Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36352e302f32342d3234203d3e20323130313634.roa
File:                     34352e39352e36352e302f32342d3234203d3e20323130313634.roa (raw, json)
Hash identifier:          92CgsXl3GBv9C59nwSiy5dG2j/+apVUDEGWvut9DsEY=
Subject key identifier:   7D:DF:75:35:1D:6C:FF:F9:4F:B6:41:14:B0:7B:57:BD:3C:9B:C9:5C
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       0994252456472BE9C1D61B693B3B3E1C81B021F6
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36352e302f32342d3234203d3e20323130313634.roa
Signing time:             Mon 04 Mar 2024 09:25:01 +0000
ROA not before:           Mon 04 Mar 2024 09:20:01 +0000
ROA not after:            Mon 03 Mar 2025 09:25:01 +0000
asID:                     210164
IP address blocks:        45.95.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:94:25:24:56:47:2b:e9:c1:d6:1b:69:3b:3b:3e:1c:81:b0:21:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Mar  4 09:20:01 2024 GMT
            Not After : Mar  3 09:25:01 2025 GMT
        Subject: CN=7DDF75351D6CFFF94FB64114B07B57BD3C9BC95C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f3:97:8e:d1:aa:48:71:f9:b7:3e:c2:42:4d:
                    7c:e8:b6:88:b1:7b:2f:d1:25:8f:a7:70:d4:76:e3:
                    92:99:a1:4f:3b:b9:61:a0:e0:53:dd:be:bf:a1:50:
                    a4:d8:02:f7:89:58:95:b9:7a:7b:ea:7b:2c:d6:92:
                    1a:3e:38:d6:d5:77:fe:76:23:09:9b:f1:76:8a:db:
                    0d:ea:e3:3b:b4:5b:c2:a8:50:19:b2:c2:69:39:e6:
                    0f:48:ee:6b:59:6c:ff:50:2b:a4:76:3e:9e:6a:12:
                    df:36:5b:f2:c0:95:9e:9b:16:11:5e:8c:05:c5:a7:
                    d7:38:41:fc:e2:94:63:23:ca:c4:f7:a1:d9:c8:7b:
                    13:b5:dd:8c:99:33:bc:40:24:ed:eb:cc:39:e4:46:
                    03:16:7b:0d:31:39:73:56:6e:fb:e2:7a:0b:52:77:
                    a1:96:34:bf:5d:16:ef:7e:8a:ea:41:30:14:c2:02:
                    2b:4c:7b:3f:b0:0f:92:a7:49:6e:5c:66:ce:20:65:
                    ae:70:13:17:3e:0d:d7:36:8c:e3:b0:69:82:e6:dd:
                    62:ac:f9:48:55:fa:84:0f:9b:ac:e5:88:ba:d8:e7:
                    52:2e:c7:a0:b5:2b:64:5e:11:9c:ae:b0:0c:ab:0f:
                    4f:8c:d1:50:f5:09:31:b3:0e:5a:5a:8f:ee:de:3d:
                    9f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:DF:75:35:1D:6C:FF:F9:4F:B6:41:14:B0:7B:57:BD:3C:9B:C9:5C
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36352e302f32342d3234203d3e20323130313634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:01:87:30:9b:7c:c6:17:6a:b5:e0:b9:d2:d5:ed:43:f6:26:
         cb:b4:84:b4:ef:b8:8a:e6:82:65:3d:68:39:0c:d1:ad:b0:42:
         13:fb:af:39:b7:27:6c:03:a7:97:e5:dd:c5:98:5d:50:c1:b9:
         95:08:6a:ee:5a:f8:8c:e9:90:a5:4e:91:53:87:78:2d:4f:61:
         be:fd:c3:f5:65:41:df:b3:2f:e1:59:a9:e6:cb:51:34:d9:87:
         3a:cc:96:94:6a:30:98:6f:fa:70:0a:b9:c7:71:cb:14:a6:16:
         44:f3:43:9c:e3:b9:4d:4d:b0:a5:64:9f:6e:11:33:59:4d:be:
         5f:19:3f:ed:44:55:53:e4:8d:22:36:58:56:33:c1:0d:38:81:
         34:49:c1:1d:62:7e:f8:65:d7:dd:2b:19:4b:1b:9e:0a:d5:cd:
         f7:9e:90:46:a0:99:28:1c:83:b4:24:23:b5:7e:98:76:51:49:
         53:d1:99:24:f6:b1:5a:d7:db:60:c0:69:b9:09:d7:9b:fa:cc:
         c1:66:cf:66:63:de:65:8a:7c:50:d0:4b:80:14:96:01:b8:b7:
         b8:dc:48:ec:5f:89:39:8e:c3:04:b1:b4:22:a9:ef:64:a8:f0:
         54:96:9b:f0:d9:0c:0a:51:a9:18:6a:ec:0c:f0:da:e0:90:d4:
         83:9c:28:35
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCZQlJFZHK+nB1htpOzs+HIGwIfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDAzMDQwOTIwMDFaFw0yNTAzMDMwOTI1MDFaMDMxMTAvBgNV
BAMTKDdEREY3NTM1MUQ2Q0ZGRjk0RkI2NDExNEIwN0I1N0JEM0M5QkM5NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF85eO0apIcfm3PsJCTXzotoix
ey/RJY+ncNR245KZoU87uWGg4FPdvr+hUKTYAveJWJW5envqeyzWkho+ONbVd/52
Iwmb8XaK2w3q4zu0W8KoUBmywmk55g9I7mtZbP9QK6R2Pp5qEt82W/LAlZ6bFhFe
jAXFp9c4QfzilGMjysT3odnIexO13YyZM7xAJO3rzDnkRgMWew0xOXNWbvviegtS
d6GWNL9dFu9+iupBMBTCAitMez+wD5KnSW5cZs4gZa5wExc+Ddc2jOOwaYLm3WKs
+UhV+oQPm6zliLrY51Iux6C1K2ReEZyusAyrD0+M0VD1CTGzDlpaj+7ePZ9XAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfd91NR1s//lPtkEUsHtXvTybyVwwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMDMxMzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
QTANBgkqhkiG9w0BAQsFAAOCAQEAggGHMJt8xhdqteC50tXtQ/Ymy7SEtO+4iuaC
ZT1oOQzRrbBCE/uvObcnbAOnl+XdxZhdUMG5lQhq7lr4jOmQpU6RU4d4LU9hvv3D
9WVB37Mv4Vmp5stRNNmHOsyWlGowmG/6cAq5x3HLFKYWRPNDnOO5TU2wpWSfbhEz
WU2+Xxk/7URVU+SNIjZYVjPBDTiBNEnBHWJ++GXX3SsZSxueCtXN956QRqCZKByD
tCQjtX6YdlFJU9GZJPaxWtfbYMBpuQnXm/rMwWbPZmPeZYp8UNBLgBSWAbi3uNxI
7F+JOY7DBLG0IqnvZKjwVJab8NkMClGpGGrsDPDa4JDUg5woNQ==
-----END CERTIFICATE-----