Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33382e302f32342d3234203d3e203330363434.roa
File:                     34352e3134302e33382e302f32342d3234203d3e203330363434.roa (raw, json)
Hash identifier:          fJwttlRoX6x8pHVPArebGf7Mfzm6Mhd98H+STIQz6RU=
Subject key identifier:   1D:0D:2F:37:9C:C2:72:6C:E7:86:F3:74:50:B8:16:3C:29:77:3A:94
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       749BF556E476446E4A7E9F21FEFA2640D3699766
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33382e302f32342d3234203d3e203330363434.roa
Signing time:             Wed 28 Aug 2024 13:05:19 +0000
ROA not before:           Wed 28 Aug 2024 13:00:19 +0000
ROA not after:            Wed 27 Aug 2025 13:05:19 +0000
asID:                     30644
IP address blocks:        45.140.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:9b:f5:56:e4:76:44:6e:4a:7e:9f:21:fe:fa:26:40:d3:69:97:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Aug 28 13:00:19 2024 GMT
            Not After : Aug 27 13:05:19 2025 GMT
        Subject: CN=1D0D2F379CC2726CE786F37450B8163C29773A94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bd:ca:e1:86:3d:60:cb:3c:81:4c:af:53:b8:
                    26:3e:92:66:45:3d:ed:55:73:3f:6e:a9:49:4c:39:
                    c3:ac:fd:e6:46:51:13:49:8d:6f:5b:0c:a6:87:54:
                    80:c6:a9:ad:65:97:c4:60:88:f9:63:d8:5a:f7:3c:
                    c7:2c:fa:db:dc:cb:1b:39:6e:38:02:46:14:fb:0c:
                    26:56:31:d0:e9:89:24:e7:6d:55:f9:6f:df:41:8b:
                    d8:d0:80:b6:03:51:ce:05:a2:ae:ca:9f:6b:80:d4:
                    90:77:6d:34:31:fa:a3:24:7a:60:81:cf:d3:1b:89:
                    2f:6b:a7:0e:9d:8f:1a:14:f9:66:33:b5:4c:93:c4:
                    28:80:ae:36:aa:48:7a:d1:e2:7f:34:31:91:b3:fd:
                    50:14:0f:32:28:ad:33:b4:3e:9f:5a:0f:fc:0a:97:
                    00:08:96:c5:08:5c:e3:e4:04:2f:61:5c:ab:19:42:
                    cf:de:a8:3b:ff:f3:de:9b:2f:bb:a5:90:84:b9:7f:
                    5f:f6:5c:00:0c:35:b7:31:57:65:6e:84:37:a3:2b:
                    3b:dd:7a:48:d7:10:cd:a8:73:04:42:7a:8d:7e:24:
                    ed:1d:15:e8:da:f0:32:85:31:cf:43:02:2a:87:87:
                    85:a6:b9:e3:32:15:d3:05:23:e7:94:b9:cf:56:f0:
                    d2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0D:2F:37:9C:C2:72:6C:E7:86:F3:74:50:B8:16:3C:29:77:3A:94
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33382e302f32342d3234203d3e203330363434.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:99:6d:b2:60:df:7a:c1:55:cf:34:26:d8:1b:a6:76:e0:c7:
         27:b9:c3:6f:b7:9a:b3:9d:1e:87:fe:91:fb:11:f6:bc:4d:73:
         44:e2:0f:2b:a7:85:db:35:29:59:e7:f8:61:54:a9:d0:89:4c:
         26:30:8b:0f:1b:ef:b3:b0:83:f6:72:63:55:fc:aa:d3:72:0f:
         3d:22:db:68:23:36:ad:35:c7:29:ef:0a:8e:8a:18:25:8b:c4:
         34:43:07:61:45:4b:08:68:6b:16:fd:20:f2:9e:00:93:6a:77:
         d0:16:52:4d:45:36:7b:e7:cf:09:b7:c6:ed:19:5e:d5:c0:bf:
         96:12:83:d5:2f:80:27:f8:ba:cf:f2:e0:19:85:ff:b8:37:4b:
         17:a6:8a:36:63:22:ac:51:48:8c:a7:15:c6:ba:ee:16:df:62:
         2e:44:66:4e:61:e0:d0:e7:21:18:7f:86:d9:48:a3:94:a2:01:
         9a:6f:9c:f1:45:bb:91:59:4a:fb:6e:92:41:2f:b5:87:1e:f9:
         19:6c:30:ad:04:d7:4a:54:ba:43:9c:c4:b2:30:6a:8e:49:91:
         5b:e6:34:d8:27:eb:77:af:b4:d4:28:e5:9a:fd:ea:86:0e:76:
         2b:25:0e:56:84:2a:00:25:60:9c:c8:f2:fa:77:67:f8:21:de:
         35:b6:51:1e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdJv1VuR2RG5Kfp8h/vomQNNpl2YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDA4MjgxMzAwMTlaFw0yNTA4MjcxMzA1MTlaMDMxMTAvBgNV
BAMTKDFEMEQyRjM3OUNDMjcyNkNFNzg2RjM3NDUwQjgxNjNDMjk3NzNBOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7vcrhhj1gyzyBTK9TuCY+kmZF
Pe1Vcz9uqUlMOcOs/eZGURNJjW9bDKaHVIDGqa1ll8RgiPlj2Fr3PMcs+tvcyxs5
bjgCRhT7DCZWMdDpiSTnbVX5b99Bi9jQgLYDUc4Foq7Kn2uA1JB3bTQx+qMkemCB
z9MbiS9rpw6djxoU+WYztUyTxCiArjaqSHrR4n80MZGz/VAUDzIorTO0Pp9aD/wK
lwAIlsUIXOPkBC9hXKsZQs/eqDv/896bL7ulkIS5f1/2XAAMNbcxV2VuhDejKzvd
ekjXEM2ocwRCeo1+JO0dFeja8DKFMc9DAiqHh4WmueMyFdMFI+eUuc9W8NLDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHQ0vN5zCcmznhvN0ULgWPCl3OpQwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMDM2MzQzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2M
JjANBgkqhkiG9w0BAQsFAAOCAQEALJltsmDfesFVzzQm2BumduDHJ7nDb7eas50e
h/6R+xH2vE1zROIPK6eF2zUpWef4YVSp0IlMJjCLDxvvs7CD9nJjVfyq03IPPSLb
aCM2rTXHKe8KjooYJYvENEMHYUVLCGhrFv0g8p4Ak2p30BZSTUU2e+fPCbfG7Rle
1cC/lhKD1S+AJ/i6z/LgGYX/uDdLF6aKNmMirFFIjKcVxrruFt9iLkRmTmHg0Och
GH+G2UijlKIBmm+c8UW7kVlK+26SQS+1hx75GWwwrQTXSlS6Q5zEsjBqjkmRW+Y0
2Cfrd6+01Cjlmv3qhg52KyUOVoQqACVgnMjy+ndn+CHeNbZRHg==
-----END CERTIFICATE-----