Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e2039303837.roa
File:                     34352e3134352e3234332e302f32342d3234203d3e2039303837.roa (raw, json)
Hash identifier:          6CDLL+/h6J85RPKLXatlgbtl63rjSzNr5TiurUMPbo4=
Subject key identifier:   6D:66:02:25:58:34:5B:CF:BF:C1:5E:79:84:52:32:AB:AF:5F:FF:06
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       3F687A4064EC9AE16C14AA35A4C436CD71DF183B
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e2039303837.roa
Signing time:             Wed 27 Sep 2023 12:05:32 +0000
ROA not before:           Wed 27 Sep 2023 12:00:32 +0000
ROA not after:            Wed 25 Sep 2024 12:05:32 +0000
asID:                     9087
IP address blocks:        45.145.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:68:7a:40:64:ec:9a:e1:6c:14:aa:35:a4:c4:36:cd:71:df:18:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:32 2023 GMT
            Not After : Sep 25 12:05:32 2024 GMT
        Subject: CN=6D66022558345BCFBFC15E79845232ABAF5FFF06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ba:db:d1:2c:0a:b8:44:49:bf:76:7f:f9:3b:
                    e2:a1:90:4f:d1:4b:f0:e7:c1:b6:94:15:a2:65:98:
                    70:a2:ab:06:5b:58:9d:4b:01:f2:21:ef:12:52:10:
                    7e:53:8d:ef:ba:a3:36:37:83:29:d7:87:d0:2b:2c:
                    67:d3:94:a7:0d:76:61:64:96:e8:aa:43:a4:fa:39:
                    cc:de:f9:ef:0c:68:9d:c9:f5:35:4c:4f:43:67:e8:
                    ae:69:2b:5e:3c:13:76:05:61:ce:18:f1:62:26:fb:
                    3c:9d:b5:8d:b3:b4:6d:f7:60:05:ad:0a:a6:7d:cb:
                    ce:d5:51:68:ad:6a:9e:e9:0d:63:85:cf:2e:10:de:
                    92:49:f4:5e:ea:dd:28:c4:ec:f4:b6:54:97:63:c3:
                    33:19:43:1d:b3:18:2b:47:f0:19:57:70:ed:c0:13:
                    94:54:14:9a:31:96:1e:bd:22:08:35:b7:d9:8b:00:
                    ee:16:e5:58:33:58:99:fe:40:89:32:cd:42:4c:d7:
                    73:77:45:51:07:08:92:62:23:99:05:23:42:a7:57:
                    ad:24:00:c9:10:ef:f1:9f:5a:dd:e6:b3:bc:47:b6:
                    ce:c2:ac:d0:f1:9f:32:82:15:f5:84:5f:d2:77:90:
                    35:ff:7f:51:ce:b5:60:35:d5:4e:c5:e8:07:61:13:
                    e5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:66:02:25:58:34:5B:CF:BF:C1:5E:79:84:52:32:AB:AF:5F:FF:06
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:cc:b2:ad:47:50:95:4d:56:a8:a4:6f:cc:c0:5e:03:02:30:
         67:ec:07:42:84:3e:ff:83:73:ff:87:a0:f5:6a:5f:6e:3b:43:
         da:97:45:e1:48:bf:b3:88:f7:52:23:a8:75:25:ba:1b:e3:c1:
         13:42:9b:f5:29:45:5e:76:fa:4f:47:57:15:cc:ef:28:d6:f4:
         3b:02:54:5f:26:90:65:b7:6a:cb:12:68:70:3b:55:ad:8a:d0:
         c2:f2:bb:18:d1:ee:c2:c3:61:0e:8d:9d:20:8f:59:67:ad:11:
         87:84:6c:da:8f:49:c7:86:b7:1f:88:1c:a9:31:c4:a5:d1:4b:
         c9:c6:6d:09:e4:3c:bd:0e:9c:c2:82:4d:c6:70:00:cd:44:d7:
         36:1a:98:d0:9e:90:6d:d3:96:0f:7d:88:d6:f8:af:ce:50:c1:
         0f:45:a8:65:6e:b8:bd:83:56:7c:85:5f:cb:d3:86:f7:6b:c1:
         06:3f:ad:8e:32:00:b8:5a:a1:85:e9:88:db:d4:4d:02:e5:e3:
         69:d0:b6:4b:95:ad:63:b1:81:b9:b3:01:4b:7c:ac:c8:1c:2a:
         7c:4f:b6:0f:cf:7e:94:6f:7d:d8:8f:e6:f6:77:03:48:1c:9a:
         02:b7:26:39:39:03:c8:f6:5d:cc:17:b7:a4:6b:6f:17:a5:7d:
         f9:7d:06:35
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP2h6QGTsmuFsFKo1pMQ2zXHfGDswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMzJaFw0yNDA5MjUxMjA1MzJaMDMxMTAvBgNV
BAMTKDZENjYwMjI1NTgzNDVCQ0ZCRkMxNUU3OTg0NTIzMkFCQUY1RkZGMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfutvRLAq4REm/dn/5O+KhkE/R
S/DnwbaUFaJlmHCiqwZbWJ1LAfIh7xJSEH5Tje+6ozY3gynXh9ArLGfTlKcNdmFk
luiqQ6T6Ocze+e8MaJ3J9TVMT0Nn6K5pK148E3YFYc4Y8WIm+zydtY2ztG33YAWt
CqZ9y87VUWitap7pDWOFzy4Q3pJJ9F7q3SjE7PS2VJdjwzMZQx2zGCtH8BlXcO3A
E5RUFJoxlh69Igg1t9mLAO4W5VgzWJn+QIkyzUJM13N3RVEHCJJiI5kFI0KnV60k
AMkQ7/GfWt3ms7xHts7CrNDxnzKCFfWEX9J3kDX/f1HOtWA11U7F6AdhE+WvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbWYCJVg0W8+/wV55hFIyq69f/wYwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDM1MmUzMjM0
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2R
8zANBgkqhkiG9w0BAQsFAAOCAQEAc8yyrUdQlU1WqKRvzMBeAwIwZ+wHQoQ+/4Nz
/4eg9WpfbjtD2pdF4Ui/s4j3UiOodSW6G+PBE0Kb9SlFXnb6T0dXFczvKNb0OwJU
XyaQZbdqyxJocDtVrYrQwvK7GNHuwsNhDo2dII9ZZ60Rh4Rs2o9Jx4a3H4gcqTHE
pdFLycZtCeQ8vQ6cwoJNxnAAzUTXNhqY0J6QbdOWD32I1vivzlDBD0WoZW64vYNW
fIVfy9OG92vBBj+tjjIAuFqhhemI29RNAuXjadC2S5WtY7GBubMBS3ysyBwqfE+2
D89+lG992I/m9ncDSByaArcmOTkDyPZdzBe3pGtvF6V9+X0GNQ==
-----END CERTIFICATE-----