Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36362e302f32342d3234203d3e2032343937.roa
File:                     34352e39352e36362e302f32342d3234203d3e2032343937.roa (raw, json)
Hash identifier:          /g/RkO6E4jWVTSGTqYibykdAiTMbGPzlSDCGG/0x/qs=
Subject key identifier:   CB:E9:AC:80:CB:36:3F:ED:30:17:68:7C:01:21:A0:22:76:3A:F1:F0
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       047A89674C1168B8F8CF922596B7C3E3D2F93F27
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36362e302f32342d3234203d3e2032343937.roa
Signing time:             Thu 22 Aug 2024 08:17:36 +0000
ROA not before:           Thu 22 Aug 2024 08:12:36 +0000
ROA not after:            Thu 21 Aug 2025 08:17:36 +0000
asID:                     2497
IP address blocks:        45.95.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:42:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:7a:89:67:4c:11:68:b8:f8:cf:92:25:96:b7:c3:e3:d2:f9:3f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Aug 22 08:12:36 2024 GMT
            Not After : Aug 21 08:17:36 2025 GMT
        Subject: CN=CBE9AC80CB363FED3017687C0121A022763AF1F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:99:3d:98:1b:09:ab:b9:f8:96:53:b1:e2:
                    9b:97:3b:ba:3f:0c:72:c0:5d:03:a1:47:d8:bc:fd:
                    ca:cf:27:3a:89:08:0c:9e:d5:ca:6f:a3:6a:34:b1:
                    3f:b1:df:ae:78:e7:93:c8:44:36:79:9d:fb:6e:0a:
                    f6:7c:46:85:4e:1d:cc:11:1e:44:87:59:a2:a3:7a:
                    cc:3a:33:9e:47:cc:68:01:38:5a:a9:2f:ea:da:93:
                    d7:de:a4:40:da:e3:14:d2:5a:47:9d:48:14:3b:4d:
                    65:3f:3c:bf:bc:2f:2b:ce:2e:f9:1e:51:23:e3:f3:
                    c1:66:33:29:cc:6d:f2:c8:8d:d3:da:70:70:f9:f7:
                    b0:55:ef:f6:7e:e3:0c:59:a7:b7:85:ab:ca:ca:ea:
                    12:bf:24:da:31:40:2e:61:cf:03:99:0a:d3:d9:d5:
                    9c:c0:1c:fa:cc:c9:26:9f:fe:77:d2:3a:51:86:21:
                    18:23:b8:ef:94:5b:ab:e2:bc:27:bd:6e:ee:13:8a:
                    06:1a:d6:a9:23:0e:75:0e:5b:8a:1c:ec:62:b5:8a:
                    63:5c:47:dc:82:40:78:ec:8d:1c:b4:96:f3:46:21:
                    e9:65:85:e4:b4:c1:a3:16:90:03:e4:83:15:18:87:
                    44:3d:f1:2a:3c:74:3f:6e:fa:22:4a:c9:ad:eb:d4:
                    90:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:E9:AC:80:CB:36:3F:ED:30:17:68:7C:01:21:A0:22:76:3A:F1:F0
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36362e302f32342d3234203d3e2032343937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f4:9b:5f:e8:ac:05:e2:a1:80:60:0d:86:ec:09:0f:05:f8:
         fc:b8:82:9b:d1:49:c7:97:e1:0b:ed:6e:7a:f0:60:90:1d:e0:
         79:1c:2a:2f:79:59:38:31:a1:db:f0:02:7c:70:2d:26:b0:12:
         b3:e7:c4:d4:a3:28:3e:44:da:07:3b:d0:95:95:c2:08:e0:7f:
         4c:16:78:8e:47:d4:02:88:e3:be:f0:9f:60:2c:ad:ca:4c:5c:
         0a:47:2f:86:29:c6:99:94:c8:45:63:1d:61:18:e7:74:0c:96:
         6f:0e:09:a6:bd:fa:ce:1e:1c:a0:c6:95:9c:9b:6a:c6:c3:19:
         c9:4d:c2:55:9f:79:b0:1b:0a:9c:ad:2e:be:c5:19:d1:52:a9:
         6a:ac:ef:30:76:0f:8b:3c:78:b1:6e:e1:36:6a:c4:3e:48:0a:
         32:5f:7c:fb:5c:cd:5d:0b:0f:47:c1:89:f5:89:7c:7f:1b:d2:
         aa:68:a1:89:07:68:a6:25:3b:9b:39:84:2f:b4:56:c4:45:71:
         1a:d5:9f:22:3f:9d:18:26:31:84:d6:27:77:e7:51:e3:09:84:
         42:a4:f7:f4:d5:27:02:c6:4c:ab:02:fa:36:8a:68:8b:c0:ff:
         56:ea:ae:98:e3:97:01:4b:01:0a:51:12:c8:ba:a5:6f:08:31:
         d7:c0:47:93
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUBHqJZ0wRaLj4z5IllrfD49L5PycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDA4MjIwODEyMzZaFw0yNTA4MjEwODE3MzZaMDMxMTAvBgNV
BAMTKENCRTlBQzgwQ0IzNjNGRUQzMDE3Njg3QzAxMjFBMDIyNzYzQUYxRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC44Jk9mBsJq7n4llOx4puXO7o/
DHLAXQOhR9i8/crPJzqJCAye1cpvo2o0sT+x365455PIRDZ5nftuCvZ8RoVOHcwR
HkSHWaKjesw6M55HzGgBOFqpL+rak9fepEDa4xTSWkedSBQ7TWU/PL+8LyvOLvke
USPj88FmMynMbfLIjdPacHD597BV7/Z+4wxZp7eFq8rK6hK/JNoxQC5hzwOZCtPZ
1ZzAHPrMySaf/nfSOlGGIRgjuO+UW6vivCe9bu4TigYa1qkjDnUOW4oc7GK1imNc
R9yCQHjsjRy0lvNGIellheS0waMWkAPkgxUYh0Q98So8dD9u+iJKya3r1JBXAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUy+msgMs2P+0wF2h8ASGgInY68fAwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzQzOTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9CMA0G
CSqGSIb3DQEBCwUAA4IBAQBx9Jtf6KwF4qGAYA2G7AkPBfj8uIKb0UnHl+EL7W56
8GCQHeB5HCoveVk4MaHb8AJ8cC0msBKz58TUoyg+RNoHO9CVlcII4H9MFniOR9QC
iOO+8J9gLK3KTFwKRy+GKcaZlMhFYx1hGOd0DJZvDgmmvfrOHhygxpWcm2rGwxnJ
TcJVn3mwGwqcrS6+xRnRUqlqrO8wdg+LPHixbuE2asQ+SAoyX3z7XM1dCw9HwYn1
iXx/G9KqaKGJB2imJTubOYQvtFbERXEa1Z8iP50YJjGE1id351HjCYRCpPf01ScC
xkyrAvo2imiLwP9W6q6Y45cBSwEKURLIuqVvCDHXwEeT
-----END CERTIFICATE-----