Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38312e302f32342d3234203d3e203130373533.roa
File:                     34352e39352e38312e302f32342d3234203d3e203130373533.roa (raw, json)
Hash identifier:          FkBgrUApMvi3lgA70RwzXdmr+ue7YGI+0ZsQLz4AeeM=
Subject key identifier:   35:BB:89:0A:23:AA:FB:04:62:2C:89:F6:B7:8B:27:EC:67:96:0E:1D
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       3AE6183B9E159E3A25F8476661C8AFD0D87365C1
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38312e302f32342d3234203d3e203130373533.roa
Signing time:             Thu 25 Jul 2024 23:56:14 +0000
ROA not before:           Thu 25 Jul 2024 23:51:14 +0000
ROA not after:            Thu 24 Jul 2025 23:56:14 +0000
asID:                     10753
IP address blocks:        45.95.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:e6:18:3b:9e:15:9e:3a:25:f8:47:66:61:c8:af:d0:d8:73:65:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Jul 25 23:51:14 2024 GMT
            Not After : Jul 24 23:56:14 2025 GMT
        Subject: CN=35BB890A23AAFB04622C89F6B78B27EC67960E1D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:94:2a:83:f6:00:c4:47:cc:f2:d3:56:2c:8c:
                    9d:c0:5f:7e:f1:49:28:7a:c5:10:d7:45:5f:ae:d2:
                    b8:e9:e0:d0:f9:b0:fd:20:0c:de:58:cf:fa:79:69:
                    60:42:11:6d:51:80:d4:34:63:99:b2:aa:0f:e6:93:
                    9f:cf:5d:1b:7d:0a:bc:db:5a:90:54:ee:e2:1b:9d:
                    c4:18:a9:65:05:0e:da:a0:90:02:ea:4c:87:12:d5:
                    7b:df:63:de:e8:ed:a5:8b:4e:4d:42:71:16:c8:ea:
                    3e:3a:30:20:60:7b:e0:e2:23:7e:6b:7d:54:13:fd:
                    69:2c:10:61:f9:79:57:17:08:b6:48:3d:66:e3:06:
                    c3:f7:5c:2c:f2:e2:f5:ba:29:1b:57:64:48:dc:01:
                    e9:ed:6c:53:52:cf:1e:7a:32:ab:8c:6e:62:d6:42:
                    82:a9:8d:68:31:2b:7d:07:23:b5:1c:ef:00:ec:59:
                    3c:14:ab:6d:ce:a5:c4:00:b8:69:02:5d:14:b3:fa:
                    85:6d:e6:ec:c6:da:fc:20:f9:34:cb:d9:f2:e2:4c:
                    97:ad:e4:cb:9b:4e:97:81:a0:b5:3a:5e:fc:b3:3c:
                    73:a2:20:ff:21:a8:86:27:9e:45:c8:83:39:4d:4c:
                    10:ae:39:a9:df:4b:98:64:04:6b:61:4d:df:a8:87:
                    ab:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BB:89:0A:23:AA:FB:04:62:2C:89:F6:B7:8B:27:EC:67:96:0E:1D
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38312e302f32342d3234203d3e203130373533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e6:62:8a:4c:b2:6c:62:e3:88:20:60:f2:1c:5e:c0:16:0f:
         d8:f7:dd:69:ab:e2:47:67:ca:03:22:e9:fe:2b:01:69:39:e0:
         b3:be:03:b2:5c:ab:8f:57:2c:f8:cb:2f:a9:ea:f9:e1:93:45:
         7f:a4:49:e8:1c:85:ca:fe:51:68:d7:81:aa:68:ee:48:99:26:
         c8:09:6e:cf:1c:7b:e8:b9:6d:7d:2d:c9:3c:08:88:49:03:e7:
         7b:da:00:56:24:20:8a:e0:7b:fa:92:0c:6a:b8:5f:36:b7:7f:
         2b:15:5f:64:59:1f:2e:16:c2:b5:b6:4e:9d:4c:d2:7a:c0:1f:
         74:33:12:fb:87:c2:53:88:da:25:fb:e6:21:39:f6:8b:8e:74:
         53:3d:d2:10:6f:03:d7:2e:d5:c0:1f:ef:85:13:9e:b9:82:f2:
         16:36:c4:2d:e0:78:2a:d0:80:9e:73:58:3e:a7:3e:ac:b1:ca:
         c5:08:2d:38:9a:62:44:bd:88:ff:06:4f:4c:79:1b:cc:b4:a4:
         e1:47:1c:9e:0b:62:f6:72:5e:51:50:2c:60:9e:50:67:a0:41:
         e7:c1:b0:34:e1:9b:fa:8b:3d:0f:6c:26:f4:80:f6:1c:47:19:
         53:b2:e3:83:8b:86:98:5c:59:51:0c:ce:bf:64:f2:26:cb:41:
         be:95:ef:08
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOuYYO54Vnjol+EdmYciv0NhzZcEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA3MjUyMzUxMTRaFw0yNTA3MjQyMzU2MTRaMDMxMTAvBgNV
BAMTKDM1QkI4OTBBMjNBQUZCMDQ2MjJDODlGNkI3OEIyN0VDNjc5NjBFMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKlCqD9gDER8zy01YsjJ3AX37x
SSh6xRDXRV+u0rjp4ND5sP0gDN5Yz/p5aWBCEW1RgNQ0Y5myqg/mk5/PXRt9Crzb
WpBU7uIbncQYqWUFDtqgkALqTIcS1XvfY97o7aWLTk1CcRbI6j46MCBge+DiI35r
fVQT/WksEGH5eVcXCLZIPWbjBsP3XCzy4vW6KRtXZEjcAentbFNSzx56MquMbmLW
QoKpjWgxK30HI7Uc7wDsWTwUq23OpcQAuGkCXRSz+oVt5uzG2vwg+TTL2fLiTJet
5MubTpeBoLU6XvyzPHOiIP8hqIYnnkXIgzlNTBCuOanfS5hkBGthTd+oh6sxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUNbuJCiOq+wRiLIn2t4sn7GeWDh0wHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzAzNzM1MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX1Ew
DQYJKoZIhvcNAQELBQADggEBACfmYopMsmxi44ggYPIcXsAWD9j33Wmr4kdnygMi
6f4rAWk54LO+A7Jcq49XLPjLL6nq+eGTRX+kSegchcr+UWjXgapo7kiZJsgJbs8c
e+i5bX0tyTwIiEkD53vaAFYkIIrge/qSDGq4Xza3fysVX2RZHy4WwrW2Tp1M0nrA
H3QzEvuHwlOI2iX75iE59ouOdFM90hBvA9cu1cAf74UTnrmC8hY2xC3geCrQgJ5z
WD6nPqyxysUILTiaYkS9iP8GT0x5G8y0pOFHHJ4LYvZyXlFQLGCeUGegQefBsDTh
m/qLPQ9sJvSA9hxHGVOy44OLhphcWVEMzr9k8ibLQb6V7wg=
-----END CERTIFICATE-----