Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39382e302f32342d3234203d3e203439353831.roa
File:                     34352e3133372e39382e302f32342d3234203d3e203439353831.roa (raw, json)
Hash identifier:          k2iEAAGf45pr1uEFDbmkoTBP2GOjSRwZ70EV2sT1O3A=
Subject key identifier:   DB:9F:26:99:25:77:D4:26:04:FD:45:91:0B:82:9D:B3:82:92:5A:0E
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       5AC9CE20EF6E30878D5AC42FE6FF1FFBA82E751A
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39382e302f32342d3234203d3e203439353831.roa
Signing time:             Fri 09 Feb 2024 11:12:23 +0000
ROA not before:           Fri 09 Feb 2024 11:07:23 +0000
ROA not after:            Fri 07 Feb 2025 11:12:23 +0000
asID:                     49581
IP address blocks:        45.137.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:c9:ce:20:ef:6e:30:87:8d:5a:c4:2f:e6:ff:1f:fb:a8:2e:75:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb  9 11:07:23 2024 GMT
            Not After : Feb  7 11:12:23 2025 GMT
        Subject: CN=DB9F26992577D42604FD45910B829DB382925A0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:00:70:9a:72:8c:43:8b:21:c3:dc:9d:5d:a2:
                    3f:dd:97:90:67:2a:a1:13:5f:b5:73:f6:88:d7:7f:
                    01:06:8c:e5:65:3f:78:6c:c3:98:90:8d:0e:bc:5c:
                    98:d8:b4:49:da:ae:1a:29:dc:90:de:26:3d:03:87:
                    ae:0a:0b:5c:17:4a:f7:92:6e:7b:e2:26:3d:b3:35:
                    0b:e1:b2:0a:ad:eb:95:1d:b5:e7:c8:80:5d:78:ce:
                    bf:ff:3b:28:c1:b3:cb:b4:dd:f9:a0:b3:0f:10:64:
                    e1:5b:24:31:51:3e:35:ff:ca:80:e0:cf:0d:90:47:
                    5a:6c:9e:92:0a:b2:d9:9e:f2:ed:93:a6:4a:cb:48:
                    03:a5:4b:8e:e0:8f:03:67:90:3f:1f:46:ae:4f:97:
                    4b:d0:59:54:17:24:c3:75:31:ab:0a:fc:20:e7:07:
                    5d:4b:b3:89:db:b4:62:0e:aa:8f:e9:00:37:42:f5:
                    2e:cf:a8:84:00:c1:a2:e7:c6:df:eb:f0:25:25:ed:
                    94:96:6d:bf:81:4a:28:e8:e8:62:7d:d2:74:59:3d:
                    49:47:89:55:0f:67:73:63:e5:2f:c7:20:fe:3d:94:
                    74:03:32:ab:14:d8:56:cd:1b:2a:8d:38:32:c9:a2:
                    39:8c:bc:ca:91:4d:12:57:e2:9e:f8:a4:40:41:4f:
                    d1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9F:26:99:25:77:D4:26:04:FD:45:91:0B:82:9D:B3:82:92:5A:0E
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39382e302f32342d3234203d3e203439353831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:97:de:6f:83:e8:09:d8:6d:7a:57:c4:08:5a:e3:a4:89:67:
         40:cf:fd:77:6c:61:52:9d:6a:28:55:6f:82:d9:99:c3:4d:0e:
         33:7f:63:ba:6d:4c:c4:85:74:ef:15:1a:15:0f:95:1c:23:e6:
         00:e6:3e:f2:44:47:1e:7d:48:f8:93:f4:53:fa:65:98:a2:b0:
         6c:a5:1d:a2:e3:b4:c3:e8:a3:84:37:cb:4b:15:9e:e7:bd:f1:
         24:7e:05:3d:78:3d:54:10:e9:aa:82:6e:a4:00:52:c8:11:1a:
         c6:4a:8e:37:34:a5:c1:a7:13:82:c4:bc:e6:d0:4c:19:09:01:
         6c:73:29:f5:0b:aa:20:08:07:26:3d:11:6a:78:b7:2e:c1:de:
         ac:55:75:54:89:f7:5a:a2:80:cc:83:58:eb:0f:1e:14:fd:11:
         45:7e:9e:da:28:41:f4:4b:ec:01:a4:42:be:54:48:dd:0c:2b:
         17:9a:17:17:80:c4:ee:28:bf:b5:3d:2b:8c:77:93:f9:ce:07:
         da:13:3d:51:f9:c2:0f:cb:f2:52:78:6e:cc:7f:0a:7a:25:da:
         1c:0d:74:eb:3e:40:fc:96:cc:db:ba:c6:23:4c:e9:dd:77:fc:
         64:2a:f8:94:28:e1:ce:b0:98:ab:f2:a1:5c:67:02:ef:08:5c:
         99:59:57:35
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWsnOIO9uMIeNWsQv5v8f+6gudRowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDAyMDkxMTA3MjNaFw0yNTAyMDcxMTEyMjNaMDMxMTAvBgNV
BAMTKERCOUYyNjk5MjU3N0Q0MjYwNEZENDU5MTBCODI5REIzODI5MjVBMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChAHCacoxDiyHD3J1doj/dl5Bn
KqETX7Vz9ojXfwEGjOVlP3hsw5iQjQ68XJjYtEnarhop3JDeJj0Dh64KC1wXSveS
bnviJj2zNQvhsgqt65UdtefIgF14zr//OyjBs8u03fmgsw8QZOFbJDFRPjX/yoDg
zw2QR1psnpIKstme8u2TpkrLSAOlS47gjwNnkD8fRq5Pl0vQWVQXJMN1MasK/CDn
B11Ls4nbtGIOqo/pADdC9S7PqIQAwaLnxt/r8CUl7ZSWbb+BSijo6GJ90nRZPUlH
iVUPZ3Nj5S/HIP49lHQDMqsU2FbNGyqNODLJojmMvMqRTRJX4p74pEBBT9HRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU258mmSV31CYE/UWRC4Kds4KSWg4wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMzM3MmUzOTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzOTM1MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2J
YjANBgkqhkiG9w0BAQsFAAOCAQEAFZfeb4PoCdhtelfECFrjpIlnQM/9d2xhUp1q
KFVvgtmZw00OM39jum1MxIV07xUaFQ+VHCPmAOY+8kRHHn1I+JP0U/plmKKwbKUd
ouO0w+ijhDfLSxWe573xJH4FPXg9VBDpqoJupABSyBEaxkqONzSlwacTgsS85tBM
GQkBbHMp9QuqIAgHJj0Rani3LsHerFV1VIn3WqKAzINY6w8eFP0RRX6e2ihB9Evs
AaRCvlRI3QwrF5oXF4DE7ii/tT0rjHeT+c4H2hM9UfnCD8vyUnhuzH8KeiXaHA10
6z5A/JbM27rGI0zp3Xf8ZCr4lCjhzrCYq/KhXGcC7whcmVlXNQ==
-----END CERTIFICATE-----