Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38332e302f32342d3234203d3e203231383539.roa
File:                     34352e39352e38332e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          Djls19+FiMmKLQv9qIKBwkPY3kr3a/C5UFJAV5+m5zs=
Subject key identifier:   85:E6:6A:79:2C:21:01:1F:C8:40:D2:4B:DC:B5:08:6A:8F:F8:14:A1
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       1F93107037027072E9B8B2D9D3A0147DF8E955A0
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38332e302f32342d3234203d3e203231383539.roa
Signing time:             Sun 25 Aug 2024 16:12:36 +0000
ROA not before:           Sun 25 Aug 2024 16:07:36 +0000
ROA not after:            Sun 24 Aug 2025 16:12:36 +0000
asID:                     21859
IP address blocks:        45.95.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 13:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:93:10:70:37:02:70:72:e9:b8:b2:d9:d3:a0:14:7d:f8:e9:55:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Aug 25 16:07:36 2024 GMT
            Not After : Aug 24 16:12:36 2025 GMT
        Subject: CN=85E66A792C21011FC840D24BDCB5086A8FF814A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9f:c2:29:08:83:1d:8c:a2:aa:7b:ec:10:6e:
                    58:27:b1:49:c2:4e:84:61:d8:0a:12:4c:a5:7c:66:
                    57:de:21:9a:b9:4a:66:f7:87:3a:88:58:d2:7f:1d:
                    a6:b2:cf:96:3d:47:d4:46:0e:5b:01:09:ff:d1:72:
                    63:5a:fa:a0:09:67:f4:92:41:4b:c6:74:66:72:d3:
                    41:6c:5a:a6:69:b5:cb:1e:a5:4d:ab:3d:ee:e0:55:
                    a5:e8:7d:83:41:6b:02:41:fc:7c:dd:17:d6:26:27:
                    37:29:ce:27:ef:b9:7a:8c:16:88:fe:4d:8d:44:d5:
                    9c:c2:12:df:79:f1:f1:87:ab:00:e9:8e:5f:4a:f8:
                    5c:56:9d:f8:7d:41:67:f5:da:4f:b3:94:7d:4d:f3:
                    d9:f6:57:8b:14:4c:49:3e:95:6e:72:9b:9d:a2:be:
                    dc:0d:0b:c9:57:75:57:4d:60:7c:87:81:bb:5c:55:
                    2e:de:e1:38:f8:25:0d:2c:41:62:83:ee:38:7e:08:
                    36:69:4c:1f:ad:d4:aa:15:96:2d:37:53:aa:21:4d:
                    8e:42:4e:c0:aa:df:15:20:13:0a:12:ad:61:93:e8:
                    df:31:94:49:ff:2f:53:6e:ce:d5:5f:09:aa:b1:95:
                    d2:2a:3d:1f:26:ba:0a:d3:cf:b4:23:94:01:17:98:
                    1d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E6:6A:79:2C:21:01:1F:C8:40:D2:4B:DC:B5:08:6A:8F:F8:14:A1
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38332e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:97:52:fe:65:49:00:50:ab:13:2f:16:e9:66:25:d1:65:c2:
         cc:66:74:ef:bc:ef:26:a7:7b:6b:c9:7b:73:07:72:84:09:98:
         2b:2d:f3:0b:9a:1d:cb:55:11:d8:ed:06:85:61:c2:0d:92:cf:
         68:a2:09:6d:ef:bb:19:be:35:0a:66:eb:5d:ae:b6:99:bb:de:
         95:ae:83:1b:75:e2:23:9a:df:98:f9:f4:ac:03:91:20:04:3f:
         ed:9f:df:e1:ec:14:f2:10:db:3d:91:0e:69:16:b0:5b:42:6a:
         1a:d3:64:ed:63:48:e8:dc:af:78:7b:4a:cb:cf:7e:48:5f:09:
         20:19:8f:87:d3:bd:ab:aa:53:c4:e7:ad:a4:54:d5:b9:a4:da:
         88:b8:6e:33:d2:f3:59:56:88:62:33:c5:02:50:ab:e2:e8:d1:
         ed:be:7d:be:4e:05:61:6c:37:e0:e9:0e:c0:e7:33:3f:ee:3e:
         c1:dc:0d:50:72:12:d2:34:fb:59:c4:17:6d:c2:4d:d9:4e:a9:
         d3:df:e0:66:c7:35:41:76:d2:db:ac:19:a6:14:bc:8b:9b:93:
         c8:05:51:68:7d:41:71:60:55:a8:61:03:71:8a:ef:3b:86:50:
         7f:40:c0:be:8e:13:3b:01:18:cc:a9:cf:bd:e2:12:5b:58:42:
         97:11:61:a5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUH5MQcDcCcHLpuLLZ06AUffjpVaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNDA4MjUxNjA3MzZaFw0yNTA4MjQxNjEyMzZaMDMxMTAvBgNV
BAMTKDg1RTY2QTc5MkMyMTAxMUZDODQwRDI0QkRDQjUwODZBOEZGODE0QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSn8IpCIMdjKKqe+wQblgnsUnC
ToRh2AoSTKV8ZlfeIZq5Smb3hzqIWNJ/Haayz5Y9R9RGDlsBCf/RcmNa+qAJZ/SS
QUvGdGZy00FsWqZptcsepU2rPe7gVaXofYNBawJB/HzdF9YmJzcpzifvuXqMFoj+
TY1E1ZzCEt958fGHqwDpjl9K+FxWnfh9QWf12k+zlH1N89n2V4sUTEk+lW5ym52i
vtwNC8lXdVdNYHyHgbtcVS7e4Tj4JQ0sQWKD7jh+CDZpTB+t1KoVli03U6ohTY5C
TsCq3xUgEwoSrWGT6N8xlEn/L1NuztVfCaqxldIqPR8mugrTz7QjlAEXmB3bAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUheZqeSwhAR/IQNJL3LUIao/4FKEwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzODM1Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX1Mw
DQYJKoZIhvcNAQELBQADggEBADWXUv5lSQBQqxMvFulmJdFlwsxmdO+87yane2vJ
e3MHcoQJmCst8wuaHctVEdjtBoVhwg2Sz2iiCW3vuxm+NQpm612utpm73pWugxt1
4iOa35j59KwDkSAEP+2f3+HsFPIQ2z2RDmkWsFtCahrTZO1jSOjcr3h7SsvPfkhf
CSAZj4fTvauqU8TnraRU1bmk2oi4bjPS81lWiGIzxQJQq+Lo0e2+fb5OBWFsN+Dp
DsDnMz/uPsHcDVByEtI0+1nEF23CTdlOqdPf4GbHNUF20tusGaYUvIubk8gFUWh9
QXFgVahhA3GK7zuGUH9AwL6OEzsBGMypz73iEltYQpcRYaU=
-----END CERTIFICATE-----