Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e2039303837.roa
File:                     34352e3132382e31342e302f32332d3234203d3e2039303837.roa (raw, json)
Hash identifier:          napcmXNG+OmFWDA/C/9K/1hf43XzuQu44uFNddstbJM=
Subject key identifier:   03:CC:13:99:14:4F:F1:B8:83:6A:62:24:96:B8:CE:D2:9B:FB:01:47
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       42B20D3A476F664D5F95C8DAD8793BF0F80314AA
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e2039303837.roa
Signing time:             Wed 27 Sep 2023 12:05:34 +0000
ROA not before:           Wed 27 Sep 2023 12:00:34 +0000
ROA not after:            Wed 25 Sep 2024 12:05:34 +0000
asID:                     9087
IP address blocks:        45.128.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:b2:0d:3a:47:6f:66:4d:5f:95:c8:da:d8:79:3b:f0:f8:03:14:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:34 2023 GMT
            Not After : Sep 25 12:05:34 2024 GMT
        Subject: CN=03CC1399144FF1B8836A622496B8CED29BFB0147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:74:5d:3b:68:79:76:1d:db:57:8b:c6:c2:c8:
                    de:bb:bf:d8:dd:46:4b:9d:21:ab:be:91:1b:17:a6:
                    ab:ea:d6:74:fd:4d:17:25:93:bd:6f:d3:96:5b:5f:
                    46:47:2c:b1:fc:7c:68:02:12:8c:bd:31:f7:05:91:
                    55:1e:7d:31:98:ef:19:88:06:77:d3:68:50:61:db:
                    b2:a4:23:c8:09:d9:48:02:af:ca:4f:d3:5b:40:3b:
                    23:ed:6e:70:72:09:31:0d:d5:b4:72:d5:a9:af:f2:
                    fd:3d:98:50:80:29:c3:2b:cc:18:ed:e8:19:40:9c:
                    a0:5d:ed:27:b0:25:a4:eb:b7:b5:e4:ce:6d:96:fd:
                    3a:b3:72:59:c9:e2:e6:11:46:35:2c:81:8d:64:54:
                    11:87:e1:2b:ca:55:72:7b:71:e8:45:fa:d4:1f:f5:
                    06:cb:8f:ad:ef:bf:6c:0e:8d:12:b9:ba:7a:1a:43:
                    50:bd:4d:d3:d1:bb:99:3a:2a:22:83:eb:7e:34:ea:
                    26:86:91:eb:94:ba:cd:0e:ab:0e:d1:99:f4:80:38:
                    ac:eb:7c:a0:1e:41:c7:34:03:53:72:1b:41:48:7f:
                    87:b0:3f:82:8a:aa:8b:23:1b:b3:63:48:e2:52:5c:
                    a3:31:74:b4:0f:d3:71:3f:6a:20:a6:11:ea:da:86:
                    4b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:CC:13:99:14:4F:F1:B8:83:6A:62:24:96:B8:CE:D2:9B:FB:01:47
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31342e302f32332d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:df:22:b1:c0:60:e3:ca:d1:a1:a6:6d:9d:b8:cf:02:50:81:
         bd:02:f1:f9:83:47:20:84:8d:b7:4a:83:51:d1:cc:5b:ba:b5:
         05:da:84:49:68:c2:7c:2f:33:ba:29:76:9b:be:70:5b:cb:6c:
         6f:2d:e9:9a:1e:1c:89:0e:77:50:42:0c:e4:70:51:f3:6e:40:
         53:16:95:43:00:3d:2a:72:a1:bb:c7:d7:d0:9a:7e:31:a1:1b:
         f1:43:3e:96:36:8f:22:fc:38:d5:60:be:68:0f:d2:73:5a:0a:
         b6:95:56:2f:9b:a7:bf:39:15:c9:76:c8:f4:5c:bf:f1:e5:64:
         d2:28:3d:1c:24:d8:65:3a:e6:07:4d:34:aa:a4:ae:c0:5a:49:
         42:60:ac:17:23:b3:4a:ab:66:b4:5a:fd:db:83:60:b1:e8:6d:
         c4:9e:00:53:d9:f8:18:99:06:1e:6f:fa:0b:b5:0b:6b:e2:43:
         f1:de:92:c3:6f:5b:f0:c1:7c:7d:fd:62:a3:1f:b9:8f:b2:36:
         e9:da:da:df:51:4b:3a:1d:9f:ec:03:77:e0:50:e6:7e:35:a3:
         00:0f:f5:ad:44:cf:6a:e5:ab:7d:2b:6c:09:dd:a0:a9:09:f5:
         83:ba:73:11:35:27:8d:0f:57:7c:a1:73:3e:5b:ba:2f:59:13:
         03:38:0b:df
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQrINOkdvZk1flcja2Hk78PgDFKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMzRaFw0yNDA5MjUxMjA1MzRaMDMxMTAvBgNV
BAMTKDAzQ0MxMzk5MTQ0RkYxQjg4MzZBNjIyNDk2QjhDRUQyOUJGQjAxNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKdF07aHl2HdtXi8bCyN67v9jd
RkudIau+kRsXpqvq1nT9TRclk71v05ZbX0ZHLLH8fGgCEoy9MfcFkVUefTGY7xmI
BnfTaFBh27KkI8gJ2UgCr8pP01tAOyPtbnByCTEN1bRy1amv8v09mFCAKcMrzBjt
6BlAnKBd7SewJaTrt7Xkzm2W/TqzclnJ4uYRRjUsgY1kVBGH4SvKVXJ7cehF+tQf
9QbLj63vv2wOjRK5unoaQ1C9TdPRu5k6KiKD63406iaGkeuUus0Oqw7RmfSAOKzr
fKAeQcc0A1NyG0FIf4ewP4KKqosjG7NjSOJSXKMxdLQP03E/aiCmEerahkuZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUA8wTmRRP8biDamIklrjO0pv7AUcwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMjM4MmUzMTM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzkzMDM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtgA4w
DQYJKoZIhvcNAQELBQADggEBABnfIrHAYOPK0aGmbZ24zwJQgb0C8fmDRyCEjbdK
g1HRzFu6tQXahElownwvM7opdpu+cFvLbG8t6ZoeHIkOd1BCDORwUfNuQFMWlUMA
PSpyobvH19CafjGhG/FDPpY2jyL8ONVgvmgP0nNaCraVVi+bp785Fcl2yPRcv/Hl
ZNIoPRwk2GU65gdNNKqkrsBaSUJgrBcjs0qrZrRa/duDYLHobcSeAFPZ+BiZBh5v
+gu1C2viQ/HeksNvW/DBfH39YqMfuY+yNuna2t9RSzodn+wDd+BQ5n41owAP9a1E
z2rlq30rbAndoKkJ9YO6cxE1J40PV3yhcz5bui9ZEwM4C98=
-----END CERTIFICATE-----