Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138362e302f32332d3234203d3e2033333230.roa
File:                     34352e39332e3138362e302f32332d3234203d3e2033333230.roa (raw, json)
Hash identifier:          VAeKGs9UHtqpVRcDtQW520o4iavD4BPJNFtFxFrs4yY=
Subject key identifier:   A9:04:76:5B:E1:4D:EB:25:88:DD:3A:BE:E8:E4:B8:85:5D:43:ED:15
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       1924B8D31F8BE9FC2B01DC925371DC1B23DE1C99
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138362e302f32332d3234203d3e2033333230.roa
Signing time:             Wed 28 Aug 2024 13:05:19 +0000
ROA not before:           Wed 28 Aug 2024 13:00:19 +0000
ROA not after:            Wed 27 Aug 2025 13:05:19 +0000
asID:                     3320
IP address blocks:        45.93.186.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:24:b8:d3:1f:8b:e9:fc:2b:01:dc:92:53:71:dc:1b:23:de:1c:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Aug 28 13:00:19 2024 GMT
            Not After : Aug 27 13:05:19 2025 GMT
        Subject: CN=A904765BE14DEB2588DD3ABEE8E4B8855D43ED15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e4:84:a4:ec:e4:83:78:63:38:ac:2c:e4:09:
                    04:79:57:60:8b:ca:1d:d4:7f:cd:fe:87:31:c1:8d:
                    66:5d:45:8d:20:fa:62:72:d0:e4:00:c2:9e:15:a3:
                    f3:9e:88:ff:cf:e9:09:36:ce:80:a9:f4:fa:15:81:
                    13:af:fe:2a:17:10:52:c8:ab:f6:5a:6a:33:08:d7:
                    ba:5f:6d:fb:fa:bb:46:5e:db:51:4e:30:cd:7a:cb:
                    de:08:75:d3:8c:65:a9:83:b1:c6:f4:77:09:1e:9f:
                    1b:ee:ba:a2:dd:7c:dc:47:64:81:4a:98:21:61:18:
                    97:fe:e4:55:9b:8c:2b:c4:d2:8b:13:fd:7a:aa:09:
                    60:80:cd:fb:48:ca:57:f8:65:9f:31:d0:1a:2b:30:
                    ce:f6:a9:18:a7:f2:52:aa:21:6d:bf:ee:c4:c9:f3:
                    c1:15:3a:e9:11:e1:52:2f:cd:85:76:c3:d2:67:2a:
                    20:49:35:f1:0b:65:13:72:85:d2:5d:84:ce:18:f9:
                    3b:7d:0b:66:21:49:ab:59:39:1e:82:ee:1a:fc:00:
                    e9:e5:25:fa:21:c4:87:19:f2:fe:fd:a2:ca:75:83:
                    7e:3e:0c:70:7a:57:69:5b:e8:9a:36:a5:1c:95:24:
                    2a:de:96:d9:8b:02:d0:77:97:83:90:3e:48:9a:c2:
                    b0:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:04:76:5B:E1:4D:EB:25:88:DD:3A:BE:E8:E4:B8:85:5D:43:ED:15
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138362e302f32332d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:02:f8:51:91:32:8d:73:7a:f7:3c:53:07:61:63:27:39:6e:
         e6:99:a1:b0:31:2c:8d:0c:4d:0f:09:46:ad:af:26:37:49:5c:
         cc:d4:64:98:04:a7:a5:9b:75:f6:64:47:05:d8:4a:e5:73:ae:
         ad:97:69:71:c1:83:ca:60:db:5a:c9:4a:36:2e:45:e2:5e:c7:
         c1:d8:63:74:53:82:92:07:3f:a4:22:5b:98:a6:f4:4f:76:c9:
         25:51:8c:b2:bb:13:75:87:1f:01:76:da:e2:bc:71:fd:62:85:
         61:5b:04:07:8d:4a:b1:56:12:0c:b9:c3:8e:f4:e0:35:ca:b3:
         08:a9:23:d3:75:b3:86:f0:68:fc:9e:0b:91:35:a1:2b:3e:b8:
         6e:f6:d8:de:da:d3:09:56:5d:9c:4c:11:59:8f:bd:3a:06:56:
         7a:b4:d9:bf:5d:09:d6:ca:62:e0:30:e8:c2:3c:d0:17:ed:f1:
         3b:80:63:55:d8:af:00:d4:33:01:a7:5a:7e:9a:19:10:43:10:
         b7:c3:1a:05:1d:20:b8:02:6d:7e:96:46:2a:79:32:75:bd:69:
         61:57:02:15:01:f5:05:77:66:55:30:27:0a:97:0b:7c:ac:36:
         f2:7c:5b:5e:3c:de:05:46:56:84:7b:b6:ca:8e:48:6b:7b:26:
         82:4e:30:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGSS40x+L6fwrAdySU3HcGyPeHJkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNDA4MjgxMzAwMTlaFw0yNTA4MjcxMzA1MTlaMDMxMTAvBgNV
BAMTKEE5MDQ3NjVCRTE0REVCMjU4OEREM0FCRUU4RTRCODg1NUQ0M0VEMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd5ISk7OSDeGM4rCzkCQR5V2CL
yh3Uf83+hzHBjWZdRY0g+mJy0OQAwp4Vo/OeiP/P6Qk2zoCp9PoVgROv/ioXEFLI
q/ZaajMI17pfbfv6u0Ze21FOMM16y94IddOMZamDscb0dwkenxvuuqLdfNxHZIFK
mCFhGJf+5FWbjCvE0osT/XqqCWCAzftIylf4ZZ8x0BorMM72qRin8lKqIW2/7sTJ
88EVOukR4VIvzYV2w9JnKiBJNfELZRNyhdJdhM4Y+Tt9C2YhSatZOR6C7hr8AOnl
JfohxIcZ8v79osp1g34+DHB6V2lb6Jo2pRyVJCreltmLAtB3l4OQPkiawrB3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqQR2W+FN6yWI3Tq+6OS4hV1D7RUwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzkzMzJlMzEzODM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzMzMzMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtXbow
DQYJKoZIhvcNAQELBQADggEBACAC+FGRMo1zevc8UwdhYyc5buaZobAxLI0MTQ8J
Rq2vJjdJXMzUZJgEp6WbdfZkRwXYSuVzrq2XaXHBg8pg21rJSjYuReJex8HYY3RT
gpIHP6QiW5im9E92ySVRjLK7E3WHHwF22uK8cf1ihWFbBAeNSrFWEgy5w4704DXK
swipI9N1s4bwaPyeC5E1oSs+uG722N7a0wlWXZxMEVmPvToGVnq02b9dCdbKYuAw
6MI80Bft8TuAY1XYrwDUMwGnWn6aGRBDELfDGgUdILgCbX6WRip5MnW9aWFXAhUB
9QV3ZlUwJwqXC3ysNvJ8W1483gVGVoR7tsqOSGt7JoJOMB0=
-----END CERTIFICATE-----