Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e203239383032.roa
File:                     34352e39352e36372e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          U1EKPRJQpR10eGT9en5vM3O02eOJTW7cjr7RzGWbi54=
Subject key identifier:   0B:3A:42:FB:98:CE:4F:E3:53:05:35:61:CD:55:29:C6:74:D7:7F:86
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       53AF44DC5A28809C2F2CAF1DF5AD354F4986D699
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e203239383032.roa
Signing time:             Mon 04 Nov 2024 18:47:25 +0000
ROA not before:           Mon 04 Nov 2024 18:42:25 +0000
ROA not after:            Mon 03 Nov 2025 18:47:25 +0000
asID:                     29802
IP address blocks:        45.95.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:af:44:dc:5a:28:80:9c:2f:2c:af:1d:f5:ad:35:4f:49:86:d6:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Nov  4 18:42:25 2024 GMT
            Not After : Nov  3 18:47:25 2025 GMT
        Subject: CN=0B3A42FB98CE4FE353053561CD5529C674D77F86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:07:9c:0b:ab:cd:9d:72:f7:ce:1a:a0:e5:9b:
                    4e:11:98:d0:c5:74:8d:cf:ad:ed:33:09:1d:90:df:
                    e8:42:a9:9f:71:ed:5f:b6:d3:e6:91:b8:71:1b:4f:
                    df:9e:94:65:f3:3e:1e:d8:51:0d:7d:7c:a4:c1:3d:
                    33:64:3c:04:2c:30:b5:4d:cd:6a:f4:22:0a:5a:5f:
                    13:ea:7b:3d:70:70:83:74:78:4e:83:23:7b:1a:b4:
                    23:b6:07:8a:6c:b9:ad:1a:d9:de:ca:b4:c7:30:6e:
                    22:0a:37:74:ff:0a:b3:60:b4:13:35:29:75:96:f4:
                    45:dd:6a:f3:47:a1:2d:34:01:d5:7a:e6:e2:68:7b:
                    8e:2b:7b:a3:7c:fa:e6:ed:93:83:7e:35:a3:24:67:
                    69:6e:b8:3c:8c:e7:a2:ba:e1:47:67:b8:a7:58:b0:
                    a0:7a:86:a6:99:da:fd:d5:c2:0d:3d:9b:c3:d3:4c:
                    fb:9c:62:9f:88:da:76:7d:43:e2:8f:14:9f:53:91:
                    11:3c:1b:04:2f:4c:41:ca:51:5d:a0:a9:32:5a:3e:
                    f3:27:5b:b7:3a:93:15:5b:2b:e3:e3:ae:59:99:0c:
                    e8:c1:9f:17:08:52:78:0a:2f:99:9c:d1:7c:c3:78:
                    4d:96:c5:f5:1b:67:2b:a7:88:69:9e:01:1e:6c:1f:
                    e2:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:3A:42:FB:98:CE:4F:E3:53:05:35:61:CD:55:29:C6:74:D7:7F:86
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:41:5a:cc:2b:17:ef:77:8b:79:34:84:49:03:c6:bb:e6:08:
         bc:c7:e9:6e:f7:25:5e:e8:8f:b2:00:0b:cc:00:f2:1e:a9:5c:
         ae:ba:81:16:0d:1a:93:44:f1:77:46:44:d9:c6:90:c8:a0:c3:
         4e:0d:2d:52:13:8c:c0:09:86:81:40:72:0d:98:cb:15:fe:12:
         3f:66:bf:0f:05:57:19:e3:43:b3:a0:65:6d:f4:35:43:d4:a4:
         1d:55:cd:3f:a3:1e:06:c1:01:78:d0:69:00:74:8e:36:04:c8:
         48:0b:2e:84:65:06:a8:f2:bb:f0:18:c6:24:50:e8:62:ea:59:
         56:33:eb:85:04:9f:a0:de:90:75:5d:6e:ca:18:63:ed:fe:d6:
         76:23:0d:61:06:0d:a3:f2:29:5c:e4:b4:e9:b0:be:df:41:19:
         c8:9b:4b:a7:47:88:bd:bb:43:cd:2b:47:f1:92:3f:54:d5:3c:
         ef:10:f6:63:20:23:97:db:40:b5:c1:a6:7d:9e:32:b6:27:f3:
         e3:2c:d3:6f:e8:ab:8a:01:cf:a6:ec:33:eb:87:a3:1e:2e:3e:
         7a:44:91:3f:c7:e8:11:17:a5:15:3e:fc:59:58:49:e3:6d:75:
         2d:b8:14:2e:9a:7f:a2:aa:80:64:cc:84:d4:45:e6:37:0b:04:
         7e:7e:0a:df
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUU69E3FoogJwvLK8d9a01T0mG1pkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNDExMDQxODQyMjVaFw0yNTExMDMxODQ3MjVaMDMxMTAvBgNV
BAMTKDBCM0E0MkZCOThDRTRGRTM1MzA1MzU2MUNENTUyOUM2NzRENzdGODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsB5wLq82dcvfOGqDlm04RmNDF
dI3Pre0zCR2Q3+hCqZ9x7V+20+aRuHEbT9+elGXzPh7YUQ19fKTBPTNkPAQsMLVN
zWr0IgpaXxPqez1wcIN0eE6DI3satCO2B4psua0a2d7KtMcwbiIKN3T/CrNgtBM1
KXWW9EXdavNHoS00AdV65uJoe44re6N8+ubtk4N+NaMkZ2luuDyM56K64UdnuKdY
sKB6hqaZ2v3Vwg09m8PTTPucYp+I2nZ9Q+KPFJ9TkRE8GwQvTEHKUV2gqTJaPvMn
W7c6kxVbK+PjrlmZDOjBnxcIUngKL5mc0XzDeE2WxfUbZyuniGmeAR5sH+ILAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUCzpC+5jOT+NTBTVhzVUpxnTXf4YwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzkzODMwMzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX0Mw
DQYJKoZIhvcNAQELBQADggEBAD9BWswrF+93i3k0hEkDxrvmCLzH6W73JV7oj7IA
C8wA8h6pXK66gRYNGpNE8XdGRNnGkMigw04NLVITjMAJhoFAcg2YyxX+Ej9mvw8F
VxnjQ7OgZW30NUPUpB1VzT+jHgbBAXjQaQB0jjYEyEgLLoRlBqjyu/AYxiRQ6GLq
WVYz64UEn6DekHVdbsoYY+3+1nYjDWEGDaPyKVzktOmwvt9BGcibS6dHiL27Q80r
R/GSP1TVPO8Q9mMgI5fbQLXBpn2eMrYn8+Ms02/oq4oBz6bsM+uHox4uPnpEkT/H
6BEXpRU+/FlYSeNtdS24FC6af6KqgGTMhNRF5jcLBH5+Ct8=
-----END CERTIFICATE-----