Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e203438363738.roa
File:                     34352e3135382e35372e302f32342d3234203d3e203438363738.roa (raw, json)
Hash identifier:          VQGpGZtxK7QdV8KX93E6SvBgOEWo8Nj5jmEjY1PcUZg=
Subject key identifier:   35:49:C9:C0:F4:41:DC:C2:3C:BC:AE:D0:DF:36:E3:01:A4:BC:B2:02
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       094E5532ADDE84CE96692B7C5FFD5DDF5A5048DA
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e203438363738.roa
Signing time:             Sat 13 Jul 2024 15:05:18 +0000
ROA not before:           Sat 13 Jul 2024 15:00:18 +0000
ROA not after:            Sat 12 Jul 2025 15:05:18 +0000
asID:                     48678
IP address blocks:        45.158.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:4e:55:32:ad:de:84:ce:96:69:2b:7c:5f:fd:5d:df:5a:50:48:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jul 13 15:00:18 2024 GMT
            Not After : Jul 12 15:05:18 2025 GMT
        Subject: CN=3549C9C0F441DCC23CBCAED0DF36E301A4BCB202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:fd:af:3e:ee:b9:5e:a8:57:6c:0d:e8:60:ad:
                    13:40:da:6b:b0:7a:5d:14:e7:be:70:59:f1:d9:b6:
                    b3:55:8f:7a:ff:5c:c4:2b:84:6f:e1:4b:10:e3:ba:
                    d0:88:14:88:10:26:cf:f7:f9:0b:e2:0c:77:07:e1:
                    6b:f4:e8:a2:0d:54:6f:65:86:5a:77:d6:e9:2e:3c:
                    11:16:b1:85:96:6b:46:13:96:bf:57:db:b3:be:03:
                    9f:17:9b:67:7c:85:00:61:05:e4:4c:22:83:1b:42:
                    87:5c:31:8e:ed:3f:2a:61:2f:1b:30:b6:a6:22:30:
                    34:cd:d7:63:b1:22:eb:7c:04:fa:88:81:dd:52:9c:
                    3d:2b:54:39:3e:32:c7:60:3c:d2:00:05:66:fd:e3:
                    ba:4f:d8:2d:85:a3:a1:01:a6:72:c0:78:69:4b:ba:
                    9d:03:a2:22:2d:ea:c3:2c:56:a3:b0:5f:01:01:be:
                    52:f5:3d:b9:b0:6e:89:9d:16:e4:ed:91:e9:01:c6:
                    5c:f6:dc:30:20:b6:15:23:a9:8e:98:c4:0c:52:d9:
                    67:5e:6d:cc:6c:13:9e:f9:05:d1:84:e5:01:4e:e5:
                    10:a3:b9:1c:45:5e:1c:2e:e7:19:ea:68:ed:8d:7c:
                    79:2d:c8:6b:7f:ca:d6:ab:2a:3a:a6:a8:3b:09:d7:
                    72:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:49:C9:C0:F4:41:DC:C2:3C:BC:AE:D0:DF:36:E3:01:A4:BC:B2:02
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e203438363738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:d0:0f:dd:7a:d9:0f:9c:b4:d2:24:8e:8f:c1:de:43:be:87:
         12:24:89:26:83:5d:ed:52:82:04:4d:f4:50:73:4f:e9:c5:40:
         23:8c:93:7f:00:fc:d4:24:2d:71:d3:fc:2d:64:3a:30:97:4f:
         70:2c:78:6c:e4:68:ff:21:b2:86:fb:f8:eb:e8:96:5a:96:06:
         3f:75:a0:76:ed:d9:41:33:80:e3:f3:eb:2c:05:79:0b:3a:c1:
         55:f0:63:65:96:83:99:56:07:4f:0d:ff:33:03:f8:ef:26:b1:
         2f:78:96:a4:15:94:5e:9c:a8:f9:25:55:bd:f9:5a:28:f1:94:
         5d:2f:b8:b9:ed:f5:f1:97:e3:26:e7:67:93:cf:3e:4c:a6:39:
         48:2a:ee:b9:b5:fa:95:09:de:f8:d1:f6:56:39:00:6d:1f:5f:
         e5:f1:c2:9a:67:e4:e2:e5:8e:d8:15:a3:42:7a:b3:3f:29:8a:
         90:28:a3:87:ba:66:54:ed:58:74:a4:c0:9f:cf:68:37:c8:97:
         bd:85:ea:2b:63:a8:b1:fc:a7:9d:5f:a0:5d:5f:11:21:53:ae:
         d9:8e:2b:eb:b6:ce:b5:13:d4:d1:5d:cd:33:6b:26:25:76:06:
         d3:88:49:c8:8c:f2:9b:0e:9d:00:2f:51:a6:d4:52:90:7e:bc:
         8b:cd:f7:c1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCU5VMq3ehM6WaSt8X/1d31pQSNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA3MTMxNTAwMThaFw0yNTA3MTIxNTA1MThaMDMxMTAvBgNV
BAMTKDM1NDlDOUMwRjQ0MURDQzIzQ0JDQUVEMERGMzZFMzAxQTRCQ0IyMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM/a8+7rleqFdsDehgrRNA2muw
el0U575wWfHZtrNVj3r/XMQrhG/hSxDjutCIFIgQJs/3+QviDHcH4Wv06KINVG9l
hlp31ukuPBEWsYWWa0YTlr9X27O+A58Xm2d8hQBhBeRMIoMbQodcMY7tPyphLxsw
tqYiMDTN12OxIut8BPqIgd1SnD0rVDk+MsdgPNIABWb947pP2C2Fo6EBpnLAeGlL
up0DoiIt6sMsVqOwXwEBvlL1PbmwbomdFuTtkekBxlz23DAgthUjqY6YxAxS2Wde
bcxsE575BdGE5QFO5RCjuRxFXhwu5xnqaO2NfHktyGt/ytarKjqmqDsJ13JpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNUnJwPRB3MI8vK7Q3zbjAaS8sgIwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzODM2MzczOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2e
OTANBgkqhkiG9w0BAQsFAAOCAQEAqNAP3XrZD5y00iSOj8HeQ76HEiSJJoNd7VKC
BE30UHNP6cVAI4yTfwD81CQtcdP8LWQ6MJdPcCx4bORo/yGyhvv46+iWWpYGP3Wg
du3ZQTOA4/PrLAV5CzrBVfBjZZaDmVYHTw3/MwP47yaxL3iWpBWUXpyo+SVVvfla
KPGUXS+4ue318ZfjJudnk88+TKY5SCruubX6lQne+NH2VjkAbR9f5fHCmmfk4uWO
2BWjQnqzPymKkCijh7pmVO1YdKTAn89oN8iXvYXqK2OosfynnV+gXV8RIVOu2Y4r
67bOtRPU0V3NM2smJXYG04hJyIzymw6dAC9RptRSkH68i833wQ==
-----END CERTIFICATE-----