Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39382e302f32342d3234203d3e203439353831.roa
File:                     34352e3133372e39382e302f32342d3234203d3e203439353831.roa (raw, json)
Hash identifier:          UinAxXRV1cav6FHEncBnRbMBvCjJLW3/NgOjl8W8Ko4=
Subject key identifier:   56:29:2B:2C:5A:66:49:96:B7:BF:80:A7:D9:83:70:44:F5:5B:9B:D6
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       581E005BF330516E6105625870CD9457A6E23089
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39382e302f32342d3234203d3e203439353831.roa
Signing time:             Fri 10 Jan 2025 11:53:51 +0000
ROA not before:           Fri 10 Jan 2025 11:48:51 +0000
ROA not after:            Fri 09 Jan 2026 11:53:51 +0000
asID:                     49581
IP address blocks:        45.137.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:19:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:1e:00:5b:f3:30:51:6e:61:05:62:58:70:cd:94:57:a6:e2:30:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jan 10 11:48:51 2025 GMT
            Not After : Jan  9 11:53:51 2026 GMT
        Subject: CN=56292B2C5A664996B7BF80A7D9837044F55B9BD6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:03:12:bc:b1:6e:3f:59:bf:b8:c8:0f:cc:46:
                    97:29:93:1f:8e:2a:dc:d1:1f:11:b4:ce:26:67:da:
                    cc:64:9c:c1:b9:14:36:7f:83:aa:83:fc:6a:ff:8f:
                    2f:35:70:1e:99:6d:84:54:d1:e9:b1:3c:63:82:9a:
                    8e:72:f2:d8:f8:91:23:fb:9f:34:12:1f:ef:01:20:
                    af:7c:c1:cf:a4:ee:66:dc:f9:71:6d:14:01:56:72:
                    19:95:a4:01:56:dd:d6:d0:48:f7:17:52:e0:f4:6e:
                    80:30:a6:2b:82:45:e0:59:d8:38:b4:84:0b:bc:09:
                    a1:a8:ae:53:4f:37:69:98:97:9a:8e:e5:fa:73:b3:
                    b4:e0:6d:c3:49:3c:5c:a7:49:6a:3c:89:6b:90:86:
                    b4:f2:ba:eb:52:59:c4:fc:03:d2:0b:36:30:0a:de:
                    13:d2:2b:e4:aa:61:51:d4:14:79:c3:05:5a:22:bf:
                    ab:76:43:d9:1a:3b:be:76:1d:88:de:e6:5c:2b:0b:
                    a4:8f:c2:9b:7d:cc:6b:d9:e3:e0:ef:f3:a6:f3:d7:
                    ff:63:66:4f:1b:2f:3e:77:f2:43:51:df:56:d6:de:
                    ed:ee:e9:33:9a:37:c4:9c:6d:06:e5:8a:a7:d2:57:
                    e5:13:d5:ec:10:e7:b9:d2:0d:87:5f:ad:ff:d6:c5:
                    41:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:29:2B:2C:5A:66:49:96:B7:BF:80:A7:D9:83:70:44:F5:5B:9B:D6
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39382e302f32342d3234203d3e203439353831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:a0:60:a1:41:06:98:6a:b8:da:a4:90:a8:86:89:a3:95:f1:
         f7:68:d6:54:9d:8b:47:9c:7c:92:62:1b:6d:f7:94:f4:0b:fd:
         17:8b:50:06:36:2f:57:cb:2c:0c:b7:8b:4f:a7:25:bc:b6:bc:
         78:86:a6:c4:71:74:3f:85:68:83:e6:af:7c:e7:3e:40:58:e7:
         18:6b:37:8b:f2:b2:ca:bf:56:2e:9f:7e:95:91:81:e3:42:2a:
         fc:62:f2:82:2d:5e:86:ad:50:33:e1:1b:6b:55:8b:59:cc:06:
         a9:b8:c7:34:44:81:7e:30:24:66:e0:a7:90:14:f4:24:3b:ea:
         a3:25:bd:65:d6:e7:c6:eb:dc:20:98:a8:88:1d:64:55:3b:18:
         56:ac:c7:2c:89:29:30:97:9b:ac:43:97:d9:b9:95:c2:04:fd:
         9f:a6:56:d1:39:7b:94:71:72:74:6d:81:9b:23:de:ac:3f:50:
         ca:4d:f6:17:c9:44:34:25:1a:ae:6a:8e:7c:b4:0f:0d:73:6d:
         88:bc:e9:79:fc:b0:5f:85:41:18:d0:a9:29:b8:a9:4a:e4:ec:
         aa:38:6e:2b:f0:50:3f:df:24:99:ae:32:77:e4:6e:6b:f0:bf:
         f6:b6:d8:be:fe:16:16:5b:dc:e2:02:78:39:04:da:11:07:17:
         03:5d:08:c3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWB4AW/MwUW5hBWJYcM2UV6biMIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTAxMTAxMTQ4NTFaFw0yNjAxMDkxMTUzNTFaMDMxMTAvBgNV
BAMTKDU2MjkyQjJDNUE2NjQ5OTZCN0JGODBBN0Q5ODM3MDQ0RjU1QjlCRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcAxK8sW4/Wb+4yA/MRpcpkx+O
KtzRHxG0ziZn2sxknMG5FDZ/g6qD/Gr/jy81cB6ZbYRU0emxPGOCmo5y8tj4kSP7
nzQSH+8BIK98wc+k7mbc+XFtFAFWchmVpAFW3dbQSPcXUuD0boAwpiuCReBZ2Di0
hAu8CaGorlNPN2mYl5qO5fpzs7TgbcNJPFynSWo8iWuQhrTyuutSWcT8A9ILNjAK
3hPSK+SqYVHUFHnDBVoiv6t2Q9kaO752HYje5lwrC6SPwpt9zGvZ4+Dv86bz1/9j
Zk8bLz538kNR31bW3u3u6TOaN8ScbQbliqfSV+UT1ewQ57nSDYdfrf/WxUH1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVikrLFpmSZa3v4Cn2YNwRPVbm9YwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMzM3MmUzOTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzOTM1MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2J
YjANBgkqhkiG9w0BAQsFAAOCAQEADqBgoUEGmGq42qSQqIaJo5Xx92jWVJ2LR5x8
kmIbbfeU9Av9F4tQBjYvV8ssDLeLT6clvLa8eIamxHF0P4Vog+avfOc+QFjnGGs3
i/Kyyr9WLp9+lZGB40Iq/GLygi1ehq1QM+Eba1WLWcwGqbjHNESBfjAkZuCnkBT0
JDvqoyW9ZdbnxuvcIJioiB1kVTsYVqzHLIkpMJebrEOX2bmVwgT9n6ZW0Tl7lHFy
dG2BmyPerD9Qyk32F8lENCUarmqOfLQPDXNtiLzpefywX4VBGNCpKbipSuTsqjhu
K/BQP98kma4yd+Rua/C/9rbYvv4WFlvc4gJ4OQTaEQcXA10Iww==
-----END CERTIFICATE-----