Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
File:                     34352e31332e3134382e302f32332d3233203d3e203632333837.roa (raw, json)
Hash identifier:          Gd+G4Zr088TNOtiL3B6vX4VMHdc64e6XVCPxcaSyzoI=
Subject key identifier:   60:47:C9:CF:2C:3E:D0:F2:1A:36:A5:7B:D0:28:A3:0F:8B:85:6D:99
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       56D3260FBC7E84E3ECD9ED646AD5276C484C2299
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
Signing time:             Mon 11 Sep 2023 16:47:02 +0000
ROA not before:           Mon 11 Sep 2023 16:42:02 +0000
ROA not after:            Mon 09 Sep 2024 16:47:02 +0000
asID:                     62387
IP address blocks:        45.13.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d3:26:0f:bc:7e:84:e3:ec:d9:ed:64:6a:d5:27:6c:48:4c:22:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Sep 11 16:42:02 2023 GMT
            Not After : Sep  9 16:47:02 2024 GMT
        Subject: CN=6047C9CF2C3ED0F21A36A57BD028A30F8B856D99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6d:99:47:86:6f:44:1f:dd:34:c3:28:ed:bd:
                    2c:6a:dc:12:a0:db:9f:30:83:52:e5:11:1f:52:28:
                    1c:38:81:fa:b8:ae:07:ee:27:f2:5a:82:27:55:5e:
                    a2:f4:83:c5:5a:76:1a:c6:f2:7d:73:2a:f3:92:4a:
                    1d:a7:90:87:f4:e4:33:32:21:40:c2:66:fb:06:17:
                    91:8d:21:82:11:3a:0a:2c:f9:47:53:91:3d:f3:42:
                    ff:f0:68:ff:6c:42:cf:b8:85:bc:87:6d:f5:00:9f:
                    41:1b:78:77:18:3d:b5:a7:8b:6d:a2:48:94:f8:76:
                    0b:21:9d:2b:f6:f9:8b:7a:b0:ea:e6:03:84:e3:16:
                    40:d2:7d:a3:df:fb:42:82:59:fc:a2:03:9b:1c:bd:
                    ad:b0:e0:eb:69:06:5b:af:31:1b:6c:48:6c:e2:f1:
                    07:b7:59:42:4a:54:87:0c:62:08:02:4c:07:e6:0d:
                    9b:b4:1d:a4:f3:86:8b:c5:42:b9:ac:39:08:7c:3f:
                    10:2e:79:d6:e5:6a:bc:b0:0c:ed:d2:b0:52:f8:7c:
                    99:4d:29:26:e8:5b:cc:99:d4:e4:b8:17:84:b2:4a:
                    42:0d:b4:6a:76:51:eb:8a:9b:47:2d:15:af:7b:79:
                    16:85:14:a9:0d:4f:6a:42:b2:67:2f:d2:17:b2:5e:
                    5e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:47:C9:CF:2C:3E:D0:F2:1A:36:A5:7B:D0:28:A3:0F:8B:85:6D:99
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:37:ed:37:b3:f6:2b:09:b6:64:46:7e:86:91:b0:de:73:4f:
         38:4b:8e:32:be:bb:d9:1a:65:5c:57:b0:e6:96:32:99:58:dd:
         b3:bd:e0:78:c6:00:e9:63:f4:be:f0:b7:ef:70:eb:45:a4:3f:
         66:dd:3d:c9:c5:20:ce:5f:f6:1c:60:c4:c3:02:96:81:fd:d3:
         fc:8b:a9:e5:7c:c5:b9:6f:bb:32:8e:c2:68:1e:bb:fa:eb:e3:
         a5:05:5f:59:99:0c:15:e2:a1:e5:a4:e2:04:b0:86:bb:07:6c:
         fb:b2:90:4b:d7:ca:bd:8a:05:9c:e4:2c:92:b3:43:57:83:91:
         2e:14:d6:53:ef:84:41:09:5a:85:b4:53:e8:70:a1:3f:44:a9:
         c8:57:5c:89:c9:b5:0e:ab:4c:0c:03:bf:89:6c:91:2a:db:07:
         a6:18:f1:97:4a:60:10:4f:7f:45:b2:9f:0f:60:c9:b4:2a:6a:
         f1:c6:18:48:e7:bf:f2:80:b5:8e:d2:b6:78:3d:2b:a5:a0:98:
         b1:61:58:71:24:97:c4:c3:1c:6a:57:01:31:b7:b3:92:4e:3b:
         e0:b1:ac:ea:78:ed:ba:90:d9:a6:e5:4d:d5:f7:0c:86:d3:82:
         30:51:83:16:37:23:75:fe:da:1d:e0:b0:60:14:6c:67:07:8d:
         86:24:09:30
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVtMmD7x+hOPs2e1katUnbEhMIpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yMzA5MTExNjQyMDJaFw0yNDA5MDkxNjQ3MDJaMDMxMTAvBgNV
BAMTKDYwNDdDOUNGMkMzRUQwRjIxQTM2QTU3QkQwMjhBMzBGOEI4NTZEOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7bZlHhm9EH900wyjtvSxq3BKg
258wg1LlER9SKBw4gfq4rgfuJ/JagidVXqL0g8VadhrG8n1zKvOSSh2nkIf05DMy
IUDCZvsGF5GNIYIROgos+UdTkT3zQv/waP9sQs+4hbyHbfUAn0EbeHcYPbWni22i
SJT4dgshnSv2+Yt6sOrmA4TjFkDSfaPf+0KCWfyiA5scva2w4OtpBluvMRtsSGzi
8Qe3WUJKVIcMYggCTAfmDZu0HaTzhovFQrmsOQh8PxAuedblarywDO3SsFL4fJlN
KSboW8yZ1OS4F4SySkINtGp2UeuKm0ctFa97eRaFFKkNT2pCsmcv0heyXl73AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYEfJzyw+0PIaNqV70CijD4uFbZkwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzEzMzJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzYzMjMzMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0N
lDANBgkqhkiG9w0BAQsFAAOCAQEAOTftN7P2Kwm2ZEZ+hpGw3nNPOEuOMr672Rpl
XFew5pYymVjds73geMYA6WP0vvC373DrRaQ/Zt09ycUgzl/2HGDEwwKWgf3T/Iup
5XzFuW+7Mo7CaB67+uvjpQVfWZkMFeKh5aTiBLCGuwds+7KQS9fKvYoFnOQskrND
V4ORLhTWU++EQQlahbRT6HChP0SpyFdcicm1DqtMDAO/iWyRKtsHphjxl0pgEE9/
RbKfD2DJtCpq8cYYSOe/8oC1jtK2eD0rpaCYsWFYcSSXxMMcalcBMbezkk474LGs
6njtupDZpuVN1fcMhtOCMFGDFjcjdf7aHeCwYBRsZweNhiQJMA==
-----END CERTIFICATE-----