Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231362e302f32342d3234203d3e20383334.roa
File:                     34352e3133322e3231362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          QKfa7Yz0T9mUYbaDHW7Er+hTcOB4uPWkIrLv9Pqi43M=
Subject key identifier:   E9:60:95:E7:6F:9E:F6:E8:F0:02:08:CB:48:B8:CE:D6:60:C9:42:8B
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       607F61B2371DB893463AC201E4A4691B42C1120A
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231362e302f32342d3234203d3e20383334.roa
Signing time:             Mon 10 Mar 2025 00:03:05 +0000
ROA not before:           Sun 09 Mar 2025 23:58:05 +0000
ROA not after:            Mon 09 Mar 2026 00:03:05 +0000
asID:                     834
IP address blocks:        45.132.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:22:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:7f:61:b2:37:1d:b8:93:46:3a:c2:01:e4:a4:69:1b:42:c1:12:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Mar  9 23:58:05 2025 GMT
            Not After : Mar  9 00:03:05 2026 GMT
        Subject: CN=E96095E76F9EF6E8F00208CB48B8CED660C9428B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:41:ae:71:2f:12:1f:75:40:e0:d6:55:e4:9e:
                    94:0f:15:3f:4e:69:51:d5:65:ba:46:07:61:8b:96:
                    dd:cd:55:6f:04:17:21:fb:42:ee:2b:3f:5a:3b:51:
                    cf:ee:88:d4:71:bb:6e:d0:bb:94:a9:59:84:41:04:
                    0c:0f:d8:1a:85:b4:a5:16:ec:6e:49:ed:ea:5f:24:
                    de:a1:23:5b:18:fa:d8:a6:1c:c2:62:de:52:a5:f9:
                    d5:f4:4d:75:8d:3c:e6:cc:fe:6a:d2:e8:e5:01:8d:
                    90:d6:0d:96:61:f8:07:f6:1e:6f:05:cd:36:1b:b0:
                    88:cb:59:7e:93:fd:4e:94:5c:7e:03:67:60:fc:bd:
                    42:6c:39:04:a1:93:d8:a3:51:97:f5:d8:c6:f4:8a:
                    79:48:88:1b:a9:e2:62:ef:c9:ed:ba:1c:e3:37:8d:
                    15:11:e6:8a:25:74:e2:7b:6c:2c:c2:a8:cb:77:5f:
                    f4:eb:9a:eb:c4:07:86:28:66:12:bb:c6:c3:56:33:
                    5d:23:96:c6:4f:49:7f:b0:a8:12:6e:d0:f4:a6:d2:
                    df:15:ee:6a:ce:bd:90:89:72:fe:93:7d:7f:fb:50:
                    7e:cf:e4:c3:48:48:5d:9a:5b:00:20:95:25:29:a7:
                    98:26:9d:ca:07:7b:22:42:bd:20:fc:92:bf:5f:5c:
                    9a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:60:95:E7:6F:9E:F6:E8:F0:02:08:CB:48:B8:CE:D6:60:C9:42:8B
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:21:6e:1a:23:de:9f:d8:5b:8b:97:6e:bc:29:2a:ea:d8:f9:
         66:05:9b:dd:18:cc:91:16:65:9c:1f:bf:61:1b:9d:05:a1:36:
         41:7a:c6:98:37:05:bf:c0:e2:02:d6:41:03:33:76:ba:cb:a1:
         12:58:be:30:ed:b3:a9:28:56:d6:2d:f4:46:5c:61:77:bd:9e:
         2b:b3:f3:89:ca:f6:f0:dd:0f:c5:f7:b5:ae:0b:10:ae:6e:0f:
         72:ca:5a:f9:d6:1e:66:39:11:fc:ba:f9:6d:eb:c7:94:c1:3d:
         74:d2:12:d0:d2:fb:37:16:6c:74:38:44:e6:e0:83:40:d3:e7:
         ff:a0:16:c8:01:cb:c8:16:a9:be:52:fe:ad:74:8f:24:8e:ca:
         ac:cf:e3:32:48:5e:9a:2f:5b:74:a0:65:f8:fc:86:14:6d:92:
         d8:3c:5e:fb:7d:c5:6c:89:bc:22:c3:2d:2d:f5:b7:e4:5b:8e:
         9b:0f:cd:68:da:bd:8f:c7:7f:8d:ab:0d:b0:81:e9:f9:33:c8:
         f4:43:6a:71:07:7b:b2:17:70:ce:34:37:7f:08:d0:38:66:77:
         3f:97:8c:22:e9:a8:44:61:f4:ed:49:51:5d:92:4b:2b:da:6a:
         e4:ac:1a:af:42:f6:59:2e:d0:5b:0f:16:4f:2b:1d:1a:a9:14:
         32:e7:4b:bb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYH9hsjcduJNGOsIB5KRpG0LBEgowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTAzMDkyMzU4MDVaFw0yNjAzMDkwMDAzMDVaMDMxMTAvBgNV
BAMTKEU5NjA5NUU3NkY5RUY2RThGMDAyMDhDQjQ4QjhDRUQ2NjBDOTQyOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Qa5xLxIfdUDg1lXknpQPFT9O
aVHVZbpGB2GLlt3NVW8EFyH7Qu4rP1o7Uc/uiNRxu27Qu5SpWYRBBAwP2BqFtKUW
7G5J7epfJN6hI1sY+timHMJi3lKl+dX0TXWNPObM/mrS6OUBjZDWDZZh+Af2Hm8F
zTYbsIjLWX6T/U6UXH4DZ2D8vUJsOQShk9ijUZf12Mb0inlIiBup4mLvye26HOM3
jRUR5ooldOJ7bCzCqMt3X/TrmuvEB4YoZhK7xsNWM10jlsZPSX+wqBJu0PSm0t8V
7mrOvZCJcv6TfX/7UH7P5MNISF2aWwAglSUpp5gmncoHeyJCvSD8kr9fXJr5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6WCV52+e9ujwAgjLSLjO1mDJQoswHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMzMyMmUzMjMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAthNgw
DQYJKoZIhvcNAQELBQADggEBAIchbhoj3p/YW4uXbrwpKurY+WYFm90YzJEWZZwf
v2EbnQWhNkF6xpg3Bb/A4gLWQQMzdrrLoRJYvjDts6koVtYt9EZcYXe9niuz84nK
9vDdD8X3ta4LEK5uD3LKWvnWHmY5Efy6+W3rx5TBPXTSEtDS+zcWbHQ4RObgg0DT
5/+gFsgBy8gWqb5S/q10jySOyqzP4zJIXpovW3SgZfj8hhRtktg8Xvt9xWyJvCLD
LS31t+RbjpsPzWjavY/Hf42rDbCB6fkzyPRDanEHe7IXcM40N38I0Dhmdz+XjCLp
qERh9O1JUV2SSyvaauSsGq9C9lku0FsPFk8rHRqpFDLnS7s=
-----END CERTIFICATE-----