Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e2037303138.roa
File:                     34352e3134302e33362e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          zMNF3goIeKhzYq7gmB3qblt+snj9qB9OHTbJHV59M3I=
Subject key identifier:   85:92:A0:46:79:39:2D:51:81:4D:4B:E8:A6:39:7B:79:66:2A:3B:28
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       05DFDD6C61BAC8974C68C2A61CDA3FA94B2199F4
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e2037303138.roa
Signing time:             Sun 14 Apr 2024 08:05:46 +0000
ROA not before:           Sun 14 Apr 2024 08:00:46 +0000
ROA not after:            Sun 13 Apr 2025 08:05:46 +0000
asID:                     7018
IP address blocks:        45.140.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:df:dd:6c:61:ba:c8:97:4c:68:c2:a6:1c:da:3f:a9:4b:21:99:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Apr 14 08:00:46 2024 GMT
            Not After : Apr 13 08:05:46 2025 GMT
        Subject: CN=8592A04679392D51814D4BE8A6397B79662A3B28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d8:9f:5d:ec:cf:29:58:83:89:c4:a7:ea:fc:
                    23:d0:43:93:35:b0:86:80:2a:7d:ba:91:ee:e0:11:
                    5a:2e:9f:93:fa:1d:3a:87:95:2e:1e:a8:66:42:e1:
                    60:9a:b0:4a:66:96:4e:a5:df:75:c1:0e:ce:fc:01:
                    40:8b:b4:e2:fc:1d:49:a2:80:67:11:69:3b:a4:69:
                    5d:1a:12:43:6c:db:42:9e:2d:ce:ab:24:7a:80:26:
                    ea:6a:d7:9c:b0:4a:bf:6d:5a:be:89:31:16:18:66:
                    ef:16:b2:01:75:1c:b2:71:ac:b4:37:f9:9c:93:19:
                    89:da:e2:7b:93:28:56:c9:d0:e7:34:c2:14:35:66:
                    47:56:a1:82:5d:7e:56:42:ef:5d:3e:57:a2:37:62:
                    1e:1c:ad:f5:cf:22:0c:1f:88:35:43:50:6d:2a:32:
                    2b:5c:65:ab:8e:0e:a4:87:5c:37:8e:50:39:e4:b1:
                    20:41:0b:67:45:41:fa:9a:74:46:6c:f7:d1:94:c7:
                    13:bc:ef:97:e9:31:e4:f4:31:59:fb:ea:cb:e4:d7:
                    46:44:85:33:b5:71:5f:3a:b0:fd:93:72:90:d7:29:
                    74:af:46:26:15:39:fe:19:df:8c:bc:f8:61:80:f9:
                    8e:b0:57:99:b5:08:73:61:f6:d4:00:f5:02:cd:45:
                    c7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:92:A0:46:79:39:2D:51:81:4D:4B:E8:A6:39:7B:79:66:2A:3B:28
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:c4:3a:1e:f8:2f:97:48:44:48:25:4a:66:d7:b6:42:ce:52:
         9b:38:24:d1:fe:ed:54:a7:11:bd:83:a5:ba:b2:a1:f1:63:75:
         d8:e6:fd:d7:b2:ed:d6:d2:8c:bf:fd:f2:81:43:c8:f9:53:13:
         d6:be:09:0b:a3:30:91:f9:6a:38:39:a0:bb:47:5e:f3:4a:b8:
         2b:69:d1:c7:a1:21:5a:ef:eb:6f:e8:e2:f8:0c:b0:b2:41:b2:
         0b:fc:72:0a:a9:2b:ce:83:4f:e6:46:89:51:0a:b6:5a:b7:00:
         28:cd:9c:d3:ce:12:73:08:82:da:1d:a0:cf:bb:07:4a:5f:73:
         4a:bc:b2:cb:38:2f:17:bc:21:20:50:45:2c:d7:c3:70:53:2c:
         f8:5c:b1:1c:04:ca:94:a0:90:27:4f:a5:1b:b9:e5:e6:69:a6:
         e7:fd:08:8c:79:2d:1c:49:a1:07:49:99:a8:5e:a3:a0:44:6e:
         95:29:10:35:39:df:8d:61:83:9d:29:bb:7a:19:d1:2d:74:50:
         27:54:ff:f9:f9:b9:56:d9:ee:2d:33:08:86:26:7f:22:36:49:
         9c:4d:4c:a3:ac:52:bf:a6:79:e8:34:7f:3e:44:64:1c:95:bd:
         38:9f:e4:a1:5d:64:4b:87:61:5c:9e:80:9a:03:c9:cc:59:00:
         e8:58:33:f2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBd/dbGG6yJdMaMKmHNo/qUshmfQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDA0MTQwODAwNDZaFw0yNTA0MTMwODA1NDZaMDMxMTAvBgNV
BAMTKDg1OTJBMDQ2NzkzOTJENTE4MTRENEJFOEE2Mzk3Qjc5NjYyQTNCMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI2J9d7M8pWIOJxKfq/CPQQ5M1
sIaAKn26ke7gEVoun5P6HTqHlS4eqGZC4WCasEpmlk6l33XBDs78AUCLtOL8HUmi
gGcRaTukaV0aEkNs20KeLc6rJHqAJupq15ywSr9tWr6JMRYYZu8WsgF1HLJxrLQ3
+ZyTGYna4nuTKFbJ0Oc0whQ1ZkdWoYJdflZC710+V6I3Yh4crfXPIgwfiDVDUG0q
MitcZauODqSHXDeOUDnksSBBC2dFQfqadEZs99GUxxO875fpMeT0MVn76svk10ZE
hTO1cV86sP2TcpDXKXSvRiYVOf4Z34y8+GGA+Y6wV5m1CHNh9tQA9QLNRcfpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUhZKgRnk5LVGBTUvopjl7eWYqOygwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjCQw
DQYJKoZIhvcNAQELBQADggEBAITEOh74L5dIREglSmbXtkLOUps4JNH+7VSnEb2D
pbqyofFjddjm/dey7dbSjL/98oFDyPlTE9a+CQujMJH5ajg5oLtHXvNKuCtp0ceh
IVrv62/o4vgMsLJBsgv8cgqpK86DT+ZGiVEKtlq3ACjNnNPOEnMIgtodoM+7B0pf
c0q8sss4Lxe8ISBQRSzXw3BTLPhcsRwEypSgkCdPpRu55eZppuf9CIx5LRxJoQdJ
maheo6BEbpUpEDU5341hg50pu3oZ0S10UCdU//n5uVbZ7i0zCIYmfyI2SZxNTKOs
Ur+meeg0fz5EZByVvTif5KFdZEuHYVyegJoDycxZAOhYM/I=
-----END CERTIFICATE-----