Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e2033333230.roa
File:                     34352e3132382e31342e302f32332d3234203d3e2033333230.roa (raw, json)
Hash identifier:          8gov1qM/QHq5gnFxaJ/OgRbvCQPHYbheCe646nNCRJ0=
Subject key identifier:   8C:49:D6:81:27:C1:C6:CE:93:F1:8B:8B:E7:D9:17:39:97:FD:43:7A
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       37E42BC7ABB873298F6C5DF64669BE676E10804D
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e2033333230.roa
Signing time:             Wed 27 Sep 2023 12:05:25 +0000
ROA not before:           Wed 27 Sep 2023 12:00:25 +0000
ROA not after:            Wed 25 Sep 2024 12:05:25 +0000
asID:                     3320
IP address blocks:        45.128.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:e4:2b:c7:ab:b8:73:29:8f:6c:5d:f6:46:69:be:67:6e:10:80:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:25 2023 GMT
            Not After : Sep 25 12:05:25 2024 GMT
        Subject: CN=8C49D68127C1C6CE93F18B8BE7D9173997FD437A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ce:35:a7:31:84:e2:61:08:a3:52:d9:da:ba:
                    5a:c0:f3:da:b1:ea:42:28:0d:15:6a:e7:94:24:ac:
                    3f:95:23:72:04:ec:bd:40:4c:e7:3b:e7:68:88:1e:
                    18:7a:be:60:eb:a8:48:25:36:dd:1c:26:82:8d:40:
                    74:6d:21:d7:ed:0f:69:d5:67:8f:bf:a9:7a:3e:de:
                    50:43:0e:b0:83:67:84:9a:49:c2:e2:d5:11:8a:fa:
                    21:91:a2:0c:bd:10:34:fa:45:6a:ed:4d:4b:93:5e:
                    c2:5a:0c:45:b0:84:16:67:0f:a4:f0:f4:de:c7:c3:
                    c7:47:ec:cc:9d:b8:ce:04:e2:8a:f2:24:6c:1c:fa:
                    aa:35:e4:ea:16:d8:42:e1:78:6d:ee:8e:f1:23:18:
                    ec:31:36:9c:4b:3e:1f:43:90:7f:88:ab:b4:3a:8a:
                    1b:07:e7:26:78:db:15:0f:78:51:f9:55:71:59:38:
                    7d:62:a2:54:ea:ae:2c:4d:fe:ec:f8:99:6e:6c:12:
                    7c:45:bf:3d:13:73:af:7d:42:f9:f4:9d:1b:cf:05:
                    d4:6c:9b:26:18:32:1a:34:bd:39:70:cd:7a:8e:d5:
                    b9:93:47:d5:9c:ab:be:97:c2:81:68:9d:24:07:f3:
                    15:c6:0d:2f:9b:0f:7f:e3:86:ba:dc:2a:03:2a:3c:
                    03:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:49:D6:81:27:C1:C6:CE:93:F1:8B:8B:E7:D9:17:39:97:FD:43:7A
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:cc:f8:46:6c:a1:4f:d2:cc:96:f3:49:36:a7:f1:ac:21:73:
         9a:cf:a1:30:7c:b8:87:97:5f:79:10:7f:3a:78:14:79:33:71:
         ca:e5:ad:c0:a2:6d:4e:ea:b1:9f:a8:bd:4a:fc:ac:54:30:81:
         04:71:a7:27:15:63:eb:69:3a:15:9f:a3:8a:6c:30:89:4f:dd:
         b8:00:c2:3c:17:5f:f9:6f:8c:13:01:c3:e3:c8:55:29:62:d3:
         54:28:2c:c8:15:8a:af:3e:fd:c7:34:80:c7:ce:79:30:b7:ad:
         ab:97:c6:a3:e1:30:82:35:1a:4a:9d:17:73:20:47:70:72:0b:
         72:f0:02:18:3b:70:d1:8f:23:33:58:cf:fd:b5:1b:e5:65:8b:
         0e:e5:07:d1:85:62:fe:03:56:d5:52:75:6d:f5:bd:0e:ca:c2:
         da:a8:a3:1b:1d:8c:eb:90:57:f3:86:23:26:7d:17:f2:37:3a:
         3f:68:1f:4d:83:f5:28:64:dc:d1:99:01:78:79:29:2f:fa:49:
         e3:66:9c:45:6e:8c:a3:75:3b:12:7b:80:34:7d:67:50:67:42:
         cc:c4:69:01:e2:cc:ac:db:3e:19:89:bc:b8:7a:66:4b:30:3d:
         ca:5c:2b:fa:73:6d:2a:1e:ec:b7:fd:2f:90:99:6c:de:5b:71:
         57:0a:2d:0a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUN+Qrx6u4cymPbF32Rmm+Z24QgE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMjVaFw0yNDA5MjUxMjA1MjVaMDMxMTAvBgNV
BAMTKDhDNDlENjgxMjdDMUM2Q0U5M0YxOEI4QkU3RDkxNzM5OTdGRDQzN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmzjWnMYTiYQijUtnaulrA89qx
6kIoDRVq55QkrD+VI3IE7L1ATOc752iIHhh6vmDrqEglNt0cJoKNQHRtIdftD2nV
Z4+/qXo+3lBDDrCDZ4SaScLi1RGK+iGRogy9EDT6RWrtTUuTXsJaDEWwhBZnD6Tw
9N7Hw8dH7MyduM4E4oryJGwc+qo15OoW2ELheG3ujvEjGOwxNpxLPh9DkH+Iq7Q6
ihsH5yZ42xUPeFH5VXFZOH1iolTqrixN/uz4mW5sEnxFvz0Tc699Qvn0nRvPBdRs
myYYMho0vTlwzXqO1bmTR9Wcq76XwoFonSQH8xXGDS+bD3/jhrrcKgMqPAN3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjEnWgSfBxs6T8YuL59kXOZf9Q3owHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMjM4MmUzMTM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzMzMzMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtgA4w
DQYJKoZIhvcNAQELBQADggEBACjM+EZsoU/SzJbzSTan8awhc5rPoTB8uIeXX3kQ
fzp4FHkzccrlrcCibU7qsZ+ovUr8rFQwgQRxpycVY+tpOhWfo4psMIlP3bgAwjwX
X/lvjBMBw+PIVSli01QoLMgViq8+/cc0gMfOeTC3rauXxqPhMII1GkqdF3MgR3By
C3LwAhg7cNGPIzNYz/21G+Vliw7lB9GFYv4DVtVSdW31vQ7KwtqooxsdjOuQV/OG
IyZ9F/I3Oj9oH02D9Shk3NGZAXh5KS/6SeNmnEVujKN1OxJ7gDR9Z1BnQszEaQHi
zKzbPhmJvLh6ZkswPcpcK/pzbSoe7Lf9L5CZbN5bcVcKLQo=
-----END CERTIFICATE-----