Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa
File:                     34352e38362e39352e302f32342d3234203d3e2031323939.roa (raw, json)
Hash identifier:          sHNUjx1C5zDVVNYZO6LMRJJnO0yFg6+u79okyr4JNqE=
Subject key identifier:   62:C1:16:38:A1:1D:4B:BC:1A:B6:92:DC:BF:86:52:5D:A1:CA:EC:7B
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       70BB01D689DFBC947F814A6489CE75431384990B
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa
Signing time:             Sun 06 Aug 2023 14:21:46 +0000
ROA not before:           Sun 06 Aug 2023 14:16:46 +0000
ROA not after:            Sun 04 Aug 2024 14:21:46 +0000
asID:                     1299
IP address blocks:        45.86.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:bb:01:d6:89:df:bc:94:7f:81:4a:64:89:ce:75:43:13:84:99:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Aug  6 14:16:46 2023 GMT
            Not After : Aug  4 14:21:46 2024 GMT
        Subject: CN=62C11638A11D4BBC1AB692DCBF86525DA1CAEC7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9e:be:a7:21:4b:8b:f1:14:d7:a5:38:0e:04:
                    16:3b:6f:bf:e8:29:58:67:41:c8:50:4a:73:b4:6d:
                    68:d5:0e:5a:77:64:01:e9:bb:3b:3e:f5:87:96:65:
                    75:ba:ac:6e:85:68:06:d8:cf:4a:51:34:79:a5:91:
                    73:21:5a:98:3e:94:d1:b1:3f:c1:18:ef:82:4b:0b:
                    b7:c0:ac:d0:42:40:20:e2:1c:22:69:c4:dd:f1:d7:
                    e6:81:10:6a:b5:b0:34:cc:0c:f8:8e:fb:b8:b4:9e:
                    d4:02:63:89:9b:e7:fc:b7:e9:f0:7a:43:5a:b6:5b:
                    fc:2a:ee:71:04:3c:1d:69:48:ab:79:12:f4:a2:7d:
                    c6:39:37:31:92:10:25:2f:96:29:d6:e2:a3:fd:70:
                    a3:7a:60:77:67:4a:fe:d0:9c:47:09:7d:f3:e3:de:
                    c2:52:67:a0:e4:21:ac:7c:65:72:e7:88:9e:1e:23:
                    71:31:4b:a4:d8:33:a6:21:18:42:88:6d:bf:f4:5a:
                    12:bc:f5:a1:78:99:c6:86:0e:99:c2:47:28:5f:66:
                    ac:51:c0:cf:36:6b:6c:ae:0a:51:c3:01:6b:ea:54:
                    bd:1e:35:78:a6:4a:02:1d:4c:0b:1f:a7:3d:db:aa:
                    e0:3a:5c:d5:ce:ba:d7:8b:36:1f:8a:ad:81:4d:a0:
                    42:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C1:16:38:A1:1D:4B:BC:1A:B6:92:DC:BF:86:52:5D:A1:CA:EC:7B
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:52:51:d7:9c:7f:79:00:89:b4:11:5f:00:d5:15:2e:49:70:
         4b:cb:3b:ab:ce:1f:15:dc:8c:eb:0f:06:de:b0:3d:b7:cd:c7:
         63:5b:2a:0f:f8:02:c0:de:04:3a:e5:4b:2c:ba:15:41:09:3c:
         d7:3d:f2:bb:a8:23:15:07:90:d6:6f:07:92:4a:dc:be:7b:b7:
         74:fd:e9:e4:f0:1e:50:ab:53:cc:27:5e:a6:81:f5:fd:c1:5f:
         2c:0f:7b:01:cc:e0:67:5b:f9:07:51:90:10:5f:ae:54:95:1a:
         61:5a:1f:fb:a7:50:a7:9f:7a:76:a9:3b:bb:47:af:18:d6:79:
         63:65:2f:51:2f:7f:f3:25:f5:9e:4f:d2:0c:a1:6d:c9:97:d4:
         4b:12:5b:f3:7c:6a:f8:7a:c6:b3:5e:e9:56:e4:47:ea:27:05:
         ef:c5:70:6f:b6:05:e8:d9:bc:69:1b:8e:36:21:74:80:5c:70:
         24:59:b0:fe:b6:7d:b9:94:b6:53:ec:28:4d:69:8f:2c:8b:5f:
         c9:e8:45:73:f2:3a:eb:a8:54:cf:fc:5e:cd:3e:b4:fa:f2:36:
         7f:b1:32:c6:18:d8:72:c7:63:55:91:b9:ce:83:ce:f0:2f:d7:
         b3:9e:87:df:87:fc:4b:cf:ff:c3:38:9e:53:71:b4:d7:90:c0:
         05:b9:f4:f8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUcLsB1onfvJR/gUpkic51QxOEmQswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yMzA4MDYxNDE2NDZaFw0yNDA4MDQxNDIxNDZaMDMxMTAvBgNV
BAMTKDYyQzExNjM4QTExRDRCQkMxQUI2OTJEQ0JGODY1MjVEQTFDQUVDN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXnr6nIUuL8RTXpTgOBBY7b7/o
KVhnQchQSnO0bWjVDlp3ZAHpuzs+9YeWZXW6rG6FaAbYz0pRNHmlkXMhWpg+lNGx
P8EY74JLC7fArNBCQCDiHCJpxN3x1+aBEGq1sDTMDPiO+7i0ntQCY4mb5/y36fB6
Q1q2W/wq7nEEPB1pSKt5EvSifcY5NzGSECUvlinW4qP9cKN6YHdnSv7QnEcJffPj
3sJSZ6DkIax8ZXLniJ4eI3ExS6TYM6YhGEKIbb/0WhK89aF4mcaGDpnCRyhfZqxR
wM82a2yuClHDAWvqVL0eNXimSgIdTAsfpz3bquA6XNXOuteLNh+KrYFNoEKdAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUYsEWOKEdS7watpLcv4ZSXaHK7HswHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzIzOTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZfMA0G
CSqGSIb3DQEBCwUAA4IBAQAlUlHXnH95AIm0EV8A1RUuSXBLyzurzh8V3IzrDwbe
sD23zcdjWyoP+ALA3gQ65UssuhVBCTzXPfK7qCMVB5DWbweSSty+e7d0/enk8B5Q
q1PMJ16mgfX9wV8sD3sBzOBnW/kHUZAQX65UlRphWh/7p1Cnn3p2qTu7R68Y1nlj
ZS9RL3/zJfWeT9IMoW3Jl9RLElvzfGr4esazXulW5EfqJwXvxXBvtgXo2bxpG442
IXSAXHAkWbD+tn25lLZT7ChNaY8si1/J6EVz8jrrqFTP/F7NPrT68jZ/sTLGGNhy
x2NVkbnOg87wL9eznoffh/xLz//DOJ5TcbTXkMAFufT4
-----END CERTIFICATE-----