Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39342e302f32342d3234203d3e2039303039.roa
File:                     34352e38362e39342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          rKfZougU8FJmyo76eGgyF3kpeC1vK03Kb0a4e2CX1MU=
Subject key identifier:   78:63:BA:67:83:76:51:63:64:33:AA:4F:D7:4E:A7:FB:44:29:49:BA
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       36EE950D59DD904701BAE46A385E8A696BF3815E
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39342e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 11 Jan 2024 09:50:58 +0000
ROA not before:           Thu 11 Jan 2024 09:45:58 +0000
ROA not after:            Thu 09 Jan 2025 09:50:58 +0000
asID:                     9009
IP address blocks:        45.86.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:ee:95:0d:59:dd:90:47:01:ba:e4:6a:38:5e:8a:69:6b:f3:81:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jan 11 09:45:58 2024 GMT
            Not After : Jan  9 09:50:58 2025 GMT
        Subject: CN=7863BA67837651636433AA4FD74EA7FB442949BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:ba:6f:53:c9:39:d0:8e:7d:3e:f1:27:17:
                    e9:6e:e8:97:a7:7e:12:3c:73:bf:8a:95:1b:8f:bb:
                    64:b1:be:cc:d4:7f:3b:0b:78:0a:b5:54:50:1d:ec:
                    db:3d:1a:8f:9c:53:16:a5:87:58:79:1e:0e:ad:8d:
                    bc:d0:b4:27:8a:bb:59:48:04:95:e4:2e:61:bc:aa:
                    35:6f:fd:96:c7:76:c9:a2:a6:5b:21:94:fa:d2:9a:
                    33:25:b6:27:ff:61:ee:95:a4:78:32:ff:db:5b:c5:
                    5d:73:95:95:90:75:17:c5:5e:2b:fe:b3:0d:9f:60:
                    7c:d5:9c:30:f3:2c:05:60:a3:9c:23:b1:4c:31:e2:
                    47:68:d4:11:c7:48:0c:d6:02:8f:16:40:68:86:81:
                    9c:6d:0d:1f:11:b0:9a:f6:c3:7b:5b:4b:0a:a9:13:
                    2b:db:90:64:bd:d8:0e:79:2c:ee:80:74:a8:af:70:
                    5e:60:0f:09:4b:53:78:ec:62:47:3d:97:b5:d3:bc:
                    43:19:ea:3d:0c:fe:fa:60:f2:6b:d0:d8:51:17:7d:
                    60:0c:1d:92:df:2a:23:ee:3c:0f:af:54:47:2f:b4:
                    6c:ae:fc:ac:d9:9e:96:6b:71:93:cc:54:b9:6f:49:
                    b8:3f:86:80:c5:d7:76:42:7f:af:5b:70:de:95:45:
                    ee:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:63:BA:67:83:76:51:63:64:33:AA:4F:D7:4E:A7:FB:44:29:49:BA
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:1a:73:2a:e7:bf:fe:dd:52:31:d6:f1:90:d0:f0:64:d6:c7:
         4b:5a:fd:06:c7:56:9b:40:12:d8:80:9d:fb:85:a9:09:82:31:
         c1:0c:cb:79:57:a6:2b:64:0c:ff:aa:9e:22:d5:ec:a6:ae:68:
         b9:e1:5d:b6:b1:03:70:9a:55:9e:24:c6:6f:4a:51:75:ef:2d:
         c3:91:37:c3:83:3a:7c:3a:a7:1b:89:64:4e:71:fd:2c:80:19:
         6d:0c:6c:a0:c3:5f:48:1a:8f:e2:f4:4a:0c:27:94:95:94:e6:
         51:5b:56:4d:28:5a:35:82:7f:d7:2e:b8:af:a2:c0:41:25:79:
         a3:98:b6:90:38:84:9f:b9:87:c9:04:65:24:c3:81:eb:be:bf:
         4e:fb:a2:1b:80:15:55:0b:e7:14:59:3c:45:98:17:41:15:fa:
         c2:94:83:21:62:ac:9d:57:6b:73:c0:0c:08:83:83:60:f6:13:
         84:c8:e9:f6:b3:eb:18:05:ac:53:d6:37:f8:26:22:46:81:45:
         89:22:f7:b7:60:51:b9:d9:90:07:b3:28:71:0e:d0:97:95:17:
         8a:01:bc:ec:4e:9d:ac:ae:9e:60:ee:81:2f:79:98:1e:c5:d3:
         29:c1:03:29:8b:d7:5d:10:cb:74:09:93:21:0d:e9:64:b5:6f:
         2a:7c:2c:2f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUNu6VDVndkEcBuuRqOF6KaWvzgV4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDAxMTEwOTQ1NThaFw0yNTAxMDkwOTUwNThaMDMxMTAvBgNV
BAMTKDc4NjNCQTY3ODM3NjUxNjM2NDMzQUE0RkQ3NEVBN0ZCNDQyOTQ5QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7XrpvU8k50I59PvEnF+lu6Jen
fhI8c7+KlRuPu2SxvszUfzsLeAq1VFAd7Ns9Go+cUxalh1h5Hg6tjbzQtCeKu1lI
BJXkLmG8qjVv/ZbHdsmiplshlPrSmjMltif/Ye6VpHgy/9tbxV1zlZWQdRfFXiv+
sw2fYHzVnDDzLAVgo5wjsUwx4kdo1BHHSAzWAo8WQGiGgZxtDR8RsJr2w3tbSwqp
EyvbkGS92A55LO6AdKivcF5gDwlLU3jsYkc9l7XTvEMZ6j0M/vpg8mvQ2FEXfWAM
HZLfKiPuPA+vVEcvtGyu/KzZnpZrcZPMVLlvSbg/hoDF13ZCf69bcN6VRe5hAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUeGO6Z4N2UWNkM6pP106n+0QpSbowHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzAzMDM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZeMA0G
CSqGSIb3DQEBCwUAA4IBAQBhGnMq57/+3VIx1vGQ0PBk1sdLWv0Gx1abQBLYgJ37
hakJgjHBDMt5V6YrZAz/qp4i1eymrmi54V22sQNwmlWeJMZvSlF17y3DkTfDgzp8
OqcbiWROcf0sgBltDGygw19IGo/i9EoMJ5SVlOZRW1ZNKFo1gn/XLrivosBBJXmj
mLaQOISfuYfJBGUkw4Hrvr9O+6IbgBVVC+cUWTxFmBdBFfrClIMhYqydV2tzwAwI
g4Ng9hOEyOn2s+sYBaxT1jf4JiJGgUWJIve3YFG52ZAHsyhxDtCXlReKAbzsTp2s
rp5g7oEveZgexdMpwQMpi9ddEMt0CZMhDelktW8qfCwv
-----END CERTIFICATE-----