Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39322e302f32342d3234203d3e20323039313831.roa
File:                     34352e38362e39322e302f32342d3234203d3e20323039313831.roa (raw, json)
Hash identifier:          axad6y4WO54wAX0JBbPnOOK6hI/gTIiMU9ubKRwS/L8=
Subject key identifier:   2C:AC:02:C6:15:61:AA:EA:63:8F:FD:1B:3C:26:64:BA:F6:45:96:DE
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       447CEF7C7BD8F7AA9676D62A0D8D744836EFCEE3
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39322e302f32342d3234203d3e20323039313831.roa
Signing time:             Tue 11 Jun 2024 18:05:18 +0000
ROA not before:           Tue 11 Jun 2024 18:00:18 +0000
ROA not after:            Tue 10 Jun 2025 18:05:18 +0000
asID:                     209181
IP address blocks:        45.86.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:7c:ef:7c:7b:d8:f7:aa:96:76:d6:2a:0d:8d:74:48:36:ef:ce:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jun 11 18:00:18 2024 GMT
            Not After : Jun 10 18:05:18 2025 GMT
        Subject: CN=2CAC02C61561AAEA638FFD1B3C2664BAF64596DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c7:aa:69:8b:bf:d5:b3:14:9f:a5:49:19:73:
                    16:b3:14:fe:b6:d1:fd:07:51:d4:a4:77:c7:4c:28:
                    ee:53:7e:59:4a:71:e1:29:8c:c7:84:94:5a:9f:54:
                    c1:8e:05:80:03:a3:ea:44:0a:6b:d2:b4:c2:be:fa:
                    84:1c:d1:52:0c:2b:e4:1a:b7:1a:7d:88:bf:ba:d3:
                    1b:ce:02:8b:00:15:9a:c1:e0:e3:96:32:e0:4d:74:
                    d3:b9:e4:db:9b:1e:a8:0e:bf:5b:34:41:75:3b:16:
                    e3:3a:7a:1c:a6:57:c9:76:ce:61:31:c3:1b:77:7d:
                    10:b9:8d:7c:3f:f7:f9:2f:d6:c8:fd:4f:42:e9:64:
                    71:63:09:ff:a9:df:7e:67:75:a8:c6:71:80:aa:f2:
                    c2:ff:30:f9:c6:18:aa:32:0d:e4:1d:ab:af:f2:3f:
                    34:4c:70:09:d7:3b:42:8a:50:e6:e0:b5:2f:72:b7:
                    f5:f1:da:6c:82:28:56:0e:a5:41:50:b2:31:a9:43:
                    31:18:f8:cc:eb:0c:83:d3:cb:0f:a3:88:81:9c:a3:
                    aa:b8:9b:8f:ab:6e:f3:b5:02:19:5a:18:61:b3:61:
                    00:34:6f:af:0e:9c:dc:ca:da:b2:18:59:50:0a:35:
                    47:78:cc:a2:79:fc:de:a9:89:da:db:18:72:2d:2e:
                    59:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AC:02:C6:15:61:AA:EA:63:8F:FD:1B:3C:26:64:BA:F6:45:96:DE
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39322e302f32342d3234203d3e20323039313831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:7d:62:fe:9e:cb:b6:44:bf:b9:3a:8b:c1:80:31:12:4f:55:
         ac:cd:6f:23:61:10:ff:64:3e:a8:56:7e:f3:25:96:1a:88:59:
         2d:6a:71:97:3d:5f:a3:f5:75:57:2f:6e:36:49:fe:ca:71:c2:
         50:d7:70:3c:a2:37:e3:6a:5c:c5:c7:d3:88:22:13:41:2f:8f:
         b4:75:ad:1f:16:2e:f8:78:9d:60:50:1a:f1:f0:0b:aa:a8:02:
         ed:c0:2b:f7:29:e0:02:e9:21:87:25:9f:df:1c:93:db:b6:37:
         89:5f:59:8f:aa:52:67:43:04:51:92:b9:77:c2:7c:66:95:90:
         b7:3e:3b:64:d8:df:0e:f4:02:76:a1:36:dc:05:02:ea:99:77:
         2d:55:82:66:c6:ac:e3:3d:24:cb:f3:0c:e1:24:1b:99:3b:19:
         4b:8c:c9:df:e5:cb:3d:99:fe:25:86:9b:3a:68:56:4e:f5:aa:
         ba:99:c8:45:ca:1f:28:42:fe:9e:2f:8e:99:bf:f0:fe:03:6a:
         1b:af:a3:1b:6c:77:e0:ca:d0:a9:04:ea:16:f1:e7:4e:d5:19:
         49:a3:ee:56:40:91:e5:35:fc:bf:49:c3:e5:45:95:b1:13:9c:
         2c:c4:47:a9:d3:01:b7:6e:bb:5c:0d:da:fc:9c:07:5f:1c:a8:
         35:77:c9:a1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURHzvfHvY96qWdtYqDY10SDbvzuMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA2MTExODAwMThaFw0yNTA2MTAxODA1MThaMDMxMTAvBgNV
BAMTKDJDQUMwMkM2MTU2MUFBRUE2MzhGRkQxQjNDMjY2NEJBRjY0NTk2REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnx6ppi7/VsxSfpUkZcxazFP62
0f0HUdSkd8dMKO5TfllKceEpjMeElFqfVMGOBYADo+pECmvStMK++oQc0VIMK+Qa
txp9iL+60xvOAosAFZrB4OOWMuBNdNO55NubHqgOv1s0QXU7FuM6ehymV8l2zmEx
wxt3fRC5jXw/9/kv1sj9T0LpZHFjCf+p335ndajGcYCq8sL/MPnGGKoyDeQdq6/y
PzRMcAnXO0KKUObgtS9yt/Xx2myCKFYOpUFQsjGpQzEY+MzrDIPTyw+jiIGco6q4
m4+rbvO1AhlaGGGzYQA0b68OnNzK2rIYWVAKNUd4zKJ5/N6pidrbGHItLlkhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULKwCxhVhqupjj/0bPCZkuvZFlt4wHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTMxMzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1W
XDANBgkqhkiG9w0BAQsFAAOCAQEAkX1i/p7LtkS/uTqLwYAxEk9VrM1vI2EQ/2Q+
qFZ+8yWWGohZLWpxlz1fo/V1Vy9uNkn+ynHCUNdwPKI342pcxcfTiCITQS+PtHWt
HxYu+HidYFAa8fALqqgC7cAr9yngAukhhyWf3xyT27Y3iV9Zj6pSZ0MEUZK5d8J8
ZpWQtz47ZNjfDvQCdqE23AUC6pl3LVWCZsas4z0ky/MM4SQbmTsZS4zJ3+XLPZn+
JYabOmhWTvWqupnIRcofKEL+ni+Omb/w/gNqG6+jG2x34MrQqQTqFvHnTtUZSaPu
VkCR5TX8v0nD5UWVsROcLMRHqdMBt267XA3a/JwHXxyoNXfJoQ==
-----END CERTIFICATE-----