Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133382e302f32342d3234203d3e203231383539.roa
File:                     34352e39312e3133382e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          dmQeDpxQfPOMLw9+CWChRvX0FzdHHKjbJwhcSKzno20=
Subject key identifier:   26:44:1B:88:8A:4E:63:27:1B:EE:02:EE:17:1F:69:E9:91:E0:79:A6
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       6BEE15BB6AA1CB28D36CC4782379B37EC8F3C5B0
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133382e302f32342d3234203d3e203231383539.roa
Signing time:             Wed 28 Aug 2024 01:54:10 +0000
ROA not before:           Wed 28 Aug 2024 01:49:10 +0000
ROA not after:            Wed 27 Aug 2025 01:54:10 +0000
asID:                     21859
IP address blocks:        45.91.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ee:15:bb:6a:a1:cb:28:d3:6c:c4:78:23:79:b3:7e:c8:f3:c5:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Aug 28 01:49:10 2024 GMT
            Not After : Aug 27 01:54:10 2025 GMT
        Subject: CN=26441B888A4E63271BEE02EE171F69E991E079A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:20:8e:f6:fa:75:77:c1:69:01:2d:db:56:b3:
                    cc:35:3e:ba:4e:78:05:59:6c:0b:66:60:61:f4:18:
                    2d:35:31:dd:f8:7a:32:c0:4a:c0:c3:f8:8f:45:7c:
                    f2:b7:08:3d:70:89:d0:c8:0a:0f:cf:f5:75:df:25:
                    9e:46:44:d3:68:b3:6e:9c:5a:b5:41:3d:fc:63:b5:
                    af:ed:d0:94:01:ca:f1:3b:f3:15:90:9c:6c:0c:4c:
                    a8:5f:b9:c3:ce:74:b9:31:64:51:23:d8:1f:32:5a:
                    f0:e5:6e:75:3b:b8:38:9b:dd:12:ab:21:ce:96:a3:
                    aa:d1:f8:5e:1e:2e:bd:49:66:c5:4e:03:bc:61:0b:
                    40:97:ff:72:19:2b:9b:a9:c5:9c:4a:34:33:f5:3e:
                    eb:72:01:c2:19:4e:dc:a8:36:c5:fd:59:4b:2b:2c:
                    36:7b:92:40:b9:50:27:e1:c0:25:ef:10:a1:b8:e2:
                    03:85:bb:20:76:33:e4:97:63:0c:6b:08:4a:19:b1:
                    fc:20:16:12:84:00:0d:95:ec:5d:61:7f:9a:51:b4:
                    55:29:cd:70:d4:64:54:de:97:d9:f2:a4:e9:82:c7:
                    ae:a2:b1:89:7d:93:6c:4c:9c:d0:bf:03:fe:c4:5e:
                    30:6d:77:78:89:46:e1:78:7b:3e:fa:90:d6:d8:54:
                    8d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:44:1B:88:8A:4E:63:27:1B:EE:02:EE:17:1F:69:E9:91:E0:79:A6
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133382e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:1d:a4:0d:e5:67:9f:41:66:20:b4:db:57:6f:89:68:91:d8:
         81:47:6c:11:8a:9f:75:33:24:b9:2a:e3:27:4e:18:a9:35:82:
         46:00:30:26:ca:88:60:d5:1a:b8:a6:f6:1a:4e:c3:9e:d2:e5:
         31:d7:d4:64:1a:71:bb:aa:ce:00:d5:f2:e4:70:19:06:c6:55:
         ad:7e:a9:7e:9a:13:2b:b5:9f:f4:04:ff:eb:46:63:26:4d:d6:
         80:69:77:4c:13:71:80:4f:50:b9:09:a2:17:4c:7a:7d:26:8a:
         c9:c3:36:cb:43:c8:1f:bd:84:8d:fe:7c:e2:57:27:d1:a2:7c:
         8d:d5:a8:02:56:cd:5c:22:6f:d9:63:75:1f:6a:c9:11:36:8a:
         4a:70:9b:96:3f:0b:e8:2c:fe:74:4c:2f:17:17:55:6f:a7:31:
         5f:02:c0:2c:7a:23:65:44:cd:ee:31:c9:10:70:56:ea:3d:9e:
         fe:55:6a:ef:9d:4f:ee:e5:56:7a:a7:2e:a4:0a:16:3a:bc:e6:
         23:8b:6b:25:33:1d:81:33:dc:8a:8e:a5:15:a0:ce:1d:e0:82:
         6a:e4:28:77:78:71:f1:3b:d0:ed:d2:1a:9e:80:b0:e0:eb:44:
         06:47:34:e6:8b:30:86:fb:62:d9:cb:65:4e:fe:51:66:62:bd:
         5d:05:c6:79
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUa+4Vu2qhyyjTbMR4I3mzfsjzxbAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA4MjgwMTQ5MTBaFw0yNTA4MjcwMTU0MTBaMDMxMTAvBgNV
BAMTKDI2NDQxQjg4OEE0RTYzMjcxQkVFMDJFRTE3MUY2OUU5OTFFMDc5QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8II72+nV3wWkBLdtWs8w1PrpO
eAVZbAtmYGH0GC01Md34ejLASsDD+I9FfPK3CD1widDICg/P9XXfJZ5GRNNos26c
WrVBPfxjta/t0JQByvE78xWQnGwMTKhfucPOdLkxZFEj2B8yWvDlbnU7uDib3RKr
Ic6Wo6rR+F4eLr1JZsVOA7xhC0CX/3IZK5upxZxKNDP1PutyAcIZTtyoNsX9WUsr
LDZ7kkC5UCfhwCXvEKG44gOFuyB2M+SXYwxrCEoZsfwgFhKEAA2V7F1hf5pRtFUp
zXDUZFTel9nypOmCx66isYl9k2xMnNC/A/7EXjBtd3iJRuF4ez76kNbYVI25AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJkQbiIpOYycb7gLuFx9p6ZHgeaYwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1b
ijANBgkqhkiG9w0BAQsFAAOCAQEAGh2kDeVnn0FmILTbV2+JaJHYgUdsEYqfdTMk
uSrjJ04YqTWCRgAwJsqIYNUauKb2Gk7DntLlMdfUZBpxu6rOANXy5HAZBsZVrX6p
fpoTK7Wf9AT/60ZjJk3WgGl3TBNxgE9QuQmiF0x6fSaKycM2y0PIH72Ejf584lcn
0aJ8jdWoAlbNXCJv2WN1H2rJETaKSnCblj8L6Cz+dEwvFxdVb6cxXwLALHojZUTN
7jHJEHBW6j2e/lVq751P7uVWeqcupAoWOrzmI4trJTMdgTPcio6lFaDOHeCCauQo
d3hx8TvQ7dIanoCw4OtEBkc05oswhvti2ctlTv5RZmK9XQXGeQ==
-----END CERTIFICATE-----