Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38302e302f32342d3234203d3e203232343237.roa
File:                     34352e39352e38302e302f32342d3234203d3e203232343237.roa (raw, json)
Hash identifier:          1iNa622Wy2pLG+EQ9PLnzZr/TAQ/DFOpTXcvxlsTiU8=
Subject key identifier:   8D:FB:25:74:1C:49:CD:8D:61:44:19:9D:68:C5:29:06:7D:7E:F5:9F
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       2713AC243C355AA269F5E1F60285A89BDF21384F
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38302e302f32342d3234203d3e203232343237.roa
Signing time:             Thu 25 Jul 2024 12:10:07 +0000
ROA not before:           Thu 25 Jul 2024 12:05:07 +0000
ROA not after:            Thu 24 Jul 2025 12:10:07 +0000
asID:                     22427
IP address blocks:        45.95.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:13:ac:24:3c:35:5a:a2:69:f5:e1:f6:02:85:a8:9b:df:21:38:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Jul 25 12:05:07 2024 GMT
            Not After : Jul 24 12:10:07 2025 GMT
        Subject: CN=8DFB25741C49CD8D6144199D68C529067D7EF59F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ca:02:ac:ae:b2:9a:44:93:b8:63:a8:16:80:
                    c4:a3:1f:c3:6a:b0:56:d5:dc:cb:dd:dd:05:ab:b1:
                    45:ef:57:ec:69:44:b7:c2:51:2f:01:8d:6d:93:e1:
                    7b:8d:c5:c8:b2:14:d1:73:c0:63:f7:ce:97:b1:2f:
                    56:dc:d3:46:f1:01:8e:04:04:f0:81:cf:3e:bc:78:
                    75:6c:88:7a:70:bb:48:f4:4a:24:37:62:7d:32:c1:
                    ab:5a:29:6f:08:62:96:7d:90:7b:ca:04:a5:0d:31:
                    6b:13:4a:10:e3:36:bc:f3:ca:89:6f:eb:b2:a6:20:
                    d5:a0:ba:e2:32:d6:bd:e8:49:36:ee:13:78:8b:08:
                    d5:a5:68:60:2d:d3:d7:e1:40:32:bc:ca:21:07:43:
                    36:ae:6e:b9:85:50:4d:da:4c:fa:b3:73:8d:1b:20:
                    e0:40:3b:9f:6d:aa:19:0c:5f:26:49:bc:8a:5a:6c:
                    58:7e:8c:07:fb:35:1a:ce:bf:45:bf:b8:e8:94:7d:
                    40:a1:aa:75:9d:89:1d:e1:f6:66:02:60:42:d9:d2:
                    8b:c6:a7:0c:c9:57:05:52:7b:07:aa:eb:23:47:c1:
                    d1:c1:b7:f4:8f:09:d7:25:07:c1:88:33:f4:9f:97:
                    c2:12:94:51:e9:52:a2:0f:56:1f:f4:5d:11:46:04:
                    2f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:FB:25:74:1C:49:CD:8D:61:44:19:9D:68:C5:29:06:7D:7E:F5:9F
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38302e302f32342d3234203d3e203232343237.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:2b:83:f8:e5:be:c7:6e:38:46:1b:1c:c9:a4:0f:48:ad:4f:
         e3:d1:77:d2:9f:42:ff:5e:92:0e:41:63:a1:1e:48:03:0c:2c:
         58:fa:05:d8:de:28:a6:35:9b:e6:a6:a3:c4:da:d9:0e:9c:5e:
         b5:44:fc:4f:5b:34:29:08:d1:c8:b8:b4:3c:5a:81:f8:b0:14:
         56:e7:20:83:4a:76:66:4e:5a:c3:b7:ff:ff:bd:c1:e5:e8:09:
         98:b3:2b:fb:19:42:8f:b8:86:76:34:3b:92:a2:58:05:ed:e9:
         ed:95:b9:9c:65:85:a3:f5:be:00:be:1d:8d:73:60:03:d0:51:
         fa:e6:af:50:2c:cf:21:55:2f:81:ab:4b:4c:d3:64:29:c2:29:
         33:dd:ee:d8:50:22:bd:98:c3:1b:47:11:f1:71:69:de:d9:80:
         c9:da:43:6c:a2:67:2a:31:70:f4:01:36:b8:d3:0b:ba:35:3c:
         af:b3:b1:b8:6e:8c:29:f4:a5:49:ef:db:fb:b0:07:30:cd:c1:
         aa:3c:c2:2e:50:81:d9:4b:8e:54:fe:b1:dd:74:0d:ef:94:d4:
         f4:43:69:f6:1a:b8:70:31:50:47:c1:2a:b9:fd:51:d3:66:69:
         c5:f3:36:54:d4:3d:1e:51:0f:9a:7e:49:58:21:6d:72:a7:16:
         da:fa:fb:2f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJxOsJDw1WqJp9eH2AoWom98hOE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA3MjUxMjA1MDdaFw0yNTA3MjQxMjEwMDdaMDMxMTAvBgNV
BAMTKDhERkIyNTc0MUM0OUNEOEQ2MTQ0MTk5RDY4QzUyOTA2N0Q3RUY1OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbygKsrrKaRJO4Y6gWgMSjH8Nq
sFbV3Mvd3QWrsUXvV+xpRLfCUS8BjW2T4XuNxciyFNFzwGP3zpexL1bc00bxAY4E
BPCBzz68eHVsiHpwu0j0SiQ3Yn0ywataKW8IYpZ9kHvKBKUNMWsTShDjNrzzyolv
67KmINWguuIy1r3oSTbuE3iLCNWlaGAt09fhQDK8yiEHQzaubrmFUE3aTPqzc40b
IOBAO59tqhkMXyZJvIpabFh+jAf7NRrOv0W/uOiUfUChqnWdiR3h9mYCYELZ0ovG
pwzJVwVSeweq6yNHwdHBt/SPCdclB8GIM/Sfl8ISlFHpUqIPVh/0XRFGBC/5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjfsldBxJzY1hRBmdaMUpBn1+9Z8wHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzIzNDMyMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX1Aw
DQYJKoZIhvcNAQELBQADggEBADUrg/jlvsduOEYbHMmkD0itT+PRd9KfQv9ekg5B
Y6EeSAMMLFj6BdjeKKY1m+amo8Ta2Q6cXrVE/E9bNCkI0ci4tDxagfiwFFbnIINK
dmZOWsO3//+9weXoCZizK/sZQo+4hnY0O5KiWAXt6e2VuZxlhaP1vgC+HY1zYAPQ
Ufrmr1AszyFVL4GrS0zTZCnCKTPd7thQIr2YwxtHEfFxad7ZgMnaQ2yiZyoxcPQB
NrjTC7o1PK+zsbhujCn0pUnv2/uwBzDNwao8wi5QgdlLjlT+sd10De+U1PRDafYa
uHAxUEfBKrn9UdNmacXzNlTUPR5RD5p+SVghbXKnFtr6+y8=
-----END CERTIFICATE-----