Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231372e302f32342d3234203d3e2039303837.roa
File:                     34352e3133322e3231372e302f32342d3234203d3e2039303837.roa (raw, json)
Hash identifier:          P/yZRCqiJI0ZOoA9LEoH/xvPoxHAJjmdivbG9t0CS0g=
Subject key identifier:   1C:A5:63:7F:82:59:43:71:89:3C:3C:B1:30:AB:BB:27:3E:D6:C6:34
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       0D825F93CFD0624ABC1F3315DDF473F0E35BDAC0
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231372e302f32342d3234203d3e2039303837.roa
Signing time:             Wed 27 Sep 2023 12:05:30 +0000
ROA not before:           Wed 27 Sep 2023 12:00:30 +0000
ROA not after:            Wed 25 Sep 2024 12:05:30 +0000
asID:                     9087
IP address blocks:        45.132.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:82:5f:93:cf:d0:62:4a:bc:1f:33:15:dd:f4:73:f0:e3:5b:da:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:30 2023 GMT
            Not After : Sep 25 12:05:30 2024 GMT
        Subject: CN=1CA5637F82594371893C3CB130ABBB273ED6C634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a9:bc:d6:09:de:0f:7f:b0:a2:fa:02:2d:2a:
                    ba:ab:6a:4d:9d:69:34:e4:cc:1b:9c:89:7f:42:88:
                    e3:dd:56:66:06:6e:d0:46:d4:d7:8f:fa:df:c2:4c:
                    06:39:02:e7:10:6a:28:77:0a:f1:47:6d:b1:67:7d:
                    78:04:0a:9e:a6:e9:f6:9a:75:e3:e8:6f:bc:39:97:
                    b2:65:80:a5:4a:5c:ec:ea:9d:03:ed:12:af:83:6c:
                    0b:e7:06:06:e0:d1:df:e9:9d:a3:7d:ee:25:ad:9e:
                    34:b1:87:e8:48:a1:89:41:2b:7c:33:f8:e3:23:20:
                    d4:58:36:d8:ec:18:c5:4e:c9:60:eb:4d:b3:d5:70:
                    a8:e9:c6:14:51:00:15:a0:0f:04:c8:a4:fd:fe:56:
                    8c:ac:b9:86:4f:75:6f:b9:53:83:e8:01:12:53:59:
                    d3:96:49:10:93:b8:30:8b:f3:35:7b:8a:f6:5b:ad:
                    f0:7e:f2:45:8e:06:5c:d5:bb:83:8e:9a:00:b0:c5:
                    6c:9a:e9:9a:9b:0b:ee:48:29:bd:a2:1e:c2:3c:33:
                    f1:4a:44:2a:cc:c9:96:98:0c:7e:5a:0f:05:8f:3d:
                    2f:cf:3f:99:14:9e:cd:6b:e8:2e:9d:dc:d1:0b:6b:
                    32:f3:e1:57:81:e6:23:ca:d4:78:94:26:b4:0a:93:
                    df:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A5:63:7F:82:59:43:71:89:3C:3C:B1:30:AB:BB:27:3E:D6:C6:34
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231372e302f32342d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:2d:cf:5b:5c:52:9c:93:6f:8a:5b:2a:d4:ec:bc:a3:96:67:
         c7:43:b5:57:95:3d:fa:c9:8f:b4:cd:21:5d:5a:33:ee:ba:24:
         e8:fd:d8:f2:c6:52:4a:aa:ff:99:1e:df:1c:63:30:22:f4:5b:
         d3:65:c0:5f:75:e6:d7:31:18:06:43:cf:ac:92:9f:c3:88:ec:
         89:7c:0a:e1:a2:3f:ea:f1:aa:79:69:3f:59:e8:b1:8b:05:d0:
         d8:30:2d:05:74:55:ec:f4:43:1e:fd:84:86:c3:65:43:f7:58:
         7e:46:11:f6:f6:0c:13:a3:bd:26:f1:1c:34:83:45:b9:46:25:
         c5:ca:14:f3:5b:b7:ef:79:87:b3:76:ae:2e:44:19:33:8d:b5:
         63:6b:30:e2:8d:5c:c0:73:22:24:1f:5e:c8:f4:4a:6f:2c:2d:
         a3:6e:4b:5a:f8:b8:98:cd:fa:49:0c:ae:67:76:90:de:cc:df:
         f1:ea:a9:cc:5d:73:5c:06:3a:bf:66:a7:31:2c:d1:96:e4:15:
         a1:62:3a:48:48:0f:fe:18:93:41:69:bb:87:8c:75:b7:f8:5d:
         a2:88:57:30:19:4b:28:b8:a4:eb:87:2b:a5:60:5d:b3:08:81:
         78:49:d4:69:fa:5b:aa:19:63:e3:1f:f5:d7:02:33:2c:46:76:
         f7:f6:eb:5b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDYJfk8/QYkq8HzMV3fRz8ONb2sAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMzBaFw0yNDA5MjUxMjA1MzBaMDMxMTAvBgNV
BAMTKDFDQTU2MzdGODI1OTQzNzE4OTNDM0NCMTMwQUJCQjI3M0VENkM2MzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8qbzWCd4Pf7Ci+gItKrqrak2d
aTTkzBuciX9CiOPdVmYGbtBG1NeP+t/CTAY5AucQaih3CvFHbbFnfXgECp6m6faa
dePob7w5l7JlgKVKXOzqnQPtEq+DbAvnBgbg0d/pnaN97iWtnjSxh+hIoYlBK3wz
+OMjINRYNtjsGMVOyWDrTbPVcKjpxhRRABWgDwTIpP3+VoysuYZPdW+5U4PoARJT
WdOWSRCTuDCL8zV7ivZbrfB+8kWOBlzVu4OOmgCwxWya6ZqbC+5IKb2iHsI8M/FK
RCrMyZaYDH5aDwWPPS/PP5kUns1r6C6d3NELazLz4VeB5iPK1HiUJrQKk98TAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHKVjf4JZQ3GJPDyxMKu7Jz7WxjQwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMzMyMmUzMjMx
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2E
2TANBgkqhkiG9w0BAQsFAAOCAQEAVC3PW1xSnJNvilsq1Oy8o5Znx0O1V5U9+smP
tM0hXVoz7rok6P3Y8sZSSqr/mR7fHGMwIvRb02XAX3Xm1zEYBkPPrJKfw4jsiXwK
4aI/6vGqeWk/WeixiwXQ2DAtBXRV7PRDHv2EhsNlQ/dYfkYR9vYME6O9JvEcNINF
uUYlxcoU81u373mHs3auLkQZM421Y2sw4o1cwHMiJB9eyPRKbywto25LWvi4mM36
SQyuZ3aQ3szf8eqpzF1zXAY6v2anMSzRluQVoWI6SEgP/hiTQWm7h4x1t/hdoohX
MBlLKLik64crpWBdswiBeEnUafpbqhlj4x/11wIzLEZ29/brWw==
-----END CERTIFICATE-----