Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/34352e3133312e38302e302f32322d3232203d3e203630343538.roa
File:                     34352e3133312e38302e302f32322d3232203d3e203630343538.roa (raw, json)
Hash identifier:          on7cgxwGLsJ4f0UYU6tsJP66yCuCZF2zC3GjJUTyzv0=
Subject key identifier:   AC:80:D9:A6:3D:CD:DB:A7:9B:72:1E:BA:55:83:19:63:2E:A8:42:4F
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       6F07F3EB13F9041911EF5EF0AFB40E04F8D2C286
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/34352e3133312e38302e302f32322d3232203d3e203630343538.roa
Signing time:             Mon 03 Jul 2023 05:42:03 +0000
ROA not before:           Mon 03 Jul 2023 05:37:03 +0000
ROA not after:            Mon 01 Jul 2024 05:42:03 +0000
asID:                     60458
IP address blocks:        45.131.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:07:f3:eb:13:f9:04:19:11:ef:5e:f0:af:b4:0e:04:f8:d2:c2:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jul  3 05:37:03 2023 GMT
            Not After : Jul  1 05:42:03 2024 GMT
        Subject: CN=AC80D9A63DCDDBA79B721EBA558319632EA8424F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7e:34:d6:02:cc:ac:83:de:78:7f:a4:65:01:
                    ba:a1:a8:96:83:2c:a3:93:4f:c3:b0:96:1e:27:17:
                    46:6b:1c:b5:1c:ee:1a:8b:c6:94:27:62:ec:0b:94:
                    d9:6c:24:fd:16:d2:24:45:14:00:d1:4d:6c:e0:a2:
                    8a:df:8a:20:6b:b7:5b:77:f7:dd:25:d8:ce:bb:90:
                    91:26:47:19:65:fd:e3:5a:10:6b:3e:f0:c5:d4:2e:
                    0a:79:a3:c4:d1:d5:37:ea:1c:a7:89:a9:41:78:d5:
                    96:06:73:ba:e0:e1:19:b2:e2:2d:91:64:5b:30:74:
                    0f:d4:2e:65:26:79:f5:37:51:ab:55:cc:b9:33:1e:
                    87:23:ea:4d:64:b1:f6:fe:66:8b:5a:e6:99:57:47:
                    ea:f0:68:45:ac:8d:4b:4d:48:45:19:15:39:09:eb:
                    a7:31:ec:5a:93:4e:6f:10:67:f0:08:44:d6:b6:41:
                    2b:94:74:44:f7:09:ea:06:1c:77:12:85:45:7c:86:
                    4c:ad:4a:63:23:eb:ea:7b:51:73:be:93:44:92:23:
                    df:aa:4a:e7:82:29:ad:a2:97:89:ea:e1:9f:c1:df:
                    bb:62:47:a5:76:35:9c:0f:43:a9:84:cc:02:88:7d:
                    db:90:e1:b8:af:15:81:de:6e:f7:fa:c4:5b:08:98:
                    80:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:80:D9:A6:3D:CD:DB:A7:9B:72:1E:BA:55:83:19:63:2E:A8:42:4F
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/34352e3133312e38302e302f32322d3232203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:b9:c8:f5:63:1e:fd:0b:89:81:cc:c7:2a:e2:b2:31:1d:b5:
         ab:98:2e:f9:06:ee:3d:61:de:31:95:99:0d:0d:1a:ad:77:08:
         8a:16:b0:10:ae:f6:fc:65:82:57:7c:27:dd:7c:e7:d9:1e:89:
         a9:b5:f6:63:f1:69:e7:78:ac:fb:5a:67:62:6e:c8:3b:a4:82:
         55:7a:f8:6e:b9:6f:1a:45:fc:93:98:05:39:0e:f1:60:d9:de:
         88:17:fa:55:40:65:fa:7e:bf:46:32:64:e7:10:4c:ea:15:9b:
         9a:72:72:89:6b:d0:1a:fc:71:85:91:34:89:02:b4:70:19:59:
         fa:64:b8:6e:9e:50:6d:ae:18:b2:90:80:06:58:d6:e3:3b:ee:
         83:2f:c2:69:22:f5:ca:bf:e1:10:43:1d:cd:59:f8:20:1d:f8:
         8c:1c:a5:96:28:7b:9b:6a:a3:b7:e8:03:a6:7f:ef:47:2d:87:
         6c:8e:5b:37:ed:88:6a:63:6c:6d:f1:e6:46:82:c4:d0:e7:c8:
         70:ad:3c:21:06:f9:e1:fe:fd:87:8d:e3:f7:9b:0b:f1:e8:41:
         c4:1a:43:47:26:0f:0d:fc:27:fe:71:43:7c:55:51:2b:5e:92:
         c2:a8:16:9e:ad:c1:eb:dc:09:10:b6:d8:db:a3:f5:b0:4d:d9:
         0d:7c:43:e5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbwfz6xP5BBkR717wr7QOBPjSwoYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yMzA3MDMwNTM3MDNaFw0yNDA3MDEwNTQyMDNaMDMxMTAvBgNV
BAMTKEFDODBEOUE2M0RDRERCQTc5QjcyMUVCQTU1ODMxOTYzMkVBODQyNEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZfjTWAsysg954f6RlAbqhqJaD
LKOTT8Owlh4nF0ZrHLUc7hqLxpQnYuwLlNlsJP0W0iRFFADRTWzgoorfiiBrt1t3
990l2M67kJEmRxll/eNaEGs+8MXULgp5o8TR1TfqHKeJqUF41ZYGc7rg4Rmy4i2R
ZFswdA/ULmUmefU3UatVzLkzHocj6k1ksfb+Zota5plXR+rwaEWsjUtNSEUZFTkJ
66cx7FqTTm8QZ/AIRNa2QSuUdET3CeoGHHcShUV8hkytSmMj6+p7UXO+k0SSI9+q
SueCKa2il4nq4Z/B37tiR6V2NZwPQ6mEzAKIfduQ4bivFYHebvf6xFsImIAnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrIDZpj3N26ebch66VYMZYy6oQk8wHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzQzNTJlMzEzMzMxMmUzODMw
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2D
UDANBgkqhkiG9w0BAQsFAAOCAQEAJ7nI9WMe/QuJgczHKuKyMR21q5gu+QbuPWHe
MZWZDQ0arXcIihawEK72/GWCV3wn3Xzn2R6JqbX2Y/Fp53is+1pnYm7IO6SCVXr4
brlvGkX8k5gFOQ7xYNneiBf6VUBl+n6/RjJk5xBM6hWbmnJyiWvQGvxxhZE0iQK0
cBlZ+mS4bp5Qba4YspCABljW4zvugy/CaSL1yr/hEEMdzVn4IB34jByllih7m2qj
t+gDpn/vRy2HbI5bN+2IamNsbfHmRoLE0OfIcK08IQb54f79h43j95sL8ehBxBpD
RyYPDfwn/nFDfFVRK16SwqgWnq3B69wJELbY26P1sE3ZDXxD5Q==
-----END CERTIFICATE-----