Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/34352e3133312e38302e302f32322d3232203d3e203630343538.roa
File:                     34352e3133312e38302e302f32322d3232203d3e203630343538.roa (raw, json)
Hash identifier:          Fc0zqUS/qMbsckb7qCmxgSMI5r1LVb7mk51C1/rR8H4=
Subject key identifier:   F0:13:8E:E1:27:F3:46:21:82:1A:2F:A6:A2:FC:C4:3A:9D:C1:53:6B
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       0325E65BE8CBDCC5B2E0029D1601D921B3E949D2
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/34352e3133312e38302e302f32322d3232203d3e203630343538.roa
Signing time:             Mon 03 Jun 2024 06:05:18 +0000
ROA not before:           Mon 03 Jun 2024 06:00:18 +0000
ROA not after:            Mon 02 Jun 2025 06:05:18 +0000
asID:                     60458
IP address blocks:        45.131.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:25:e6:5b:e8:cb:dc:c5:b2:e0:02:9d:16:01:d9:21:b3:e9:49:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Jun  3 06:00:18 2024 GMT
            Not After : Jun  2 06:05:18 2025 GMT
        Subject: CN=F0138EE127F34621821A2FA6A2FCC43A9DC1536B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e2:73:6d:58:a6:cf:13:f2:be:31:26:2b:38:
                    1b:6e:49:6e:78:67:e8:29:f7:bf:88:58:e3:63:17:
                    6b:85:4a:38:dd:65:24:ba:c1:56:30:1b:01:47:8a:
                    5a:09:a5:93:05:5b:97:ac:d6:6e:e1:63:9b:24:18:
                    f1:68:6c:33:a3:34:9d:eb:89:0b:2d:6b:de:aa:4a:
                    a0:21:96:4f:d5:b4:ef:35:d8:6b:e8:a9:b8:cc:49:
                    40:02:a4:79:cd:32:9c:bd:3b:62:c5:62:6c:eb:46:
                    b5:e3:73:8b:f9:01:fb:d7:d0:b6:16:bd:02:33:d8:
                    8c:8f:71:ea:3f:a0:2d:51:0a:5f:ff:a3:c0:9e:7a:
                    f4:0b:7f:17:02:5c:ef:18:4c:05:e3:a7:8d:d9:66:
                    27:64:f7:33:24:4e:31:a2:b3:e4:ef:c9:ef:2a:67:
                    7e:0f:20:36:ce:8e:93:a2:6d:7f:2a:5f:74:35:5e:
                    f1:d5:a4:fd:a8:8b:0d:07:d4:6e:80:68:f5:8c:54:
                    a8:79:1c:fc:c6:65:0e:90:40:c2:b3:bf:6c:da:de:
                    74:7b:37:13:dc:5f:47:08:c5:80:46:44:f1:2e:b4:
                    66:71:c4:cb:0c:f6:30:79:3f:99:52:6c:66:bb:a6:
                    a4:f9:67:8a:5f:3d:71:39:8c:a9:31:4e:6b:29:ef:
                    c2:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:13:8E:E1:27:F3:46:21:82:1A:2F:A6:A2:FC:C4:3A:9D:C1:53:6B
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/34352e3133312e38302e302f32322d3232203d3e203630343538.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:32:7d:fb:2f:10:b7:df:47:3a:f2:7e:f7:5f:d2:f1:6d:0f:
         35:af:26:47:7c:6d:35:37:c8:45:8e:c8:88:e6:6d:a1:60:03:
         04:9f:a1:eb:96:94:b1:ce:9c:c1:6f:04:09:74:53:b7:04:c2:
         28:ba:57:24:37:71:9e:8d:e9:c7:38:6d:5a:5d:de:f7:28:39:
         19:ca:89:08:e1:4f:41:04:e4:2c:e4:5e:7b:db:a7:67:3c:d5:
         93:de:0a:2f:b8:46:5b:23:3f:47:42:79:a6:7a:be:5f:08:c1:
         70:a7:37:b3:6d:6b:8a:07:c2:cf:5e:32:0c:74:d7:83:de:1c:
         f9:dd:10:99:17:88:11:08:e3:6e:79:63:06:db:3f:5b:ba:b3:
         99:ec:a2:6d:ae:23:30:dd:c2:cb:30:d6:d3:05:91:63:5a:ed:
         83:59:61:3b:7c:eb:40:81:1d:2a:b5:ca:a4:53:27:c3:52:53:
         c7:f3:8d:3c:82:a2:c4:e6:a1:da:58:1b:90:93:57:9c:e0:e3:
         0d:c6:cc:14:07:35:99:f5:33:14:e7:14:4d:8f:59:ba:6d:8f:
         bb:67:d0:b9:a4:a5:a3:9b:d9:54:ff:57:3b:0b:81:ba:0c:0e:
         4e:d5:67:8b:43:e9:75:bf:f2:40:29:1d:24:ef:41:00:02:2f:
         fa:63:ce:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAyXmW+jL3MWy4AKdFgHZIbPpSdIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDA2MDMwNjAwMThaFw0yNTA2MDIwNjA1MThaMDMxMTAvBgNV
BAMTKEYwMTM4RUUxMjdGMzQ2MjE4MjFBMkZBNkEyRkNDNDNBOURDMTUzNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC44nNtWKbPE/K+MSYrOBtuSW54
Z+gp97+IWONjF2uFSjjdZSS6wVYwGwFHiloJpZMFW5es1m7hY5skGPFobDOjNJ3r
iQsta96qSqAhlk/VtO812GvoqbjMSUACpHnNMpy9O2LFYmzrRrXjc4v5AfvX0LYW
vQIz2IyPceo/oC1RCl//o8CeevQLfxcCXO8YTAXjp43ZZidk9zMkTjGis+Tvye8q
Z34PIDbOjpOibX8qX3Q1XvHVpP2oiw0H1G6AaPWMVKh5HPzGZQ6QQMKzv2za3nR7
NxPcX0cIxYBGRPEutGZxxMsM9jB5P5lSbGa7pqT5Z4pfPXE5jKkxTmsp78J/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8BOO4SfzRiGCGi+movzEOp3BU2swHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzQzNTJlMzEzMzMxMmUzODMw
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzYzMDM0MzUzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2D
UDANBgkqhkiG9w0BAQsFAAOCAQEAfDJ9+y8Qt99HOvJ+91/S8W0PNa8mR3xtNTfI
RY7IiOZtoWADBJ+h65aUsc6cwW8ECXRTtwTCKLpXJDdxno3pxzhtWl3e9yg5GcqJ
COFPQQTkLORee9unZzzVk94KL7hGWyM/R0J5pnq+XwjBcKc3s21rigfCz14yDHTX
g94c+d0QmReIEQjjbnljBts/W7qzmeyiba4jMN3CyzDW0wWRY1rtg1lhO3zrQIEd
KrXKpFMnw1JTx/ONPIKixOah2lgbkJNXnODjDcbMFAc1mfUzFOcUTY9Zum2Pu2fQ
uaSlo5vZVP9XOwuBugwOTtVni0Ppdb/yQCkdJO9BAAIv+mPORA==
-----END CERTIFICATE-----