Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231372e302f32342d3234203d3e2033333230.roa
File:                     34352e3133322e3231372e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          XqE5Hgsml32cxBxo2bVJGylff8qkvzI8XKjKqa4YR+0=
Subject key identifier:   39:88:E7:56:32:4D:FD:B9:FA:0C:52:46:5F:CB:04:E9:0D:44:FB:76
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       5B1C07D0550DD0C41769A06D491D04738BCD5490
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231372e302f32342d3234203d3e2033333230.roa
Signing time:             Wed 27 Sep 2023 12:05:33 +0000
ROA not before:           Wed 27 Sep 2023 12:00:33 +0000
ROA not after:            Wed 25 Sep 2024 12:05:33 +0000
asID:                     3320
IP address blocks:        45.132.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:1c:07:d0:55:0d:d0:c4:17:69:a0:6d:49:1d:04:73:8b:cd:54:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:33 2023 GMT
            Not After : Sep 25 12:05:33 2024 GMT
        Subject: CN=3988E756324DFDB9FA0C52465FCB04E90D44FB76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:30:d6:a3:2b:2b:0e:0d:a8:5f:39:a5:0c:0a:
                    51:81:5b:20:01:0b:02:f5:6d:b3:d4:c9:fd:65:76:
                    de:59:e6:27:f1:0b:78:b8:c2:c8:57:60:3b:89:04:
                    df:7d:ad:86:67:5a:ef:23:e4:f0:c1:b2:84:9d:38:
                    1b:71:a1:42:9e:ef:e5:fe:1a:71:89:f0:33:19:40:
                    bf:c1:36:5c:c8:3d:8a:1a:20:65:34:4a:3d:dc:ab:
                    cd:46:f2:5b:d2:96:62:09:19:5c:7b:db:f5:ff:1a:
                    fa:3d:1f:3d:2d:ab:ae:b7:93:1c:14:3c:8a:b6:0c:
                    69:16:7b:c1:11:8e:f2:7b:33:9d:55:f3:55:d9:71:
                    7c:97:36:5b:b4:54:c1:54:1d:b2:fd:08:b5:a9:be:
                    8a:55:6e:dd:ed:cc:5b:5b:ee:d8:d0:0c:fb:34:24:
                    a6:80:02:c0:f7:a6:5f:dc:1c:f0:fd:a2:53:f5:74:
                    a2:31:30:d4:34:a9:fe:0a:e9:5d:cf:c8:9c:49:0e:
                    1d:8f:0a:c6:7b:65:e3:34:ac:03:b7:81:8e:15:d9:
                    80:78:3b:44:8b:20:4b:da:1f:d3:d6:a9:7b:28:d9:
                    63:29:23:9d:65:46:9f:c3:9d:c8:95:8c:2c:bd:ed:
                    22:7a:7d:a3:e8:61:74:46:03:04:dd:28:6d:f8:4e:
                    11:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:88:E7:56:32:4D:FD:B9:FA:0C:52:46:5F:CB:04:E9:0D:44:FB:76
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231372e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:c3:7d:cb:0f:a8:e4:3f:8e:78:65:a4:f3:62:87:75:3e:5a:
         b9:08:3f:c0:31:3d:ba:7b:e3:66:3b:25:fb:dd:d5:79:a3:74:
         53:a5:7d:cf:57:37:35:3a:79:df:31:01:3a:2c:00:17:cc:f5:
         33:ca:d0:06:9c:5c:7d:39:83:cf:f8:e1:45:2f:9d:01:6b:77:
         77:cd:4f:47:8d:24:62:38:42:bb:8c:e6:dc:49:f0:a8:a2:ce:
         5f:70:9e:a4:69:11:ef:0f:5c:19:d3:a1:4c:4b:ff:85:9e:00:
         4b:0f:29:0f:f8:88:fd:f4:c3:b4:a0:b3:fa:da:8a:16:ee:86:
         a0:09:7a:1d:47:0d:1a:2c:f9:1e:c9:a5:e0:31:6f:3f:75:4b:
         c5:c0:60:1e:1f:be:02:ef:61:87:6a:21:cc:17:80:27:b3:e4:
         a9:6d:96:b8:c3:db:2d:39:f3:bf:f6:90:28:d0:0f:be:fb:ae:
         93:43:ea:06:a7:5f:a5:52:8b:e7:a9:b1:cc:2e:18:32:e8:19:
         18:d0:58:d8:a7:6b:06:c6:89:67:5b:d7:9b:e2:12:93:c0:e2:
         e4:2b:c3:bf:34:54:00:90:a4:f3:46:32:f6:65:9b:d5:c5:d5:
         e4:58:ab:56:bb:bb:5b:40:fc:b3:e5:07:43:b9:31:ff:0b:f3:
         59:1b:d7:36
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWxwH0FUN0MQXaaBtSR0Ec4vNVJAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMzNaFw0yNDA5MjUxMjA1MzNaMDMxMTAvBgNV
BAMTKDM5ODhFNzU2MzI0REZEQjlGQTBDNTI0NjVGQ0IwNEU5MEQ0NEZCNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJMNajKysODahfOaUMClGBWyAB
CwL1bbPUyf1ldt5Z5ifxC3i4wshXYDuJBN99rYZnWu8j5PDBsoSdOBtxoUKe7+X+
GnGJ8DMZQL/BNlzIPYoaIGU0Sj3cq81G8lvSlmIJGVx72/X/Gvo9Hz0tq663kxwU
PIq2DGkWe8ERjvJ7M51V81XZcXyXNlu0VMFUHbL9CLWpvopVbt3tzFtb7tjQDPs0
JKaAAsD3pl/cHPD9olP1dKIxMNQ0qf4K6V3PyJxJDh2PCsZ7ZeM0rAO3gY4V2YB4
O0SLIEvaH9PWqXso2WMpI51lRp/DnciVjCy97SJ6faPoYXRGAwTdKG34ThH7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUOYjnVjJN/bn6DFJGX8sE6Q1E+3YwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMzMyMmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2E
2TANBgkqhkiG9w0BAQsFAAOCAQEAJsN9yw+o5D+OeGWk82KHdT5auQg/wDE9unvj
Zjsl+93VeaN0U6V9z1c3NTp53zEBOiwAF8z1M8rQBpxcfTmDz/jhRS+dAWt3d81P
R40kYjhCu4zm3EnwqKLOX3CepGkR7w9cGdOhTEv/hZ4ASw8pD/iI/fTDtKCz+tqK
Fu6GoAl6HUcNGiz5Hsml4DFvP3VLxcBgHh++Au9hh2ohzBeAJ7PkqW2WuMPbLTnz
v/aQKNAPvvuuk0PqBqdfpVKL56mxzC4YMugZGNBY2KdrBsaJZ1vXm+ISk8Di5CvD
vzRUAJCk80Yy9mWb1cXV5FirVru7W0D8s+UHQ7kx/wvzWRvXNg==
-----END CERTIFICATE-----