Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138362e302f32332d3234203d3e2033333230.roa
File:                     34352e39332e3138362e302f32332d3234203d3e2033333230.roa (raw, json)
Hash identifier:          rLHHFEqOJ1BAXRH8wrmL2dr7WkhNR79yg4kDgapu1G0=
Subject key identifier:   B7:27:93:D2:34:A2:0D:CB:BE:32:09:2E:EC:8F:1E:B2:2F:9A:60:8B
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       70BE81C012C9ABC233F44F4D5B2F5CDD563FE645
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138362e302f32332d3234203d3e2033333230.roa
Signing time:             Wed 27 Sep 2023 12:05:37 +0000
ROA not before:           Wed 27 Sep 2023 12:00:37 +0000
ROA not after:            Wed 25 Sep 2024 12:05:37 +0000
asID:                     3320
IP address blocks:        45.93.186.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:be:81:c0:12:c9:ab:c2:33:f4:4f:4d:5b:2f:5c:dd:56:3f:e6:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 27 12:00:37 2023 GMT
            Not After : Sep 25 12:05:37 2024 GMT
        Subject: CN=B72793D234A20DCBBE32092EEC8F1EB22F9A608B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7a:ed:1c:8b:0d:fe:e7:e1:6a:65:36:3a:ba:
                    b5:99:96:6e:50:a7:47:9d:8f:14:42:20:e7:0b:8c:
                    09:90:0c:b8:7b:9f:c6:1c:b3:06:2a:5f:75:e6:a5:
                    2a:6d:37:30:4e:c6:38:64:31:09:9e:ae:75:f2:c4:
                    58:7c:11:25:50:03:0b:03:94:c5:b2:98:79:8e:77:
                    9f:84:96:7c:ef:fa:1c:3e:0f:5e:76:d9:00:f0:2a:
                    89:b8:08:20:60:b0:ec:11:8e:aa:36:83:64:fe:d9:
                    20:93:b2:5c:34:08:72:8b:73:3c:49:22:4b:99:51:
                    16:01:76:9f:37:f3:10:92:28:6d:76:73:44:aa:ea:
                    9d:d9:83:18:a6:01:16:97:0a:25:57:b1:26:41:e1:
                    e2:8f:d8:f6:ed:0c:fe:fe:54:02:d2:eb:79:d5:1e:
                    99:b7:1e:87:75:d6:e7:91:ab:67:e5:30:fc:28:63:
                    2b:fd:52:07:65:84:0d:79:da:e0:c3:b1:7e:f4:b5:
                    b8:de:fb:16:9f:62:83:5c:9a:db:73:03:0d:6d:f2:
                    11:70:de:e0:ef:6e:22:93:06:d9:fa:19:ef:60:86:
                    06:82:a6:9a:31:0e:1e:8e:cc:ad:6e:96:fc:5d:87:
                    c4:3e:de:e0:25:62:c8:e5:b7:63:c5:ac:e2:b0:9f:
                    84:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:27:93:D2:34:A2:0D:CB:BE:32:09:2E:EC:8F:1E:B2:2F:9A:60:8B
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138362e302f32332d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:42:ad:b2:a8:df:61:a6:6f:5e:53:fd:ad:de:1a:72:25:3e:
         c6:4e:92:82:5d:1c:b8:8f:99:b3:e9:af:aa:32:2e:68:ec:94:
         96:9b:0f:2c:84:ce:ce:0d:e2:43:ee:4e:12:1d:17:e3:5a:46:
         9d:7d:ae:56:a3:e6:b3:a4:99:14:27:e6:33:af:4a:dc:2f:dd:
         e4:ed:4e:08:80:28:5e:2d:7a:ae:9f:70:7d:46:97:8c:9d:c4:
         30:e6:92:6e:8b:29:69:20:2a:a8:36:b2:8b:c8:d0:50:75:07:
         40:85:00:f7:db:60:b3:5b:ec:cb:10:97:bc:2a:e7:4f:9a:13:
         8d:17:bb:37:9c:b3:a0:00:1e:f6:78:b2:11:0b:ac:47:b3:ef:
         11:51:af:ec:bc:02:0a:27:9f:aa:e0:77:aa:79:f2:2d:75:12:
         19:12:0b:77:70:a6:10:8a:0b:0f:e7:98:45:52:da:4c:91:aa:
         94:0c:62:2f:c6:ea:7f:c0:4b:4f:ba:85:bb:db:77:a0:0c:de:
         3f:f1:5d:f7:79:49:e5:07:b8:89:e1:f1:79:7f:c5:7b:ab:de:
         7d:8b:cf:ca:e9:f5:6a:e2:ae:d9:8b:e2:33:49:84:e0:af:e8:
         69:e6:af:61:92:3e:6b:05:3c:48:71:ef:af:74:79:55:52:10:
         32:b0:8c:73
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcL6BwBLJq8Iz9E9NWy9c3VY/5kUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yMzA5MjcxMjAwMzdaFw0yNDA5MjUxMjA1MzdaMDMxMTAvBgNV
BAMTKEI3Mjc5M0QyMzRBMjBEQ0JCRTMyMDkyRUVDOEYxRUIyMkY5QTYwOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfeu0ciw3+5+FqZTY6urWZlm5Q
p0edjxRCIOcLjAmQDLh7n8YcswYqX3XmpSptNzBOxjhkMQmernXyxFh8ESVQAwsD
lMWymHmOd5+Elnzv+hw+D1522QDwKom4CCBgsOwRjqo2g2T+2SCTslw0CHKLczxJ
IkuZURYBdp838xCSKG12c0Sq6p3ZgximARaXCiVXsSZB4eKP2PbtDP7+VALS63nV
Hpm3Hod11ueRq2flMPwoYyv9UgdlhA152uDDsX70tbje+xafYoNcmttzAw1t8hFw
3uDvbiKTBtn6Ge9ghgaCppoxDh6OzK1ulvxdh8Q+3uAlYsjlt2PFrOKwn4S7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtyeT0jSiDcu+Mgku7I8esi+aYIswHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzkzMzJlMzEzODM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzMzMzMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtXbow
DQYJKoZIhvcNAQELBQADggEBAGVCrbKo32Gmb15T/a3eGnIlPsZOkoJdHLiPmbPp
r6oyLmjslJabDyyEzs4N4kPuThIdF+NaRp19rlaj5rOkmRQn5jOvStwv3eTtTgiA
KF4teq6fcH1Gl4ydxDDmkm6LKWkgKqg2sovI0FB1B0CFAPfbYLNb7MsQl7wq50+a
E40Xuzecs6AAHvZ4shELrEez7xFRr+y8Agonn6rgd6p58i11EhkSC3dwphCKCw/n
mEVS2kyRqpQMYi/G6n/AS0+6hbvbd6AM3j/xXfd5SeUHuInh8Xl/xXur3n2Lz8rp
9WrirtmL4jNJhOCv6Gnmr2GSPmsFPEhx7690eVVSEDKwjHM=
-----END CERTIFICATE-----