Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138342e302f32332d3234203d3e2039303837.roa
File:                     34352e39332e3138342e302f32332d3234203d3e2039303837.roa (raw, json)
Hash identifier:          topVInzsULOkh56szUfpIH5BRm2KNPJYH/8Py2ox5uE=
Subject key identifier:   8D:29:9A:72:26:07:BA:6C:75:56:F7:4C:3E:01:5A:62:52:17:AE:E3
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       23E624D417F7235C976F82374E725B234961C970
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138342e302f32332d3234203d3e2039303837.roa
Signing time:             Wed 27 Sep 2023 12:05:32 +0000
ROA not before:           Wed 27 Sep 2023 12:00:32 +0000
ROA not after:            Wed 25 Sep 2024 12:05:32 +0000
asID:                     9087
IP address blocks:        45.93.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:e6:24:d4:17:f7:23:5c:97:6f:82:37:4e:72:5b:23:49:61:c9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:32 2023 GMT
            Not After : Sep 25 12:05:32 2024 GMT
        Subject: CN=8D299A722607BA6C7556F74C3E015A625217AEE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ee:44:7b:d1:1c:38:e2:61:bf:e2:99:5f:4d:
                    9c:f7:23:a1:6e:d7:28:83:75:cd:53:99:17:47:0f:
                    24:bf:fa:b0:51:56:b8:7b:cb:b8:52:32:63:19:06:
                    73:cd:36:b6:f3:55:65:af:61:51:90:43:39:14:0e:
                    39:1f:e5:9c:d8:80:be:e0:a7:b2:c2:ed:99:e2:0c:
                    d5:3b:c2:71:b2:8a:f3:fd:39:53:15:1b:78:df:8e:
                    a2:e3:aa:d4:25:e1:05:73:f4:4c:e0:93:0a:f0:11:
                    d0:80:e0:fd:d4:f8:f3:77:d7:a1:46:3b:33:4f:4f:
                    07:a0:e7:f3:03:7c:01:19:da:86:86:ff:d5:04:fb:
                    12:a5:bf:f7:79:37:71:16:e6:65:f5:4d:c1:09:ef:
                    8b:20:0b:4c:5d:b1:98:64:bb:20:7c:7c:f8:ad:97:
                    6b:15:f3:77:cd:fa:e1:b3:c4:de:67:41:0a:ad:a1:
                    ba:de:68:52:94:55:1f:a8:70:66:45:3b:99:f6:e1:
                    9e:47:2b:3e:8c:bf:66:fd:38:3d:e8:6f:76:e9:b9:
                    e6:8f:b3:c1:e8:d9:8f:e0:41:75:d4:58:6e:03:24:
                    3c:27:3b:a2:44:20:59:70:fe:45:de:f8:c5:e6:ff:
                    db:89:5f:db:16:6a:64:7c:60:32:d1:e4:16:59:20:
                    41:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:29:9A:72:26:07:BA:6C:75:56:F7:4C:3E:01:5A:62:52:17:AE:E3
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138342e302f32332d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:8d:4b:df:82:b5:c5:d8:42:2a:90:7b:10:c3:34:1b:87:b7:
         f8:89:15:82:44:0f:3c:03:0c:71:2d:0b:0e:d5:56:0a:bd:7a:
         38:12:ce:9d:00:93:55:0d:cd:eb:2e:f3:1d:9a:57:e6:0d:8d:
         7d:e4:38:52:c5:f9:a6:33:0e:25:57:05:c2:c1:e1:45:ef:c7:
         34:ab:19:2c:ed:bd:23:14:40:5b:4c:e2:2e:18:b3:c4:66:a4:
         b2:df:29:93:34:08:6d:9b:a2:db:94:42:87:7f:13:eb:03:e3:
         6b:c1:ac:6d:0e:e1:b1:fe:97:d1:c2:b4:1d:e0:c2:4b:03:65:
         4f:f2:ae:51:46:d8:4c:83:11:b8:83:6b:d4:69:71:27:36:73:
         96:61:74:c7:a1:19:b0:e2:a0:d5:24:25:2b:bc:ba:9d:57:fd:
         c8:a2:2b:64:2f:b3:40:ea:93:cb:f3:60:26:38:3a:ad:10:fb:
         a6:bd:b5:1e:c8:8e:2f:b0:40:c2:d2:ce:c7:41:3b:ab:79:55:
         16:40:f3:c9:37:01:08:ad:2a:60:f5:36:f9:f5:d0:b1:47:f9:
         ee:7f:48:70:c5:7b:c5:37:da:39:81:5b:72:ba:88:a8:54:ad:
         48:8b:86:10:57:3a:12:2b:ba:04:d5:14:5e:77:f9:ea:e7:9f:
         f4:e2:ba:77
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUI+Yk1Bf3I1yXb4I3TnJbI0lhyXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMzJaFw0yNDA5MjUxMjA1MzJaMDMxMTAvBgNV
BAMTKDhEMjk5QTcyMjYwN0JBNkM3NTU2Rjc0QzNFMDE1QTYyNTIxN0FFRTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC17kR70Rw44mG/4plfTZz3I6Fu
1yiDdc1TmRdHDyS/+rBRVrh7y7hSMmMZBnPNNrbzVWWvYVGQQzkUDjkf5ZzYgL7g
p7LC7ZniDNU7wnGyivP9OVMVG3jfjqLjqtQl4QVz9EzgkwrwEdCA4P3U+PN316FG
OzNPTweg5/MDfAEZ2oaG/9UE+xKlv/d5N3EW5mX1TcEJ74sgC0xdsZhkuyB8fPit
l2sV83fN+uGzxN5nQQqtobreaFKUVR+ocGZFO5n24Z5HKz6Mv2b9OD3ob3bpueaP
s8Ho2Y/gQXXUWG4DJDwnO6JEIFlw/kXe+MXm/9uJX9sWamR8YDLR5BZZIEHFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjSmaciYHumx1VvdMPgFaYlIXruMwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzkzMzJlMzEzODM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzkzMDM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtXbgw
DQYJKoZIhvcNAQELBQADggEBAFKNS9+CtcXYQiqQexDDNBuHt/iJFYJEDzwDDHEt
Cw7VVgq9ejgSzp0Ak1UNzesu8x2aV+YNjX3kOFLF+aYzDiVXBcLB4UXvxzSrGSzt
vSMUQFtM4i4Ys8RmpLLfKZM0CG2botuUQod/E+sD42vBrG0O4bH+l9HCtB3gwksD
ZU/yrlFG2EyDEbiDa9RpcSc2c5ZhdMehGbDioNUkJSu8up1X/ciiK2Qvs0Dqk8vz
YCY4Oq0Q+6a9tR7Iji+wQMLSzsdBO6t5VRZA88k3AQitKmD1Nvn10LFH+e5/SHDF
e8U32jmBW3K6iKhUrUiLhhBXOhIrugTVFF53+ernn/Tiunc=
-----END CERTIFICATE-----