Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39342e302f32342d3234203d3e2039303039.roa
File:                     34352e38362e39342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          gq03q2PZTenb5MfLZJOhv7nheUzD9xSGdvhncjMBFfc=
Subject key identifier:   D6:48:45:5F:40:94:67:55:13:E0:B7:A6:82:48:AA:78:0A:7F:ED:B4
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       44DC91E8F72F0CDB0B0B28BF11CBBDEBC3559747
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39342e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 12 Dec 2024 09:53:48 +0000
ROA not before:           Thu 12 Dec 2024 09:48:48 +0000
ROA not after:            Thu 11 Dec 2025 09:53:48 +0000
asID:                     9009
IP address blocks:        45.86.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:dc:91:e8:f7:2f:0c:db:0b:0b:28:bf:11:cb:bd:eb:c3:55:97:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Dec 12 09:48:48 2024 GMT
            Not After : Dec 11 09:53:48 2025 GMT
        Subject: CN=D648455F4094675513E0B7A68248AA780A7FEDB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7f:3d:f7:8b:e3:fc:96:88:cd:ad:47:0d:2c:
                    ec:9b:3e:35:c9:87:50:35:87:c8:45:44:5b:97:a0:
                    7c:97:cb:4b:68:e3:05:a2:d0:0a:8e:31:97:5c:2b:
                    e4:e8:6a:b3:c5:33:2a:2b:f1:e1:15:1d:db:c0:5f:
                    8b:b7:14:80:ad:c3:c5:b3:57:4d:4f:74:b6:5d:2c:
                    b2:c2:e8:3e:6e:15:81:41:98:87:5e:1b:f2:42:f3:
                    b6:44:35:09:68:df:70:28:2d:48:ac:34:ad:c1:d2:
                    7d:ea:f5:47:c8:09:a9:86:6e:77:cd:be:4d:50:14:
                    10:12:0b:8b:5e:6a:a9:26:bb:0e:54:8e:31:af:44:
                    17:01:f3:05:bf:40:9d:f0:f9:e4:77:d2:2d:83:c7:
                    72:d9:41:7e:84:e0:ce:a4:77:48:66:d2:31:f0:fa:
                    e6:3d:8d:1b:08:04:7c:8d:99:5a:9f:cb:b4:49:0b:
                    3c:66:28:66:9c:ff:30:3e:c4:a0:ce:fc:b5:f7:7c:
                    fd:01:42:c3:32:f8:e6:30:48:07:8f:ad:53:28:e4:
                    ab:c6:1e:31:7e:6d:f5:7c:a5:87:d4:8b:ec:e3:4f:
                    8b:88:cd:7a:2c:91:f9:95:e8:20:fc:da:66:ea:43:
                    96:8c:3d:ea:42:dc:64:65:46:ad:8b:93:f0:0f:1b:
                    74:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:48:45:5F:40:94:67:55:13:E0:B7:A6:82:48:AA:78:0A:7F:ED:B4
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:95:76:de:f2:b1:88:22:16:5e:fd:49:61:b9:3a:80:ed:71:
         87:c2:1b:80:ce:4e:ff:95:2e:5d:5a:df:b7:9c:ac:c5:e8:b9:
         90:7b:d5:ca:64:16:c8:82:f3:ac:7b:70:57:86:07:38:5d:bf:
         bf:16:38:52:ec:d9:15:a4:84:8d:be:98:a0:a5:00:d3:1d:2a:
         4f:66:e6:93:f4:1e:a4:0c:b2:a3:c6:08:98:85:49:79:80:28:
         64:2a:49:f5:ec:0e:17:b2:62:cb:57:09:36:9b:ef:df:56:c6:
         35:4b:a5:9e:9f:4f:f8:56:ab:71:ea:d6:81:b7:75:15:82:40:
         98:3d:d2:97:a8:80:77:ff:be:71:bb:30:72:c9:20:23:b1:c4:
         9d:31:ae:3b:9c:e6:e6:5c:13:1d:cc:8c:2e:5d:60:2a:a0:5b:
         ea:e4:76:e7:6d:8e:da:9e:82:62:36:25:77:f1:1e:f7:f2:5b:
         f3:db:b0:ce:9a:3f:62:71:88:bb:c0:4c:e0:58:c9:29:51:12:
         57:6a:c8:39:2d:5a:00:51:44:d0:14:8a:59:a9:18:c6:eb:61:
         1a:c5:e5:d6:98:84:61:60:22:2b:48:32:b4:c1:55:9a:62:44:
         dc:ce:83:ec:eb:c4:88:3d:3a:a5:a5:e0:86:2d:8c:c2:1d:84:
         f9:a3:8c:25
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURNyR6PcvDNsLCyi/Ecu968NVl0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDEyMTIwOTQ4NDhaFw0yNTEyMTEwOTUzNDhaMDMxMTAvBgNV
BAMTKEQ2NDg0NTVGNDA5NDY3NTUxM0UwQjdBNjgyNDhBQTc4MEE3RkVEQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzfz33i+P8lojNrUcNLOybPjXJ
h1A1h8hFRFuXoHyXy0to4wWi0AqOMZdcK+ToarPFMyor8eEVHdvAX4u3FICtw8Wz
V01PdLZdLLLC6D5uFYFBmIdeG/JC87ZENQlo33AoLUisNK3B0n3q9UfICamGbnfN
vk1QFBASC4teaqkmuw5UjjGvRBcB8wW/QJ3w+eR30i2Dx3LZQX6E4M6kd0hm0jHw
+uY9jRsIBHyNmVqfy7RJCzxmKGac/zA+xKDO/LX3fP0BQsMy+OYwSAePrVMo5KvG
HjF+bfV8pYfUi+zjT4uIzXoskfmV6CD82mbqQ5aMPepC3GRlRq2Lk/APG3SnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1khFX0CUZ1UT4LemgkiqeAp/7bQwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzAzMDM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZeMA0G
CSqGSIb3DQEBCwUAA4IBAQAAlXbe8rGIIhZe/UlhuTqA7XGHwhuAzk7/lS5dWt+3
nKzF6LmQe9XKZBbIgvOse3BXhgc4Xb+/FjhS7NkVpISNvpigpQDTHSpPZuaT9B6k
DLKjxgiYhUl5gChkKkn17A4XsmLLVwk2m+/fVsY1S6Wen0/4Vqtx6taBt3UVgkCY
PdKXqIB3/75xuzByySAjscSdMa47nObmXBMdzIwuXWAqoFvq5HbnbY7anoJiNiV3
8R738lvz27DOmj9icYi7wEzgWMkpURJXasg5LVoAUUTQFIpZqRjG62EaxeXWmIRh
YCIrSDK0wVWaYkTczoPs68SIPTqlpeCGLYzCHYT5o4wl
-----END CERTIFICATE-----