Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa
File:                     34352e38392e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          yBsd+nwavw3BanIFwR8i7NsPE65cFlCLtCKhwkNMztM=
Subject key identifier:   C8:1F:33:EB:5D:81:D7:63:9A:0A:5B:CD:55:0D:00:1E:0E:C4:FD:16
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       4864BFEB51192F8B8343C9EA2E02FED8A5043134
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Thu 05 Sep 2024 00:03:35 +0000
ROA not before:           Wed 04 Sep 2024 23:58:35 +0000
ROA not after:            Thu 04 Sep 2025 00:03:35 +0000
asID:                     834
IP address blocks:        45.89.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:64:bf:eb:51:19:2f:8b:83:43:c9:ea:2e:02:fe:d8:a5:04:31:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep  4 23:58:35 2024 GMT
            Not After : Sep  4 00:03:35 2025 GMT
        Subject: CN=C81F33EB5D81D7639A0A5BCD550D001E0EC4FD16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d8:ed:e1:b0:c7:0a:f3:1b:8f:24:3c:a0:ad:
                    3b:1a:6d:0a:06:18:1a:b2:de:85:91:7b:5b:ab:56:
                    93:e2:f1:b2:6a:3d:0f:66:ca:70:a9:01:47:86:2d:
                    5a:63:71:aa:37:62:e8:b1:a0:9e:1c:8d:f3:ba:d8:
                    fa:ca:39:f1:72:ce:13:7e:a6:ac:22:a0:fd:04:50:
                    ec:75:a7:c4:c3:ae:73:08:b0:ea:83:0b:20:17:c6:
                    2d:ec:08:0b:71:39:cf:d2:b1:42:70:73:e3:7c:07:
                    cc:f3:80:95:c4:32:76:56:d9:ab:da:b9:a1:59:23:
                    ed:62:ce:4a:68:48:ee:93:10:ee:65:0d:98:72:b4:
                    5c:d5:ea:52:8f:cd:41:7a:66:57:d8:df:4c:01:35:
                    d7:60:fc:32:9f:66:c1:6a:85:63:11:11:67:15:29:
                    31:64:eb:fc:86:da:f4:f8:be:c2:41:34:26:4e:d6:
                    c6:86:eb:23:0a:de:a0:49:ef:ba:29:2f:d3:ec:6f:
                    76:4b:d8:45:a7:96:c0:6c:87:0e:e1:3a:16:1d:f5:
                    9e:d8:75:e4:17:fd:f1:07:79:8c:0c:f3:9f:33:f2:
                    43:77:99:6d:33:27:74:46:20:89:fa:c7:30:3e:27:
                    8a:2e:07:bc:85:2b:bb:29:bd:98:77:2e:8c:55:c3:
                    26:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:1F:33:EB:5D:81:D7:63:9A:0A:5B:CD:55:0D:00:1E:0E:C4:FD:16
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:e5:88:1a:2a:f7:9e:a1:e2:c8:34:b4:8e:4a:41:f2:9a:77:
         90:8c:66:3a:e3:3d:c5:59:30:c1:fa:aa:92:f5:a0:c2:a3:46:
         a9:25:60:a8:46:0d:7e:fc:08:7a:76:66:e3:fc:1f:cd:f6:c7:
         e2:bb:de:d8:6f:44:76:e1:d8:be:d5:da:80:d7:19:da:2d:ed:
         26:85:1b:6f:97:38:96:a0:f6:fa:a4:eb:8e:5f:d7:24:dd:61:
         d7:38:53:bc:db:9d:08:f8:0b:9c:7d:2f:9e:a9:17:19:2a:23:
         57:00:df:81:93:44:4a:2a:20:8a:8d:e8:51:10:a4:94:b4:4b:
         a7:15:56:46:f1:a6:05:52:11:a3:9d:c3:45:ac:d1:89:c1:dc:
         37:a7:6e:c3:78:f9:61:a6:c0:bf:0a:3e:46:a2:38:c5:9f:62:
         4d:4d:d8:eb:4d:0b:fc:73:ad:1c:bc:04:6b:27:dd:f1:0f:a2:
         42:3d:1e:6a:50:48:5c:3c:dd:17:39:f1:c0:d7:f8:2c:a5:ef:
         fc:99:6d:7c:ec:51:a7:0f:91:f5:35:2a:8b:0a:57:5c:2b:60:
         53:6c:ff:5e:3c:e7:71:29:bf:39:3d:b2:18:5a:95:a8:ca:46:
         e4:43:0b:b8:bf:68:ad:59:7c:c6:20:48:18:99:40:fc:99:5f:
         75:8e:37:ef
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSGS/61EZL4uDQ8nqLgL+2KUEMTQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDA5MDQyMzU4MzVaFw0yNTA5MDQwMDAzMzVaMDMxMTAvBgNV
BAMTKEM4MUYzM0VCNUQ4MUQ3NjM5QTBBNUJDRDU1MEQwMDFFMEVDNEZEMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC62O3hsMcK8xuPJDygrTsabQoG
GBqy3oWRe1urVpPi8bJqPQ9mynCpAUeGLVpjcao3YuixoJ4cjfO62PrKOfFyzhN+
pqwioP0EUOx1p8TDrnMIsOqDCyAXxi3sCAtxOc/SsUJwc+N8B8zzgJXEMnZW2ava
uaFZI+1izkpoSO6TEO5lDZhytFzV6lKPzUF6ZlfY30wBNddg/DKfZsFqhWMREWcV
KTFk6/yG2vT4vsJBNCZO1saG6yMK3qBJ77opL9Psb3ZL2EWnlsBshw7hOhYd9Z7Y
deQX/fEHeYwM858z8kN3mW0zJ3RGIIn6xzA+J4ouB7yFK7spvZh3LoxVwyaxAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUyB8z612B12OaClvNVQ0AHg7E/RYwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzgzOTJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmUMA0G
CSqGSIb3DQEBCwUAA4IBAQB65YgaKveeoeLINLSOSkHymneQjGY64z3FWTDB+qqS
9aDCo0apJWCoRg1+/Ah6dmbj/B/N9sfiu97Yb0R24di+1dqA1xnaLe0mhRtvlziW
oPb6pOuOX9ck3WHXOFO8250I+AucfS+eqRcZKiNXAN+Bk0RKKiCKjehREKSUtEun
FVZG8aYFUhGjncNFrNGJwdw3p27DePlhpsC/Cj5GojjFn2JNTdjrTQv8c60cvARr
J93xD6JCPR5qUEhcPN0XOfHA1/gspe/8mW187FGnD5H1NSqLCldcK2BTbP9ePOdx
Kb85PbIYWpWoykbkQwu4v2itWXzGIEgYmUD8mV91jjfv
-----END CERTIFICATE-----