Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e20383334.roa
File:                     34352e3132382e31342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          QDbk0nlJhLR7apfP44X7S73OTc5wsSambdSsTjWzrQo=
Subject key identifier:   3D:E2:9F:DB:B3:32:3A:01:E1:F4:69:45:8A:3A:B7:4A:EA:D5:41:CF
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       55F1ABA8C5D1EBF3536AA9923A8B461207F722DE
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e20383334.roa
Signing time:             Fri 08 Nov 2024 00:02:21 +0000
ROA not before:           Thu 07 Nov 2024 23:57:21 +0000
ROA not after:            Fri 07 Nov 2025 00:02:21 +0000
asID:                     834
IP address blocks:        45.128.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:f1:ab:a8:c5:d1:eb:f3:53:6a:a9:92:3a:8b:46:12:07:f7:22:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Nov  7 23:57:21 2024 GMT
            Not After : Nov  7 00:02:21 2025 GMT
        Subject: CN=3DE29FDBB3323A01E1F469458A3AB74AEAD541CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1b:87:8c:20:06:43:32:db:42:c7:7f:b5:a8:
                    67:b2:37:c0:e4:db:68:79:48:58:35:de:16:30:0c:
                    da:86:fc:84:d3:7c:5a:8c:a3:1d:60:e2:c9:6f:4c:
                    36:0c:43:86:89:41:6d:22:b4:35:60:9f:8e:91:f1:
                    ca:65:e0:bc:aa:2b:20:c8:1d:ce:ef:3e:0a:56:13:
                    41:8d:51:54:31:5a:17:9f:41:75:30:20:f6:c1:d6:
                    ef:09:dd:ba:6d:7e:89:fa:75:f2:83:83:17:64:8c:
                    1d:91:b7:1d:83:28:cb:d4:66:46:41:0a:1e:36:5f:
                    35:8a:49:1c:e3:8b:6c:66:b7:25:fc:b5:e7:53:b0:
                    4c:c1:30:0c:95:b7:47:f2:99:0c:aa:b0:33:5d:47:
                    3c:7d:cb:c2:aa:ea:44:c5:dc:da:9c:c4:0c:26:c2:
                    c9:7d:a4:45:d3:98:52:59:b4:93:b6:37:a6:51:02:
                    ec:4d:81:71:c3:35:51:79:cd:d4:72:e0:1a:25:cd:
                    c9:46:c8:ae:06:a1:c4:c4:c6:b7:e2:81:63:61:84:
                    df:73:95:c3:6f:de:1b:05:f7:24:2c:39:cd:79:bc:
                    55:62:7c:ff:36:04:18:e7:e9:a7:90:5b:57:f0:95:
                    cf:cd:37:88:01:aa:b6:5d:ee:a1:fe:18:2c:1a:00:
                    43:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E2:9F:DB:B3:32:3A:01:E1:F4:69:45:8A:3A:B7:4A:EA:D5:41:CF
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:aa:d7:b2:dd:2c:fc:7d:18:7c:8a:d9:63:de:e9:29:64:d8:
         32:fb:0f:85:43:bd:0b:74:06:ab:b2:9c:99:20:d4:4a:ee:96:
         86:a8:0e:21:c1:41:f3:f6:f2:77:1b:7f:80:c2:ba:e6:f8:10:
         3a:6d:0a:49:87:d0:52:a1:f6:d5:54:57:5e:68:24:1b:62:2f:
         c0:99:0f:11:b5:7e:ed:d8:8d:04:d5:4b:c9:80:90:e0:0b:9e:
         d6:19:5e:d4:ad:d6:9a:29:e8:24:8d:d5:30:a0:db:41:36:f9:
         c2:ec:41:e0:e0:aa:bc:f2:da:e0:b8:95:37:a2:fc:9e:26:b7:
         71:b6:e5:a5:ee:ff:54:73:9c:1a:44:c1:aa:ad:85:5b:43:8c:
         11:27:4b:cd:0d:c1:22:38:3c:77:aa:11:2f:55:82:e5:b1:13:
         cb:92:35:f7:d6:cf:c0:ff:5c:fe:cf:8a:79:19:2f:e8:bd:1f:
         cf:38:e6:87:37:11:94:1b:79:a8:da:5e:1a:fd:81:dc:7f:58:
         99:ce:58:56:e2:14:92:9e:d2:b6:6b:c3:57:da:8a:58:5e:96:
         b6:d6:32:6f:8d:b0:47:e0:94:9e:28:c3:f5:ff:dd:74:1b:a9:
         09:2d:3b:c6:01:08:4c:bd:7d:89:f8:76:85:49:5b:7d:a6:93:
         ed:b3:bc:64
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUVfGrqMXR6/NTaqmSOotGEgf3It4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDExMDcyMzU3MjFaFw0yNTExMDcwMDAyMjFaMDMxMTAvBgNV
BAMTKDNERTI5RkRCQjMzMjNBMDFFMUY0Njk0NThBM0FCNzRBRUFENTQxQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjG4eMIAZDMttCx3+1qGeyN8Dk
22h5SFg13hYwDNqG/ITTfFqMox1g4slvTDYMQ4aJQW0itDVgn46R8cpl4LyqKyDI
Hc7vPgpWE0GNUVQxWhefQXUwIPbB1u8J3bptfon6dfKDgxdkjB2Rtx2DKMvUZkZB
Ch42XzWKSRzji2xmtyX8tedTsEzBMAyVt0fymQyqsDNdRzx9y8Kq6kTF3NqcxAwm
wsl9pEXTmFJZtJO2N6ZRAuxNgXHDNVF5zdRy4BolzclGyK4GocTExrfigWNhhN9z
lcNv3hsF9yQsOc15vFVifP82BBjn6aeQW1fwlc/NN4gBqrZd7qH+GCwaAEOJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUPeKf27MyOgHh9GlFijq3SurVQc8wHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMjM4MmUzMTM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYAOMA0G
CSqGSIb3DQEBCwUAA4IBAQAVqtey3Sz8fRh8itlj3ukpZNgy+w+FQ70LdAarspyZ
INRK7paGqA4hwUHz9vJ3G3+Awrrm+BA6bQpJh9BSofbVVFdeaCQbYi/AmQ8RtX7t
2I0E1UvJgJDgC57WGV7UrdaaKegkjdUwoNtBNvnC7EHg4Kq88trguJU3ovyeJrdx
tuWl7v9Uc5waRMGqrYVbQ4wRJ0vNDcEiODx3qhEvVYLlsRPLkjX31s/A/1z+z4p5
GS/ovR/POOaHNxGUG3mo2l4a/YHcf1iZzlhW4hSSntK2a8NX2opYXpa21jJvjbBH
4JSeKMP1/910G6kJLTvGAQhMvX2J+HaFSVt9ppPts7xk
-----END CERTIFICATE-----