Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa
File:                     34352e38362e39352e302f32342d3234203d3e2031323939.roa (raw, json)
Hash identifier:          yQKHHpn8wCUHU+dOg286104MyMwPlf9k9qfBkCNGEsg=
Subject key identifier:   1C:E1:C0:6D:38:44:1A:8E:67:73:D3:5E:53:5E:B3:0C:34:79:C2:22
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       08919BFCA5187187B357EAFAD82912C119FF9389
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa
Signing time:             Sun 07 Jul 2024 15:05:18 +0000
ROA not before:           Sun 07 Jul 2024 15:00:18 +0000
ROA not after:            Sun 06 Jul 2025 15:05:18 +0000
asID:                     1299
IP address blocks:        45.86.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 01:57:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:91:9b:fc:a5:18:71:87:b3:57:ea:fa:d8:29:12:c1:19:ff:93:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jul  7 15:00:18 2024 GMT
            Not After : Jul  6 15:05:18 2025 GMT
        Subject: CN=1CE1C06D38441A8E6773D35E535EB30C3479C222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1d:3b:d8:a0:47:06:05:f6:b0:f1:7a:c7:bb:
                    54:00:a9:fe:da:f3:c5:4e:fa:34:d7:70:27:e6:57:
                    df:c4:b5:a1:07:f6:14:0b:dd:87:b9:4e:e6:f8:cb:
                    6b:d6:c7:e9:df:5f:d0:e0:06:95:73:15:19:07:b5:
                    c3:5e:0a:4e:c5:92:50:58:cd:b1:17:8e:9a:cb:13:
                    52:4e:f6:03:f1:03:e0:e1:5d:1e:0a:06:d3:a3:e9:
                    8c:a5:55:da:b6:c9:51:48:db:25:75:1e:bd:45:04:
                    53:1c:3a:0b:3a:89:4b:1b:ce:45:ba:89:1a:e7:93:
                    c3:90:d5:22:c4:df:20:0a:fe:01:1a:7d:5e:06:7e:
                    57:f2:13:be:46:ab:cf:19:f5:c5:bd:2c:9c:06:a1:
                    da:a1:b5:e8:d4:a7:a2:2e:86:17:58:2f:c3:80:11:
                    01:77:e7:2e:96:2b:b7:40:20:bc:9d:e3:90:b4:0a:
                    11:06:da:10:03:db:c7:24:fe:14:70:43:e0:9e:83:
                    06:bc:50:0c:1a:4a:9d:a9:ae:c8:17:86:21:49:c6:
                    3c:d5:ae:a9:61:52:24:f7:33:8f:dd:ba:23:e4:b6:
                    fd:f8:9d:c9:62:e4:a6:b4:43:f8:81:79:a0:69:19:
                    3f:d9:e4:10:39:b6:2c:0a:6f:74:cf:ef:62:75:ca:
                    aa:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E1:C0:6D:38:44:1A:8E:67:73:D3:5E:53:5E:B3:0C:34:79:C2:22
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:cb:4c:40:11:59:92:1d:d2:e3:d4:59:f8:79:21:b5:7c:b5:
         fd:e8:99:86:16:35:36:16:c5:a0:49:49:b4:9a:dc:19:c6:6e:
         86:07:4d:f4:a8:51:b6:3f:1e:88:70:ae:87:6b:c4:b0:40:1e:
         ad:ff:64:36:40:8c:60:d0:36:be:cf:7e:b9:76:9b:88:d2:2a:
         88:bf:b0:d0:fa:36:a0:b0:57:77:00:bf:b3:4f:32:e8:2e:6d:
         22:75:95:8f:86:91:3f:6a:67:d4:bf:16:b4:29:3c:09:7f:ea:
         61:55:0d:14:60:0f:11:9c:33:d8:ac:df:79:d5:65:2a:6d:6a:
         d0:2a:30:ca:5a:c9:10:c6:39:ac:c7:5b:b8:25:93:97:d4:ad:
         a7:dd:80:3d:eb:40:7f:a2:20:b2:b3:51:54:a1:31:5e:87:f9:
         bf:9d:35:92:20:2d:ab:2b:04:12:b9:e4:4d:ad:d1:6e:50:4a:
         07:b5:e8:bc:4e:f6:07:c7:31:c0:26:9d:ca:02:c3:12:97:26:
         b0:04:88:98:79:e7:da:87:eb:fd:45:57:f9:17:16:dd:81:01:
         f5:11:cb:ad:1c:d7:22:2b:08:12:4a:5f:75:f6:94:82:9c:ef:
         42:7e:71:e7:ca:a9:65:2d:66:d7:f7:da:1d:14:5b:55:53:64:
         1f:0e:1b:89
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUCJGb/KUYcYezV+r62CkSwRn/k4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNDA3MDcxNTAwMThaFw0yNTA3MDYxNTA1MThaMDMxMTAvBgNV
BAMTKDFDRTFDMDZEMzg0NDFBOEU2NzczRDM1RTUzNUVCMzBDMzQ3OUMyMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHTvYoEcGBfaw8XrHu1QAqf7a
88VO+jTXcCfmV9/EtaEH9hQL3Ye5Tub4y2vWx+nfX9DgBpVzFRkHtcNeCk7FklBY
zbEXjprLE1JO9gPxA+DhXR4KBtOj6YylVdq2yVFI2yV1Hr1FBFMcOgs6iUsbzkW6
iRrnk8OQ1SLE3yAK/gEafV4GflfyE75Gq88Z9cW9LJwGodqhtejUp6IuhhdYL8OA
EQF35y6WK7dAILyd45C0ChEG2hAD28ck/hRwQ+Cegwa8UAwaSp2prsgXhiFJxjzV
rqlhUiT3M4/duiPktv34ncli5Ka0Q/iBeaBpGT/Z5BA5tiwKb3TP72J1yqp/AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHOHAbThEGo5nc9NeU16zDDR5wiIwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzIzOTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZfMA0G
CSqGSIb3DQEBCwUAA4IBAQAKy0xAEVmSHdLj1Fn4eSG1fLX96JmGFjU2FsWgSUm0
mtwZxm6GB030qFG2Px6IcK6Ha8SwQB6t/2Q2QIxg0Da+z365dpuI0iqIv7DQ+jag
sFd3AL+zTzLoLm0idZWPhpE/amfUvxa0KTwJf+phVQ0UYA8RnDPYrN951WUqbWrQ
KjDKWskQxjmsx1u4JZOX1K2n3YA960B/oiCys1FUoTFeh/m/nTWSIC2rKwQSueRN
rdFuUEoHtei8TvYHxzHAJp3KAsMSlyawBIiYeefah+v9RVf5FxbdgQH1EcutHNci
KwgSSl919pSCnO9CfnHnyqllLWbX99odFFtVU2QfDhuJ
-----END CERTIFICATE-----