Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20383334.roa
File:                     34352e31322e38312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          HIjDim/aJnwFHmj6N/17PGBhU/jfWYs5f7z8zlADL6I=
Subject key identifier:   66:F3:8D:8F:6E:96:CC:34:3C:3C:0C:63:E1:5A:C4:9F:5B:F8:60:FE
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       263655530D2F49324B2D1F58B59A0392B02DF2EF
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20383334.roa
Signing time:             Fri 07 Feb 2025 00:01:23 +0000
ROA not before:           Thu 06 Feb 2025 23:56:23 +0000
ROA not after:            Fri 06 Feb 2026 00:01:23 +0000
asID:                     834
IP address blocks:        45.12.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:36:55:53:0d:2f:49:32:4b:2d:1f:58:b5:9a:03:92:b0:2d:f2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb  6 23:56:23 2025 GMT
            Not After : Feb  6 00:01:23 2026 GMT
        Subject: CN=66F38D8F6E96CC343C3C0C63E15AC49F5BF860FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3d:99:36:70:20:f7:63:a7:46:7d:d9:6a:00:
                    9c:b3:a0:26:40:34:b9:cd:97:6c:a3:5e:7c:45:dd:
                    1d:f1:cc:79:3c:39:f3:c8:28:5f:82:e8:39:7f:d8:
                    72:d2:9d:b3:82:1e:17:98:0f:33:d6:5b:4c:eb:35:
                    d2:8b:bf:f1:b2:ab:62:87:aa:25:3d:ee:3e:c0:75:
                    0e:99:6c:27:52:f8:df:ea:a3:d9:68:b4:9d:76:78:
                    33:46:12:ad:70:77:92:c2:34:9d:7d:d2:72:1f:a0:
                    7f:e9:60:e7:44:41:74:77:ef:0f:1d:ca:fc:e3:57:
                    ee:9f:a3:7b:bc:21:7f:7b:70:a9:82:82:9b:ed:5f:
                    7f:94:80:cd:d5:9e:21:67:25:7b:c2:ab:f7:a0:4a:
                    5d:87:e0:ff:a5:59:d3:da:78:c8:ac:87:f1:ae:78:
                    45:3c:d0:1e:61:0e:f9:38:0d:0a:f2:7a:14:27:1e:
                    d0:f0:6c:c7:70:e8:cc:6b:43:49:60:fa:68:97:12:
                    bc:c4:85:10:4e:f5:2f:bc:cf:2f:5e:f6:a8:80:32:
                    55:69:e1:2a:58:a1:8d:27:5d:e9:68:09:ea:36:6d:
                    0d:dd:a5:54:c2:f1:a6:65:be:d6:05:d4:b3:d8:1a:
                    16:92:23:9c:99:d1:fd:85:b0:31:63:9e:53:6a:22:
                    6f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F3:8D:8F:6E:96:CC:34:3C:3C:0C:63:E1:5A:C4:9F:5B:F8:60:FE
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:9a:5d:42:5c:60:38:26:56:3c:cb:5e:0e:65:09:06:90:ca:
         e3:3d:7e:64:ec:7d:f4:bb:7b:36:64:a3:07:20:ba:16:b8:ab:
         5d:05:52:b7:cb:af:01:0a:6d:48:33:6c:94:13:7b:7d:f8:f9:
         03:dc:5c:8b:38:68:9a:9a:9c:57:38:9d:a0:20:6b:4e:74:54:
         d7:0d:97:c3:50:12:17:db:93:79:ff:eb:de:0e:82:c2:ff:76:
         af:21:8a:2b:ed:1b:fe:ce:37:bb:16:9c:23:17:4c:f4:53:06:
         a5:2f:d1:e5:de:61:83:db:ec:b4:7f:3f:d3:ea:7e:05:29:de:
         5d:b5:5f:eb:10:27:bb:29:5b:fc:d1:30:5e:07:24:36:f1:d5:
         b7:0b:ea:36:56:65:63:40:5c:83:a5:51:8b:f4:4b:19:18:96:
         36:c0:69:8c:95:f3:0e:0b:a9:a0:f4:3c:8c:d1:aa:9f:fd:6f:
         6c:0e:74:b5:81:a7:62:82:9c:89:60:4c:ae:ad:74:46:be:51:
         91:cc:fe:7e:ce:22:3b:97:b2:b7:96:60:d6:a1:7f:68:27:cf:
         1d:4d:93:7e:dd:94:f2:bc:b0:99:b1:1b:8d:16:ce:74:a1:19:
         6e:d8:d5:d1:10:73:a3:77:ec:b3:aa:c2:d9:49:fb:06:d0:58:
         00:f8:0f:00
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUJjZVUw0vSTJLLR9YtZoDkrAt8u8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTAyMDYyMzU2MjNaFw0yNjAyMDYwMDAxMjNaMDMxMTAvBgNV
BAMTKDY2RjM4RDhGNkU5NkNDMzQzQzNDMEM2M0UxNUFDNDlGNUJGODYwRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0PZk2cCD3Y6dGfdlqAJyzoCZA
NLnNl2yjXnxF3R3xzHk8OfPIKF+C6Dl/2HLSnbOCHheYDzPWW0zrNdKLv/Gyq2KH
qiU97j7AdQ6ZbCdS+N/qo9lotJ12eDNGEq1wd5LCNJ190nIfoH/pYOdEQXR37w8d
yvzjV+6fo3u8IX97cKmCgpvtX3+UgM3VniFnJXvCq/egSl2H4P+lWdPaeMish/Gu
eEU80B5hDvk4DQryehQnHtDwbMdw6MxrQ0lg+miXErzEhRBO9S+8zy9e9qiAMlVp
4SpYoY0nXeloCeo2bQ3dpVTC8aZlvtYF1LPYGhaSI5yZ0f2FsDFjnlNqIm+bAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUZvONj26WzDQ8PAxj4VrEn1v4YP4wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0MUTANBgkq
hkiG9w0BAQsFAAOCAQEAv5pdQlxgOCZWPMteDmUJBpDK4z1+ZOx99Lt7NmSjByC6
FrirXQVSt8uvAQptSDNslBN7ffj5A9xcizhompqcVzidoCBrTnRU1w2Xw1ASF9uT
ef/r3g6Cwv92ryGKK+0b/s43uxacIxdM9FMGpS/R5d5hg9vstH8/0+p+BSneXbVf
6xAnuylb/NEwXgckNvHVtwvqNlZlY0Bcg6VRi/RLGRiWNsBpjJXzDgupoPQ8jNGq
n/1vbA50tYGnYoKciWBMrq10Rr5Rkcz+fs4iO5eyt5Zg1qF/aCfPHU2Tft2U8ryw
mbEbjRbOdKEZbtjV0RBzo3fss6rC2Un7BtBYAPgPAA==
-----END CERTIFICATE-----