Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38322e302f32342d3234203d3e203231383539.roa
File:                     34352e39352e38322e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          DdjdKz3VCWgD9D91AjxGWOfn1c37vNXBbzqsnbXIvjs=
Subject key identifier:   E9:4C:9A:1C:EA:F1:52:66:62:35:80:45:84:BC:87:96:46:D6:AE:18
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       67B5E76ADCA61B8EFB6893E56E04FA645779DB2E
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38322e302f32342d3234203d3e203231383539.roa
Signing time:             Sun 25 Aug 2024 16:12:34 +0000
ROA not before:           Sun 25 Aug 2024 16:07:34 +0000
ROA not after:            Sun 24 Aug 2025 16:12:34 +0000
asID:                     21859
IP address blocks:        45.95.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:b5:e7:6a:dc:a6:1b:8e:fb:68:93:e5:6e:04:fa:64:57:79:db:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Aug 25 16:07:34 2024 GMT
            Not After : Aug 24 16:12:34 2025 GMT
        Subject: CN=E94C9A1CEAF152666235804584BC879646D6AE18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:40:8a:da:d0:87:40:1e:78:01:9a:1a:fa:
                    94:ab:76:b0:a5:b4:ba:dd:33:65:50:61:a5:ad:a6:
                    08:51:72:e6:e6:ca:45:0c:18:5b:89:d3:ee:4e:b5:
                    11:0e:e9:cf:82:d9:f6:c8:21:ef:1f:5f:52:bb:0a:
                    ea:d5:76:77:b5:6d:9f:a7:0b:9a:75:1a:b7:4d:e6:
                    ec:16:28:b8:5e:25:e5:fe:0b:74:93:70:4c:f2:ec:
                    c9:c0:fd:3c:a2:96:53:25:08:78:8c:f2:32:6b:3e:
                    6c:96:18:67:40:9c:f9:e0:61:67:a2:81:d6:ca:23:
                    1f:ff:92:3e:3e:e2:8c:9d:8a:28:34:4e:d8:f4:84:
                    43:f2:0a:9f:ef:7d:b1:79:01:0a:43:7c:51:73:d7:
                    58:ac:b9:fc:38:d9:71:be:66:83:a5:d7:29:5a:ad:
                    9d:a9:a2:32:05:33:cd:92:5f:1f:a1:bc:44:a5:d2:
                    c2:08:83:54:aa:a8:18:78:56:df:19:4f:f7:5e:18:
                    36:bd:91:06:d6:b3:33:b4:8d:e1:70:6a:72:b7:81:
                    94:58:6d:bd:53:02:67:85:fe:a5:63:f8:4a:54:22:
                    82:65:71:59:c5:ab:62:66:82:2a:22:1b:d0:2a:40:
                    19:01:d3:d2:e9:fd:71:84:71:27:7d:ac:45:b3:be:
                    dc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:4C:9A:1C:EA:F1:52:66:62:35:80:45:84:BC:87:96:46:D6:AE:18
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38322e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:f0:7b:87:43:c8:12:d4:81:f5:3c:f6:3a:6e:08:d6:29:0d:
         75:17:df:47:90:d8:52:44:87:1b:48:ab:40:ef:b3:fa:dd:19:
         70:60:86:93:51:6b:60:85:87:6e:a3:c3:22:95:03:fe:b4:8a:
         3c:61:d9:16:b2:13:84:94:28:2c:0d:e5:77:05:dd:07:8a:cc:
         4e:47:fd:4b:37:ff:0a:bc:c6:87:8f:c4:76:40:cf:b0:09:c9:
         6a:ca:b0:4c:38:7f:c9:5b:3e:fa:3e:24:88:07:87:9b:a7:0e:
         d6:36:1d:93:d0:9c:a2:53:20:af:9a:23:84:8b:00:d1:4e:ef:
         99:39:33:22:6b:95:83:a7:44:18:e8:4b:4d:e9:1f:3a:f4:88:
         f9:c0:c3:3b:46:70:8e:9d:d0:dc:16:54:e9:c6:a2:5b:d9:eb:
         b9:b3:ba:2a:af:4a:07:8f:05:b5:c0:41:c8:2e:90:4b:14:97:
         9f:3d:c4:d0:b8:40:fa:19:00:be:36:8c:11:1c:e1:51:8d:49:
         51:d0:e1:a2:e1:22:86:78:09:96:f3:07:7d:e5:9d:d7:f4:1c:
         d9:7e:93:20:3c:0a:a8:4b:02:83:02:c9:dc:33:e5:67:6c:0e:
         bf:1f:b3:d6:c7:12:43:d2:9a:ef:19:aa:31:bc:d7:71:bb:77:
         32:30:e6:68
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZ7XnatymG477aJPlbgT6ZFd52y4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA4MjUxNjA3MzRaFw0yNTA4MjQxNjEyMzRaMDMxMTAvBgNV
BAMTKEU5NEM5QTFDRUFGMTUyNjY2MjM1ODA0NTg0QkM4Nzk2NDZENkFFMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCux0CK2tCHQB54AZoa+pSrdrCl
tLrdM2VQYaWtpghRcubmykUMGFuJ0+5OtREO6c+C2fbIIe8fX1K7CurVdne1bZ+n
C5p1GrdN5uwWKLheJeX+C3STcEzy7MnA/TyillMlCHiM8jJrPmyWGGdAnPngYWei
gdbKIx//kj4+4oydiig0Ttj0hEPyCp/vfbF5AQpDfFFz11isufw42XG+ZoOl1yla
rZ2pojIFM82SXx+hvESl0sIIg1SqqBh4Vt8ZT/deGDa9kQbWszO0jeFwanK3gZRY
bb1TAmeF/qVj+EpUIoJlcVnFq2JmgioiG9AqQBkB09Lp/XGEcSd9rEWzvty9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6UyaHOrxUmZiNYBFhLyHlkbWrhgwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzODM1Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX1Iw
DQYJKoZIhvcNAQELBQADggEBAEHwe4dDyBLUgfU89jpuCNYpDXUX30eQ2FJEhxtI
q0Dvs/rdGXBghpNRa2CFh26jwyKVA/60ijxh2RayE4SUKCwN5XcF3QeKzE5H/Us3
/wq8xoePxHZAz7AJyWrKsEw4f8lbPvo+JIgHh5unDtY2HZPQnKJTIK+aI4SLANFO
75k5MyJrlYOnRBjoS03pHzr0iPnAwztGcI6d0NwWVOnGolvZ67mzuiqvSgePBbXA
QcgukEsUl589xNC4QPoZAL42jBEc4VGNSVHQ4aLhIoZ4CZbzB33lndf0HNl+kyA8
CqhLAoMCydwz5WdsDr8fs9bHEkPSmu8ZqjG813G7dzIw5mg=
-----END CERTIFICATE-----