Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36362e302f32342d3234203d3e20323730373634.roa
File:                     34352e39352e36362e302f32342d3234203d3e20323730373634.roa (raw, json)
Hash identifier:          yvyCHY9y+22zwwblCyUS07f1+Xx2N/MG2FXcnlBcm3U=
Subject key identifier:   51:21:A0:CB:28:7A:E6:77:5D:D4:9C:8C:45:89:15:27:F8:8D:B7:1D
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       0AF7C6865272A655E37AB28FD0CF2545B092AAC2
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36362e302f32342d3234203d3e20323730373634.roa
Signing time:             Tue 19 Mar 2024 18:54:10 +0000
ROA not before:           Tue 19 Mar 2024 18:49:10 +0000
ROA not after:            Tue 18 Mar 2025 18:54:10 +0000
asID:                     270764
IP address blocks:        45.95.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:f7:c6:86:52:72:a6:55:e3:7a:b2:8f:d0:cf:25:45:b0:92:aa:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Mar 19 18:49:10 2024 GMT
            Not After : Mar 18 18:54:10 2025 GMT
        Subject: CN=5121A0CB287AE6775DD49C8C45891527F88DB71D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c4:79:1d:a7:63:e4:bb:bc:f1:c8:c2:a1:fd:
                    f0:35:11:cb:e4:6f:55:46:95:95:cb:35:b7:ab:a2:
                    b0:0c:b9:98:b7:25:1e:29:62:67:b4:26:c7:7f:4a:
                    16:eb:ab:e5:23:f5:bd:ae:43:3c:d6:5c:89:1a:d3:
                    9e:3b:a7:3a:d7:7d:c6:a2:dd:a6:4a:f7:0c:87:83:
                    d2:c4:10:73:0a:43:40:e3:0c:67:c1:cb:d2:9b:e5:
                    35:e9:16:7a:a3:bb:af:1e:24:ae:aa:5a:c2:57:d8:
                    e1:ec:4d:ff:30:52:05:87:19:39:15:04:62:7f:0a:
                    b2:97:d5:65:91:8f:3f:0a:65:cd:c3:ab:6d:4d:4f:
                    15:4a:04:4a:73:f6:b1:6a:16:45:fa:ae:ca:6c:8d:
                    9b:2f:76:87:93:e3:cd:bb:d9:7f:07:50:91:9d:7f:
                    d6:72:49:76:ff:ff:08:d0:44:57:df:85:dd:aa:53:
                    1b:b0:cf:06:26:09:e9:f3:0a:22:bf:95:73:b7:93:
                    d3:d6:ab:a8:3f:ba:9b:2d:e3:3e:f3:35:0a:af:ff:
                    5f:09:f1:59:64:7d:fc:d3:39:6b:66:b2:df:9c:f7:
                    aa:e3:2c:1f:a3:56:27:38:48:51:af:85:36:09:05:
                    76:f9:bb:38:16:94:4e:1d:e4:47:72:17:64:df:3d:
                    96:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:21:A0:CB:28:7A:E6:77:5D:D4:9C:8C:45:89:15:27:F8:8D:B7:1D
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36362e302f32342d3234203d3e20323730373634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0b:4e:4a:bf:e0:49:66:b4:d8:08:d4:65:17:3f:23:99:a8:
         3d:43:de:70:ed:5d:69:26:e8:08:17:69:b7:5f:8a:8c:8a:26:
         c7:1b:92:a7:1f:b5:8c:ab:45:b7:06:58:6b:64:46:1d:cb:9d:
         2a:0a:84:7e:75:df:af:3a:44:00:14:95:82:b1:58:d9:5c:83:
         cf:10:aa:03:1f:9d:33:dc:c7:09:50:6e:e8:52:4a:95:b4:ff:
         09:18:2d:2f:f4:0d:e5:21:b0:a3:16:67:11:23:f2:ef:51:b5:
         e2:ca:c0:3c:ad:8f:26:5b:1c:1a:79:c9:1f:31:1b:e4:75:cc:
         8c:27:26:8d:a5:a4:fe:e0:5d:2e:bf:4a:50:92:71:d2:bb:8d:
         73:95:2c:c9:46:16:4f:e7:30:08:51:79:f9:7c:c9:af:dd:f6:
         2b:9d:41:4a:4b:09:89:20:be:8d:2f:18:50:65:25:9f:74:33:
         a8:f8:07:b5:8e:82:fe:96:6b:bf:b0:39:5d:61:a0:29:03:19:
         66:e3:dc:74:02:24:22:ec:c3:19:45:59:3a:3f:a0:dc:97:f4:
         97:f9:84:53:30:94:ab:d1:82:1d:8b:fa:c0:7a:66:84:ad:1b:
         ce:46:2e:4e:c6:39:92:e7:ac:b4:c7:c4:c0:be:59:4e:de:91:
         ff:ce:47:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCvfGhlJyplXjerKP0M8lRbCSqsIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDAzMTkxODQ5MTBaFw0yNTAzMTgxODU0MTBaMDMxMTAvBgNV
BAMTKDUxMjFBMENCMjg3QUU2Nzc1REQ0OUM4QzQ1ODkxNTI3Rjg4REI3MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMxHkdp2Pku7zxyMKh/fA1Ecvk
b1VGlZXLNberorAMuZi3JR4pYme0Jsd/Shbrq+Uj9b2uQzzWXIka0547pzrXfcai
3aZK9wyHg9LEEHMKQ0DjDGfBy9Kb5TXpFnqju68eJK6qWsJX2OHsTf8wUgWHGTkV
BGJ/CrKX1WWRjz8KZc3Dq21NTxVKBEpz9rFqFkX6rspsjZsvdoeT48272X8HUJGd
f9ZySXb//wjQRFffhd2qUxuwzwYmCenzCiK/lXO3k9PWq6g/upst4z7zNQqv/18J
8VlkffzTOWtmst+c96rjLB+jVic4SFGvhTYJBXb5uzgWlE4d5EdyF2TfPZZXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUSGgyyh65ndd1JyMRYkVJ/iNtx0wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzczMDM3MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
QjANBgkqhkiG9w0BAQsFAAOCAQEArgtOSr/gSWa02AjUZRc/I5moPUPecO1daSbo
CBdpt1+KjIomxxuSpx+1jKtFtwZYa2RGHcudKgqEfnXfrzpEABSVgrFY2VyDzxCq
Ax+dM9zHCVBu6FJKlbT/CRgtL/QN5SGwoxZnESPy71G14srAPK2PJlscGnnJHzEb
5HXMjCcmjaWk/uBdLr9KUJJx0ruNc5UsyUYWT+cwCFF5+XzJr932K51BSksJiSC+
jS8YUGUln3QzqPgHtY6C/pZrv7A5XWGgKQMZZuPcdAIkIuzDGUVZOj+g3Jf0l/mE
UzCUq9GCHYv6wHpmhK0bzkYuTsY5kuestMfEwL5ZTt6R/85H/w==
-----END CERTIFICATE-----