Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231382e302f32342d3234203d3e2032393134.roa
File:                     34352e3133322e3231382e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          XAQUwYZRZsl9fSajT51guouTeRdM0ajH9Rg10zFWPr0=
Subject key identifier:   FD:73:0B:0C:79:EB:1F:40:2F:03:56:C2:1A:96:65:01:F8:9C:E9:F9
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       32A17A327E7E85B0B7D7C49D9635D98C482EA713
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231382e302f32342d3234203d3e2032393134.roa
Signing time:             Wed 12 Feb 2025 12:53:55 +0000
ROA not before:           Wed 12 Feb 2025 12:48:55 +0000
ROA not after:            Wed 11 Feb 2026 12:53:55 +0000
asID:                     2914
IP address blocks:        45.132.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a1:7a:32:7e:7e:85:b0:b7:d7:c4:9d:96:35:d9:8c:48:2e:a7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Feb 12 12:48:55 2025 GMT
            Not After : Feb 11 12:53:55 2026 GMT
        Subject: CN=FD730B0C79EB1F402F0356C21A966501F89CE9F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:11:2a:5c:75:0f:7c:4d:ed:3c:8b:6c:15:b6:
                    69:3f:06:8c:68:e4:fe:8c:e7:b9:6f:c1:bc:d9:86:
                    f3:b9:1c:24:82:c4:2b:fa:19:e7:88:f5:6f:f8:fa:
                    a6:cf:76:0a:f3:ff:ff:a7:d3:f4:74:60:ee:42:8d:
                    dd:95:ac:c4:eb:37:38:f4:2e:db:97:cc:3f:c1:22:
                    ca:c5:a2:9f:af:63:4a:71:9c:8e:7c:38:f5:4f:a5:
                    23:dd:a6:86:5f:2d:71:8c:74:a2:bd:92:99:f9:ac:
                    64:22:68:4c:27:bf:2a:21:93:a7:39:47:23:4a:b6:
                    4d:0f:33:3e:41:33:6c:fb:67:ad:22:1e:5a:21:bf:
                    52:d8:e6:6c:3e:0f:18:a2:90:f0:f0:fb:95:db:37:
                    d0:1e:db:a6:b2:54:e5:71:37:34:be:c4:4c:52:68:
                    b7:36:c3:48:70:0d:cb:22:18:e5:a7:8c:6c:e1:cd:
                    66:14:30:d2:28:40:41:37:c7:76:8c:8f:5c:b5:a2:
                    fb:6c:51:53:4d:e3:03:17:40:79:92:89:7f:b4:ff:
                    09:d1:d7:f7:5d:82:49:89:97:13:99:b9:22:79:0c:
                    03:04:d1:7a:b3:43:42:b4:88:3b:49:d2:b0:df:f1:
                    fd:c8:cb:fb:0d:d3:cd:0f:ac:f4:35:b9:ba:76:ba:
                    78:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:73:0B:0C:79:EB:1F:40:2F:03:56:C2:1A:96:65:01:F8:9C:E9:F9
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231382e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:45:d4:4a:9a:1e:17:bd:c6:19:b3:88:cc:78:42:30:16:9c:
         c1:07:ce:7f:49:3e:2e:67:88:d0:c2:ec:f3:84:1f:0c:05:4a:
         fe:4a:80:95:fc:64:f0:95:6b:5c:48:2a:84:7a:66:03:84:0f:
         04:a6:a3:36:42:fa:b1:c2:a2:0d:d6:a3:f5:ae:c6:ba:ca:fa:
         4b:72:7a:7d:bd:66:4f:d5:5c:56:ab:b9:d8:2d:11:ca:6c:21:
         50:d4:90:d5:cc:6c:47:09:e6:fb:4d:ec:74:a9:c5:e2:ee:74:
         03:58:a1:b1:ae:09:32:db:1a:7e:92:e0:df:9f:8c:d8:b4:2f:
         14:8f:f8:78:79:6d:9d:61:a9:c2:87:13:4e:0f:b4:6b:0a:4e:
         44:62:d9:c1:46:8d:d3:11:c2:d7:84:a8:c5:e9:13:3a:41:23:
         16:97:c9:fd:33:af:fa:0a:85:e9:f6:95:5d:0b:8a:62:4a:99:
         f7:17:33:57:f7:26:3f:60:09:04:b9:ed:09:0a:2e:f9:b8:3d:
         4f:a4:6b:89:16:5f:0d:c4:ea:00:d4:c3:2d:0c:53:eb:bf:19:
         ea:e7:66:cf:e4:d1:ef:70:da:3e:5a:f3:3a:8e:55:3a:61:71:
         6e:96:05:44:19:b8:71:92:0e:45:1d:e4:61:10:4d:aa:47:16:
         cd:66:22:50
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMqF6Mn5+hbC318SdljXZjEgupxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTAyMTIxMjQ4NTVaFw0yNjAyMTExMjUzNTVaMDMxMTAvBgNV
BAMTKEZENzMwQjBDNzlFQjFGNDAyRjAzNTZDMjFBOTY2NTAxRjg5Q0U5RjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDESpcdQ98Te08i2wVtmk/Boxo
5P6M57lvwbzZhvO5HCSCxCv6GeeI9W/4+qbPdgrz//+n0/R0YO5Cjd2VrMTrNzj0
LtuXzD/BIsrFop+vY0pxnI58OPVPpSPdpoZfLXGMdKK9kpn5rGQiaEwnvyohk6c5
RyNKtk0PMz5BM2z7Z60iHlohv1LY5mw+DxiikPDw+5XbN9Ae26ayVOVxNzS+xExS
aLc2w0hwDcsiGOWnjGzhzWYUMNIoQEE3x3aMj1y1ovtsUVNN4wMXQHmSiX+0/wnR
1/ddgkmJlxOZuSJ5DAME0XqzQ0K0iDtJ0rDf8f3Iy/sN080PrPQ1ubp2uniVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/XMLDHnrH0AvA1bCGpZlAfic6fkwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMzMyMmUzMjMx
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2E
2jANBgkqhkiG9w0BAQsFAAOCAQEAH0XUSpoeF73GGbOIzHhCMBacwQfOf0k+LmeI
0MLs84QfDAVK/kqAlfxk8JVrXEgqhHpmA4QPBKajNkL6scKiDdaj9a7Gusr6S3J6
fb1mT9VcVqu52C0RymwhUNSQ1cxsRwnm+03sdKnF4u50A1ihsa4JMtsafpLg35+M
2LQvFI/4eHltnWGpwocTTg+0awpORGLZwUaN0xHC14SoxekTOkEjFpfJ/TOv+gqF
6faVXQuKYkqZ9xczV/cmP2AJBLntCQou+bg9T6RriRZfDcTqANTDLQxT678Z6udm
z+TR73DaPlrzOo5VOmFxbpYFRBm4cZIORR3kYRBNqkcWzWYiUA==
-----END CERTIFICATE-----