Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e2033333230.roa
File:                     34352e3134352e3234332e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          x4CaQlgqdugLfZdhrsbvyzgpUOfvfSO415dVlyiICjc=
Subject key identifier:   59:D0:96:5D:5C:D0:27:EB:B9:39:3E:E0:CF:81:A9:05:27:51:D3:83
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       23DF180D08C05F471EEE4267FD9D7E3F3E7A23EA
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e2033333230.roa
Signing time:             Wed 27 Sep 2023 12:05:28 +0000
ROA not before:           Wed 27 Sep 2023 12:00:28 +0000
ROA not after:            Wed 25 Sep 2024 12:05:28 +0000
asID:                     3320
IP address blocks:        45.145.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:df:18:0d:08:c0:5f:47:1e:ee:42:67:fd:9d:7e:3f:3e:7a:23:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:28 2023 GMT
            Not After : Sep 25 12:05:28 2024 GMT
        Subject: CN=59D0965D5CD027EBB9393EE0CF81A9052751D383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:41:f8:5b:1f:45:1c:da:62:88:e4:1c:d4:09:
                    77:40:7c:46:aa:35:96:40:36:1f:d8:3f:09:26:33:
                    a3:27:7a:a3:dd:a5:b6:46:7d:69:82:98:20:49:0d:
                    4d:bb:ed:86:30:3b:ac:26:7d:61:1c:e6:60:ff:a0:
                    20:48:06:74:96:05:f9:e5:20:af:64:6c:32:1a:f0:
                    0f:71:cc:9c:11:42:a4:26:a0:54:4c:c8:f3:55:60:
                    b2:60:4b:ce:87:0a:90:2c:3d:e6:a2:5f:27:b0:d8:
                    85:b3:c9:a6:b1:b3:fb:f4:5d:74:75:df:85:65:87:
                    8c:ce:ad:bf:62:fa:37:96:22:a1:b6:f7:11:c7:8b:
                    65:48:a0:42:fd:c7:b2:cc:9b:26:37:9a:11:12:d7:
                    2f:25:d6:65:22:ed:08:03:9a:15:a0:81:cd:68:b8:
                    11:ee:70:3e:f4:fb:66:1c:d9:55:1c:cd:cd:c6:12:
                    9d:d5:6c:ba:11:aa:da:a3:9a:5f:ca:79:2c:04:fb:
                    df:42:0a:71:9e:a3:5c:78:3e:34:9d:d8:e7:15:7a:
                    de:12:ec:d4:03:2b:42:08:d7:27:48:22:d9:0f:63:
                    66:20:9e:79:7b:e4:64:63:c7:24:af:4d:35:d4:0b:
                    71:46:2c:23:ba:51:6b:16:6c:7a:19:2f:62:c4:e1:
                    89:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D0:96:5D:5C:D0:27:EB:B9:39:3E:E0:CF:81:A9:05:27:51:D3:83
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:4c:72:bb:24:3f:93:2a:4b:1c:f3:df:3c:e1:d6:ab:6e:a7:
         2c:d3:76:f2:9a:ec:22:71:3e:01:42:06:89:f9:65:0d:c1:4e:
         9f:57:24:a1:b5:e4:8c:5b:7a:02:ce:96:d9:a4:62:3c:c3:dc:
         d8:bd:dc:17:08:98:e8:51:7b:9a:a3:b8:51:5f:47:d7:a8:6a:
         48:6a:66:1e:6c:cf:e6:87:a8:56:a0:bf:9c:7a:42:45:b7:9d:
         72:03:87:30:ce:4f:cd:08:e8:7e:34:49:60:00:f9:d2:d1:70:
         a0:74:c2:26:20:39:66:58:80:0a:f3:4c:2e:83:1c:a9:50:57:
         36:c1:a0:e4:0a:bc:c3:0d:5c:de:df:98:68:e9:ae:80:86:c3:
         8c:92:7c:d9:05:97:0d:90:1e:fd:8f:98:72:b1:c6:27:85:1c:
         87:a9:55:9d:d9:68:d0:dd:41:35:49:34:56:7d:d0:50:fd:70:
         4b:66:d4:d3:35:fd:23:49:94:80:1e:dd:8a:f6:d7:0a:fe:f4:
         0b:3b:f7:78:8a:42:4e:f9:15:ec:48:79:23:53:55:07:ae:7a:
         f5:75:e0:da:b6:c9:ea:ad:c5:78:f8:1b:79:bb:df:be:89:dc:
         da:f1:b6:62:87:6f:b7:c5:09:77:da:6e:73:a4:30:8b:9b:72:
         b3:70:0a:f7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUI98YDQjAX0ce7kJn/Z1+Pz56I+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMjhaFw0yNDA5MjUxMjA1MjhaMDMxMTAvBgNV
BAMTKDU5RDA5NjVENUNEMDI3RUJCOTM5M0VFMENGODFBOTA1Mjc1MUQzODMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHQfhbH0Uc2mKI5BzUCXdAfEaq
NZZANh/YPwkmM6MneqPdpbZGfWmCmCBJDU277YYwO6wmfWEc5mD/oCBIBnSWBfnl
IK9kbDIa8A9xzJwRQqQmoFRMyPNVYLJgS86HCpAsPeaiXyew2IWzyaaxs/v0XXR1
34Vlh4zOrb9i+jeWIqG29xHHi2VIoEL9x7LMmyY3mhES1y8l1mUi7QgDmhWggc1o
uBHucD70+2Yc2VUczc3GEp3VbLoRqtqjml/KeSwE+99CCnGeo1x4PjSd2OcVet4S
7NQDK0II1ydIItkPY2Ygnnl75GRjxySvTTXUC3FGLCO6UWsWbHoZL2LE4YklAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWdCWXVzQJ+u5OT7gz4GpBSdR04MwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDM1MmUzMjM0
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2R
8zANBgkqhkiG9w0BAQsFAAOCAQEAgkxyuyQ/kypLHPPfPOHWq26nLNN28prsInE+
AUIGifllDcFOn1ckobXkjFt6As6W2aRiPMPc2L3cFwiY6FF7mqO4UV9H16hqSGpm
HmzP5oeoVqC/nHpCRbedcgOHMM5PzQjofjRJYAD50tFwoHTCJiA5ZliACvNMLoMc
qVBXNsGg5Aq8ww1c3t+YaOmugIbDjJJ82QWXDZAe/Y+YcrHGJ4Uch6lVndlo0N1B
NUk0Vn3QUP1wS2bU0zX9I0mUgB7divbXCv70Czv3eIpCTvkV7Eh5I1NVB6569XXg
2rbJ6q3FePgbebvfvonc2vG2Yodvt8UJd9puc6Qwi5tys3AK9w==
-----END CERTIFICATE-----