Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203230343733.roa
File:                     34352e39312e3133392e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          oHfB9HlB1ilcQMESCu9kVSVCRiaDLck3WLjNip0jngo=
Subject key identifier:   52:21:2E:B2:A1:0C:AB:30:D8:18:80:86:D9:07:B0:01:7A:72:DB:9C
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       795063B20D6753DC4F34FCEDD7CB786C4D477FFD
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203230343733.roa
Signing time:             Wed 12 Jun 2024 13:05:18 +0000
ROA not before:           Wed 12 Jun 2024 13:00:18 +0000
ROA not after:            Wed 11 Jun 2025 13:05:18 +0000
asID:                     20473
IP address blocks:        45.91.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:50:63:b2:0d:67:53:dc:4f:34:fc:ed:d7:cb:78:6c:4d:47:7f:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 12 13:00:18 2024 GMT
            Not After : Jun 11 13:05:18 2025 GMT
        Subject: CN=52212EB2A10CAB30D8188086D907B0017A72DB9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:74:7e:98:97:43:dd:d9:bf:82:54:16:d8:7d:
                    7d:43:c0:ec:34:1d:01:bf:6e:5e:b8:f0:15:b1:b7:
                    3b:de:aa:90:b3:bc:e5:49:b3:b0:82:4e:6c:37:83:
                    9c:cc:a8:25:45:19:6b:79:6c:fa:e4:a4:fa:42:a1:
                    e1:3b:0f:45:4d:5d:6f:81:9f:c2:47:22:98:5c:d1:
                    b6:58:33:26:97:02:a2:7f:c7:54:a9:64:92:b7:0e:
                    96:2e:ed:45:77:1d:db:79:b8:6e:2e:cb:fe:4d:bb:
                    4e:9f:61:67:b2:fe:69:22:80:e6:4e:54:11:e3:40:
                    94:9a:f9:4a:08:83:a9:e9:97:55:9c:f4:d5:aa:e3:
                    81:3d:bc:9c:23:91:b3:42:b2:71:e8:d9:36:a1:b1:
                    28:bc:6b:4a:47:8f:8b:b6:e7:af:38:61:8f:56:b4:
                    91:bd:3c:7a:b8:7d:75:9f:d6:a7:95:f5:11:cc:a9:
                    2a:7a:68:0d:bd:45:35:46:53:b4:ae:0c:d7:9b:f3:
                    f1:45:8f:cc:1c:a2:80:65:91:1b:d8:57:bb:85:97:
                    55:de:23:ac:6b:13:2c:f1:42:51:35:51:a7:95:b3:
                    f4:68:d5:c4:49:e9:13:19:5d:6a:c6:ab:45:47:2c:
                    b8:d0:1b:c2:dc:55:70:00:8f:0d:10:07:b8:a8:aa:
                    ac:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:21:2E:B2:A1:0C:AB:30:D8:18:80:86:D9:07:B0:01:7A:72:DB:9C
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4f:9f:e4:ec:10:de:08:f5:a1:69:22:3d:82:8c:6c:b3:95:
         be:9f:f6:fc:6a:7e:25:1c:2d:89:c4:ec:26:ea:3c:ef:aa:8a:
         13:db:1b:0c:e4:1e:71:bf:f4:c0:6f:c2:04:c2:90:20:65:3e:
         cc:57:4f:3c:c2:5b:46:fa:58:ae:09:5f:d8:4a:bb:5f:f9:a4:
         76:32:f4:90:bf:2c:57:bd:64:be:b1:2c:fa:6b:87:7c:4a:fd:
         df:ed:76:7b:72:0e:bd:fe:92:de:2d:ec:33:aa:88:7f:35:14:
         0e:62:d8:b5:27:72:35:65:6f:70:78:62:62:64:a1:de:a0:fa:
         fb:9e:c4:a2:63:11:88:4f:cb:cf:46:ad:b3:d7:1e:51:24:13:
         0d:6f:8e:f8:3c:7c:25:98:0d:ee:66:9d:94:97:18:fd:13:1b:
         89:c6:e6:8f:45:cb:cd:52:6a:09:d3:3a:7c:ba:b6:09:09:df:
         0e:0e:cd:b5:81:ff:ae:ac:e9:69:f6:2b:2b:24:ab:53:6b:f5:
         42:96:3e:9b:56:56:f5:3f:35:2f:a6:77:79:98:94:8d:09:70:
         22:66:8c:0f:c0:b3:9e:c4:90:9b:7f:8c:3f:46:1f:65:ca:30:
         24:97:99:f4:fe:f4:f3:c9:e7:ac:f2:9a:33:89:11:67:27:0a:
         b4:98:12:c7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeVBjsg1nU9xPNPzt18t4bE1Hf/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA2MTIxMzAwMThaFw0yNTA2MTExMzA1MThaMDMxMTAvBgNV
BAMTKDUyMjEyRUIyQTEwQ0FCMzBEODE4ODA4NkQ5MDdCMDAxN0E3MkRCOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8dH6Yl0Pd2b+CVBbYfX1DwOw0
HQG/bl648BWxtzveqpCzvOVJs7CCTmw3g5zMqCVFGWt5bPrkpPpCoeE7D0VNXW+B
n8JHIphc0bZYMyaXAqJ/x1SpZJK3DpYu7UV3Hdt5uG4uy/5Nu06fYWey/mkigOZO
VBHjQJSa+UoIg6npl1Wc9NWq44E9vJwjkbNCsnHo2TahsSi8a0pHj4u25684YY9W
tJG9PHq4fXWf1qeV9RHMqSp6aA29RTVGU7SuDNeb8/FFj8wcooBlkRvYV7uFl1Xe
I6xrEyzxQlE1UaeVs/Ro1cRJ6RMZXWrGq0VHLLjQG8LcVXAAjw0QB7ioqqzRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUiEusqEMqzDYGICG2QewAXpy25wwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1b
izANBgkqhkiG9w0BAQsFAAOCAQEAdk+f5OwQ3gj1oWkiPYKMbLOVvp/2/Gp+JRwt
icTsJuo876qKE9sbDOQecb/0wG/CBMKQIGU+zFdPPMJbRvpYrglf2Eq7X/mkdjL0
kL8sV71kvrEs+muHfEr93+12e3IOvf6S3i3sM6qIfzUUDmLYtSdyNWVvcHhiYmSh
3qD6+57EomMRiE/Lz0ats9ceUSQTDW+O+Dx8JZgN7madlJcY/RMbicbmj0XLzVJq
CdM6fLq2CQnfDg7NtYH/rqzpafYrKySrU2v1QpY+m1ZW9T81L6Z3eZiUjQlwImaM
D8CznsSQm3+MP0YfZcowJJeZ9P7088nnrPKaM4kRZycKtJgSxw==
-----END CERTIFICATE-----