Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e203630323233.roa
File:                     34352e3134302e33362e302f32342d3234203d3e203630323233.roa (raw, json)
Hash identifier:          nnTqnGEg5UWAKMZfSvEt/V11mhLAEEHBCap1BBtgq2w=
Subject key identifier:   47:49:C5:CD:6E:85:4E:9C:74:4F:46:39:5A:C2:6B:98:19:5F:D3:5D
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       2EEDC59093E6EB6236BB4C2A674EB628D6A6FEED
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e203630323233.roa
Signing time:             Thu 27 Jun 2024 21:54:07 +0000
ROA not before:           Thu 27 Jun 2024 21:49:07 +0000
ROA not after:            Thu 26 Jun 2025 21:54:07 +0000
asID:                     60223
IP address blocks:        45.140.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ed:c5:90:93:e6:eb:62:36:bb:4c:2a:67:4e:b6:28:d6:a6:fe:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Jun 27 21:49:07 2024 GMT
            Not After : Jun 26 21:54:07 2025 GMT
        Subject: CN=4749C5CD6E854E9C744F46395AC26B98195FD35D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:99:26:03:8d:f9:af:2e:87:9c:19:75:54:2f:
                    44:81:05:35:d1:19:bb:09:b7:4b:af:b0:60:a1:39:
                    35:2f:93:f0:ca:7a:6a:d4:35:81:2b:9d:8e:44:28:
                    ea:91:40:c7:51:87:cd:ab:54:fe:69:f8:a4:80:74:
                    d2:ca:98:ec:aa:69:99:07:b9:29:91:db:72:de:51:
                    80:5b:5f:7d:e1:1b:66:6d:73:38:15:a0:2a:73:e4:
                    da:ac:d8:75:f5:da:0b:4a:d2:a8:c9:26:32:28:bc:
                    8f:55:81:b0:ec:3c:be:ff:5c:1a:aa:22:b1:60:8a:
                    56:74:0a:ac:fb:69:40:27:2b:d8:2e:50:fb:a5:ae:
                    64:9a:84:9c:0e:7e:6e:72:35:89:d3:15:3f:a6:b6:
                    89:01:e0:b3:cf:f0:54:4b:d7:d6:4e:9c:ed:40:07:
                    ec:5a:2d:d6:b3:2a:e1:f4:4f:2f:6e:21:a8:4e:23:
                    48:6d:4e:58:b9:97:b2:8f:21:88:b3:76:d7:75:d8:
                    3a:ef:5b:cf:c8:32:23:b1:7b:97:f5:9b:80:cc:80:
                    cb:0b:44:1b:b5:72:df:9f:78:97:06:bb:80:7b:f0:
                    7e:a9:93:38:1c:1a:78:9e:98:18:96:2e:cb:9b:2a:
                    50:77:12:ba:07:10:2e:0e:ba:29:46:6e:0b:7f:d7:
                    fc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:49:C5:CD:6E:85:4E:9C:74:4F:46:39:5A:C2:6B:98:19:5F:D3:5D
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e203630323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:9e:2f:6b:89:d0:64:a9:e2:9d:66:e3:2f:8c:e5:d4:fc:3c:
         1a:a2:dc:e9:d3:ad:c5:ea:bd:64:1a:3f:85:ba:73:6c:cd:4c:
         09:75:5c:57:d7:af:3d:11:8c:97:ab:28:da:08:3a:3d:5a:0a:
         13:84:69:32:68:87:b2:1f:bd:5e:a4:3f:8a:38:8f:1a:51:45:
         e1:8d:d4:53:0a:33:55:5d:95:ca:df:40:d7:1b:68:da:ee:ce:
         b3:f4:83:cd:03:73:0d:30:01:4c:87:70:a2:91:62:4c:4c:7a:
         62:47:6e:d8:f9:7f:59:cd:62:42:47:84:5b:12:5a:ae:4c:0d:
         f7:5d:5e:d0:4c:b5:5f:ac:f9:cf:59:83:cf:7e:79:a8:6b:1c:
         00:ec:d8:55:04:5e:b1:23:de:5b:02:73:a4:d3:8a:8a:bc:ce:
         79:71:5c:ce:86:bc:c0:df:8f:f6:5a:ac:28:9a:f0:c5:3f:e7:
         a9:d3:02:3d:a4:9b:90:d8:b7:da:63:e1:de:f2:7f:60:b3:20:
         5f:14:c9:c7:0b:36:dc:17:ad:bb:39:36:38:f0:e6:1f:67:d6:
         df:ec:59:b1:c1:c7:2c:f0:8a:71:9d:69:5b:19:e0:8e:4f:bc:
         77:a6:3f:c9:7b:b5:24:4f:28:10:75:e0:38:1d:b5:e1:47:45:
         52:03:1f:7b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULu3FkJPm62I2u0wqZ062KNam/u0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDA2MjcyMTQ5MDdaFw0yNTA2MjYyMTU0MDdaMDMxMTAvBgNV
BAMTKDQ3NDlDNUNENkU4NTRFOUM3NDRGNDYzOTVBQzI2Qjk4MTk1RkQzNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCumSYDjfmvLoecGXVUL0SBBTXR
GbsJt0uvsGChOTUvk/DKemrUNYErnY5EKOqRQMdRh82rVP5p+KSAdNLKmOyqaZkH
uSmR23LeUYBbX33hG2ZtczgVoCpz5Nqs2HX12gtK0qjJJjIovI9VgbDsPL7/XBqq
IrFgilZ0Cqz7aUAnK9guUPulrmSahJwOfm5yNYnTFT+mtokB4LPP8FRL19ZOnO1A
B+xaLdazKuH0Ty9uIahOI0htTli5l7KPIYizdtd12DrvW8/IMiOxe5f1m4DMgMsL
RBu1ct+feJcGu4B78H6pkzgcGniemBiWLsubKlB3EroHEC4OuilGbgt/1/xTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUR0nFzW6FTpx0T0Y5WsJrmBlf010wHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDMyMzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2M
JDANBgkqhkiG9w0BAQsFAAOCAQEAMp4va4nQZKninWbjL4zl1Pw8GqLc6dOtxeq9
ZBo/hbpzbM1MCXVcV9evPRGMl6so2gg6PVoKE4RpMmiHsh+9XqQ/ijiPGlFF4Y3U
UwozVV2Vyt9A1xto2u7Os/SDzQNzDTABTIdwopFiTEx6Ykdu2Pl/Wc1iQkeEWxJa
rkwN911e0Ey1X6z5z1mDz355qGscAOzYVQResSPeWwJzpNOKirzOeXFczoa8wN+P
9lqsKJrwxT/nqdMCPaSbkNi32mPh3vJ/YLMgXxTJxws23Betuzk2OPDmH2fW3+xZ
scHHLPCKcZ1pWxngjk+8d6Y/yXu1JE8oEHXgOB214UdFUgMfew==
-----END CERTIFICATE-----