15:38:03:20:83:2c:18:eb:a5:
                    0e:cc:9c:17:51:0a:83:a8:c4:2b:9a:5b:9c:ba:86:
                    7f:36:4f:9f:12:14:7e:28:56:3f:4e:df:ac:4d:1b:
                    20:64:cf:82:50:54:62:5f:9b:54:fa:ab:03:41:0d:
                    57:03:a5:53:f2:d6:b0:68:16:cf:4a:50:81:f8:10:
                    ec:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:54:4C:BD:C8:CD:98:8C:60:3D:07:58:70:54:E3:6E:62:6E:5E:38
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36342e302f32342d3234203d3e20323131333733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:1f:6f:0a:e7:a3:9c:dd:a5:70:e3:27:90:7e:b9:a9:e2:b7:
         da:21:ba:8b:c1:96:fc:8e:99:37:28:1a:e1:97:d7:65:b2:d1:
         c4:06:57:04:29:fe:b2:09:30:a1:6f:98:fa:e4:ff:a7:02:f0:
         a3:b0:29:5c:99:cc:c2:fe:a5:27:59:c0:3e:5d:dd:3f:50:26:
         c7:a0:98:62:50:2a:f4:a8:bb:17:3e:44:5b:1f:95:6f:66:12:
         19:7b:bc:48:69:dd:a8:10:9e:72:3a:31:8a:ab:a4:fb:03:25:
         ee:1a:4d:8f:e6:99:6b:d8:ac:16:00:1d:71:94:3f:4b:f9:54:
         be:4f:b0:75:78:db:88:d1:b4:54:cb:bf:07:eb:e2:18:77:dd:
         42:01:80:94:6f:02:e3:ce:b9:0f:fd:e8:a2:93:6f:d5:8a:59:
         6f:93:65:cb:01:70:f7:b2:1c:c4:75:56:f6:f7:27:f1:45:10:
         71:aa:fb:bd:2a:6b:4b:c5:f6:37:1b:b6:5e:27:d0:9b:98:b2:
         1f:44:41:da:49:a7:0a:2e:a5:af:84:12:ac:ed:08:cc:a1:b1:
         f5:a3:5b:68:dc:b8:49:8f:89:40:36:d7:7d:38:30:52:ec:a1:
         6f:eb:37:1f:2e:a7:17:55:1f:8f:b6:47:70:71:97:aa:8d:99:
         5c:89:34:a6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEJ+cklthQbGPcVQJot9ECcmsljcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yMzEwMjMwOTM2NDRaFw0yNDEwMjEwOTQxNDRaMDMxMTAvBgNV
BAMTKDA1NTQ0Q0JEQzhDRDk4OEM2MDNEMDc1ODcwNTRFMzZFNjI2RTVFMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Z+JSv33EPtpDfup3d4eBzXsU
QGm1unW6sML3N+WjwTCZR58g6sdt+psOv5aSlpE9REW3apXC/BK6GZk20mcPxCqa
FtzspOSIuTDnjvZfmR0IWj0YI5e5/NIvPVuvRbhmri6Z+3r1JDGKWHgpklOHDt/K
M3EyTMlYadEe6LwyK9k2RyatpBOQSfrewyzlDZy6sKI2t3y83moy+HtWScP+ej3y
G2iJQgPI6BkGSs+tHMYDjeMMR7CITRU4AyCDLBjrpQ7MnBdRCoOoxCuaW5y6hn82
T58SFH4oVj9O36xNGyBkz4JQVGJfm1T6qwNBDVcDpVPy1rBoFs9KUIH4EOxZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBVRMvcjNmIxgPQdYcFTjbmJuXjgwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTMzMzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
QDANBgkqhkiG9w0BAQsFAAOCAQEASx9vCuejnN2lcOMnkH65qeK32iG6i8GW/I6Z
Nyga4ZfXZbLRxAZXBCn+sgkwoW+Y+uT/pwLwo7ApXJnMwv6lJ1nAPl3dP1Amx6CY
YlAq9Ki7Fz5EWx+Vb2YSGXu8SGndqBCecjoxiquk+wMl7hpNj+aZa9isFgAdcZQ/
S/lUvk+wdXjbiNG0VMu/B+viGHfdQgGAlG8C4865D/3oopNv1YpZb5NlywFw97Ic
xHVW9vcn8UUQcar7vSprS8X2Nxu2XifQm5iyH0RB2kmnCi6lr4QSrO0IzKGx9aNb
aNy4SY+JQDbXfTgwUuyhb+s3Hy6nF1Ufj7ZHcHGXqo2ZXIk0pg==
-----END CERTIFICATE-----