Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313432313131.roa
File:                     34352e31322e38322e302f32342d3234203d3e20313432313131.roa (raw, json)
Hash identifier:          A9lJgND37TYxlxOboJI1qJm9vsf5T/FN3BJiwtTpgw4=
Subject key identifier:   78:A6:FB:93:A2:BD:9F:1D:7C:BB:8A:7B:BD:F8:1A:96:D8:AC:14:0E
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       73E40EB788CAC7C88E81970113D22E131C4296ED
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313432313131.roa
Signing time:             Wed 21 Feb 2024 19:05:12 +0000
ROA not before:           Wed 21 Feb 2024 19:00:12 +0000
ROA not after:            Wed 19 Feb 2025 19:05:12 +0000
asID:                     142111
IP address blocks:        45.12.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 16:37:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:e4:0e:b7:88:ca:c7:c8:8e:81:97:01:13:d2:2e:13:1c:42:96:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 21 19:00:12 2024 GMT
            Not After : Feb 19 19:05:12 2025 GMT
        Subject: CN=78A6FB93A2BD9F1D7CBB8A7BBDF81A96D8AC140E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4a:63:e8:05:36:8c:60:6a:d0:0f:3c:6b:3b:
                    11:93:c2:65:17:77:e5:13:c5:c6:83:af:bc:0c:75:
                    ab:bf:1d:2e:e2:2a:6a:b1:82:2e:c6:f6:55:01:84:
                    d2:b9:66:37:c1:da:f2:22:05:0b:75:25:7e:14:97:
                    57:3e:2e:eb:24:56:5c:02:a1:16:9b:9a:2b:9b:fb:
                    42:03:9d:dd:36:46:a9:7c:76:42:47:00:2d:e6:5a:
                    6e:1d:a7:72:74:fd:66:4c:cd:d9:48:45:7c:72:30:
                    83:b8:e5:75:bd:ba:7d:4b:30:5b:0e:a9:f5:6d:c0:
                    85:44:20:8c:a6:d6:ae:cc:75:2a:b2:01:53:32:a3:
                    2b:c6:67:82:d3:12:e6:ed:37:66:75:5e:e5:14:77:
                    99:fd:1c:57:2e:f7:43:9b:f2:7c:95:b5:df:72:50:
                    dc:cf:fb:d4:68:69:8b:76:7b:b8:c0:ef:07:a1:1a:
                    c4:8d:1b:69:1f:88:16:2e:f4:73:fb:f7:b3:24:52:
                    06:12:8b:36:ed:4a:d7:0d:64:24:66:9a:e0:4b:2f:
                    75:ef:5e:3f:8b:40:09:0b:c5:57:29:a2:b6:77:c6:
                    8b:e5:8b:37:46:03:62:36:6f:de:08:2d:0e:56:61:
                    49:bd:65:42:91:69:07:d5:33:26:5b:8c:40:7d:1c:
                    5d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A6:FB:93:A2:BD:9F:1D:7C:BB:8A:7B:BD:F8:1A:96:D8:AC:14:0E
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313432313131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:5e:54:42:64:29:40:39:3e:d1:5c:84:ed:37:56:b4:d1:f5:
         1e:ca:d9:bc:3a:d8:32:87:77:d7:e4:4e:4b:d0:0c:28:b2:1a:
         a7:d3:d6:85:68:83:76:61:4b:3c:5b:22:3f:bf:be:f2:26:dd:
         34:87:5f:c9:35:92:5b:5b:43:bb:5b:70:c6:4f:20:4e:ff:2f:
         aa:26:b4:a5:c4:fa:55:29:06:40:83:86:a4:c7:85:14:57:14:
         24:5a:51:99:7f:bf:32:59:d2:ea:49:41:22:cf:25:84:52:28:
         98:b0:e4:e4:ae:2b:f6:e2:b4:c5:d5:8f:ba:17:42:18:c1:7b:
         86:2c:87:46:21:ed:3b:10:37:80:fb:c0:3d:aa:14:b6:04:c9:
         34:a5:61:f0:e0:e1:e3:d7:ee:d4:61:05:a8:d2:4c:f7:81:f7:
         45:9d:d7:99:e6:0d:65:c2:5f:80:bd:f0:25:f2:f0:70:b4:40:
         d5:b4:33:e6:1b:30:e8:8f:e0:cb:f0:a7:e5:fd:49:47:40:8f:
         f3:d4:58:f1:6c:93:ba:57:82:12:6a:44:01:2a:6f:59:c5:dc:
         9f:b7:85:4e:e4:74:fc:cd:cf:6b:87:13:47:47:f4:9e:51:58:
         eb:3f:78:2a:fa:77:e1:35:a7:62:db:32:9c:6b:3b:54:73:25:
         d5:72:74:8d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUc+QOt4jKx8iOgZcBE9IuExxClu0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMjExOTAwMTJaFw0yNTAyMTkxOTA1MTJaMDMxMTAvBgNV
BAMTKDc4QTZGQjkzQTJCRDlGMUQ3Q0JCOEE3QkJERjgxQTk2RDhBQzE0MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4SmPoBTaMYGrQDzxrOxGTwmUX
d+UTxcaDr7wMdau/HS7iKmqxgi7G9lUBhNK5ZjfB2vIiBQt1JX4Ul1c+LuskVlwC
oRabmiub+0IDnd02Rql8dkJHAC3mWm4dp3J0/WZMzdlIRXxyMIO45XW9un1LMFsO
qfVtwIVEIIym1q7MdSqyAVMyoyvGZ4LTEubtN2Z1XuUUd5n9HFcu90Ob8nyVtd9y
UNzP+9RoaYt2e7jA7wehGsSNG2kfiBYu9HP797MkUgYSizbtStcNZCRmmuBLL3Xv
Xj+LQAkLxVcporZ3xovlizdGA2I2b94ILQ5WYUm9ZUKRaQfVMyZbjEB9HF1nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeKb7k6K9nx18u4p7vfgaltisFA4wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzQzMjMxMzEzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0M
UjANBgkqhkiG9w0BAQsFAAOCAQEABV5UQmQpQDk+0VyE7TdWtNH1HsrZvDrYMod3
1+ROS9AMKLIap9PWhWiDdmFLPFsiP7++8ibdNIdfyTWSW1tDu1twxk8gTv8vqia0
pcT6VSkGQIOGpMeFFFcUJFpRmX+/MlnS6klBIs8lhFIomLDk5K4r9uK0xdWPuhdC
GMF7hiyHRiHtOxA3gPvAPaoUtgTJNKVh8ODh49fu1GEFqNJM94H3RZ3XmeYNZcJf
gL3wJfLwcLRA1bQz5hsw6I/gy/Cn5f1JR0CP89RY8WyTuleCEmpEASpvWcXcn7eF
TuR0/M3Pa4cTR0f0nlFY6z94Kvp34TWnYtsynGs7VHMl1XJ0jQ==
-----END CERTIFICATE-----