Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33372e302f32342d3234203d3e203230343733.roa
File:                     34352e3134302e33372e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          eU7tCt6efGYNZjhRXdGSDnrdJ0Esu+bFh9EOKe0ZpQ0=
Subject key identifier:   44:5F:CF:AB:23:0B:FF:54:76:A1:F4:BD:6A:E9:C0:CD:21:2D:5C:C2
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       2D8FBC4C9817F4C0FA58D4EFAF5C4C65B712567E
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33372e302f32342d3234203d3e203230343733.roa
Signing time:             Tue 16 Apr 2024 11:51:33 +0000
ROA not before:           Tue 16 Apr 2024 11:46:33 +0000
ROA not after:            Tue 15 Apr 2025 11:51:33 +0000
asID:                     20473
IP address blocks:        45.140.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:8f:bc:4c:98:17:f4:c0:fa:58:d4:ef:af:5c:4c:65:b7:12:56:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Apr 16 11:46:33 2024 GMT
            Not After : Apr 15 11:51:33 2025 GMT
        Subject: CN=445FCFAB230BFF5476A1F4BD6AE9C0CD212D5CC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ed:f2:2b:64:30:a3:f2:79:5e:e6:2f:db:14:
                    39:bb:bf:85:84:99:0b:e7:cc:13:7a:56:ff:43:4e:
                    8f:76:f3:28:d0:9c:76:48:b4:41:c8:f5:e8:87:74:
                    2a:df:e3:21:17:f9:5b:1c:16:54:6b:8e:79:48:be:
                    91:9b:d8:1a:e9:5b:91:39:3f:44:70:97:de:29:f9:
                    6d:e8:9d:ad:94:e8:65:85:a4:4b:7b:19:81:20:35:
                    b6:f6:8c:1f:5d:42:40:f1:55:fd:21:08:9a:4f:32:
                    42:44:43:0d:6a:7c:d9:91:37:5c:67:83:29:ea:0e:
                    e0:00:31:3f:a0:6f:5b:45:8f:e3:64:25:ad:7a:df:
                    c9:88:63:42:99:0a:cc:be:05:28:8d:31:43:45:df:
                    c0:08:73:bf:fd:59:fd:87:2b:fe:9d:e4:e4:50:7f:
                    fb:8a:ef:d8:f4:43:4b:b7:af:75:62:bd:46:7b:3b:
                    d5:6e:b1:19:12:29:36:8f:e9:6c:c7:cb:a0:ac:8c:
                    71:65:96:eb:fe:83:4b:9e:95:f2:78:dc:b0:a2:97:
                    11:38:2d:61:59:c6:0b:ad:98:81:a4:b0:9b:39:7c:
                    b7:52:00:53:64:c0:a8:31:a3:83:4c:f3:f3:9a:b2:
                    ea:5c:b6:4e:c8:65:67:4c:0c:d3:65:e8:36:4e:27:
                    3b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:5F:CF:AB:23:0B:FF:54:76:A1:F4:BD:6A:E9:C0:CD:21:2D:5C:C2
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33372e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:9b:b8:7f:1c:c5:a3:cf:86:d7:4d:45:55:33:fb:ea:0d:8f:
         a1:01:aa:ea:1b:a5:bb:0b:66:7a:9c:ca:39:06:cc:88:8b:1c:
         9e:f9:dc:68:a6:3d:ed:34:cf:9b:77:fd:ff:55:c0:da:8e:4a:
         1c:ac:69:75:e2:5f:fc:4e:24:c7:36:30:95:71:79:05:2f:19:
         f5:65:d0:31:c3:e2:bc:6d:0f:19:89:bb:16:67:d8:81:6d:2d:
         1b:00:7e:a3:d6:e1:59:69:e7:1a:cb:6c:f0:a4:ce:7f:d0:e9:
         97:b1:80:ec:f5:6f:a1:03:6c:f6:bb:7d:12:7b:66:45:77:5c:
         34:8a:3c:a6:a5:16:07:41:49:00:1d:f0:f0:e1:93:ae:e1:dc:
         f8:b2:8d:ec:12:30:5e:94:5b:1d:37:af:f6:96:9d:c4:00:bb:
         e3:68:df:01:2a:d5:5b:91:b5:ee:b1:b8:cc:bc:4b:dc:9c:66:
         50:5c:7d:9b:66:48:15:01:9e:2f:7f:51:18:94:1e:a7:a4:c9:
         33:14:de:51:1a:9c:00:08:c3:fa:8b:1e:e8:f9:c7:29:09:b1:
         0e:08:67:e5:94:82:29:a7:96:f5:d9:86:ea:0c:98:49:dd:c3:
         6c:79:bf:5b:46:6b:a9:66:e8:09:a4:eb:f5:90:e0:86:91:e5:
         b0:8d:6e:06
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULY+8TJgX9MD6WNTvr1xMZbcSVn4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDA0MTYxMTQ2MzNaFw0yNTA0MTUxMTUxMzNaMDMxMTAvBgNV
BAMTKDQ0NUZDRkFCMjMwQkZGNTQ3NkExRjRCRDZBRTlDMENEMjEyRDVDQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL7fIrZDCj8nle5i/bFDm7v4WE
mQvnzBN6Vv9DTo928yjQnHZItEHI9eiHdCrf4yEX+VscFlRrjnlIvpGb2BrpW5E5
P0Rwl94p+W3ona2U6GWFpEt7GYEgNbb2jB9dQkDxVf0hCJpPMkJEQw1qfNmRN1xn
gynqDuAAMT+gb1tFj+NkJa1638mIY0KZCsy+BSiNMUNF38AIc7/9Wf2HK/6d5ORQ
f/uK79j0Q0u3r3VivUZ7O9VusRkSKTaP6WzHy6CsjHFlluv+g0uelfJ43LCilxE4
LWFZxgutmIGksJs5fLdSAFNkwKgxo4NM8/Oasupctk7IZWdMDNNl6DZOJzuNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURF/PqyML/1R2ofS9aunAzSEtXMIwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2M
JTANBgkqhkiG9w0BAQsFAAOCAQEAHJu4fxzFo8+G101FVTP76g2PoQGq6huluwtm
epzKOQbMiIscnvncaKY97TTPm3f9/1XA2o5KHKxpdeJf/E4kxzYwlXF5BS8Z9WXQ
McPivG0PGYm7FmfYgW0tGwB+o9bhWWnnGsts8KTOf9Dpl7GA7PVvoQNs9rt9Entm
RXdcNIo8pqUWB0FJAB3w8OGTruHc+LKN7BIwXpRbHTev9padxAC742jfASrVW5G1
7rG4zLxL3JxmUFx9m2ZIFQGeL39RGJQep6TJMxTeURqcAAjD+ose6PnHKQmxDghn
5ZSCKaeW9dmG6gyYSd3DbHm/W0ZrqWboCaTr9ZDghpHlsI1uBg==
-----END CERTIFICATE-----