Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203230343733.roa
File:                     34352e39312e3133392e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          NKQlI6/K9zfAfCNJ7JeHJ/XgqoV4Mb3dPnVbxg7i/tk=
Subject key identifier:   1A:E6:CA:BE:DF:1E:7D:11:38:D6:54:50:0A:0A:AD:7A:6D:41:01:59
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       77592C070EB0061BD328308D50BDDF2EFA841CB7
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203230343733.roa
Signing time:             Wed 12 Jul 2023 12:23:38 +0000
ROA not before:           Wed 12 Jul 2023 12:18:38 +0000
ROA not after:            Wed 10 Jul 2024 12:23:38 +0000
asID:                     20473
IP address blocks:        45.91.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 18:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:59:2c:07:0e:b0:06:1b:d3:28:30:8d:50:bd:df:2e:fa:84:1c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jul 12 12:18:38 2023 GMT
            Not After : Jul 10 12:23:38 2024 GMT
        Subject: CN=1AE6CABEDF1E7D1138D654500A0AAD7A6D410159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:4b:0e:29:26:0c:e6:5e:fb:31:cc:da:67:a2:
                    e2:7d:1a:af:db:6d:26:ef:39:b8:4d:e1:e6:62:44:
                    83:37:f7:76:f6:36:94:ea:10:9a:f0:2d:29:84:8c:
                    eb:bb:56:3d:58:d2:27:0e:fe:a3:67:13:76:5a:d2:
                    87:97:6d:3c:7a:29:d1:51:19:96:bf:40:05:c5:8c:
                    4e:96:8b:b6:ab:9f:1c:7a:5f:b1:a2:b1:6d:71:11:
                    fe:0a:99:91:b5:a0:e4:b9:84:2f:b8:95:13:14:3d:
                    2e:6f:f9:8f:b1:98:65:4f:39:b6:e6:7d:41:85:b2:
                    c2:ee:b8:e2:ac:9c:37:d9:b4:60:4b:6d:57:df:8c:
                    19:28:82:8b:35:0e:37:94:74:70:5f:fe:22:36:e3:
                    ab:95:ae:2b:f6:e9:b5:47:b1:89:e3:d8:9e:8b:65:
                    1a:34:53:96:ca:21:67:4c:52:d4:86:18:06:5d:6a:
                    60:a4:c6:da:6b:b8:4e:86:31:f7:00:9b:18:e6:e0:
                    3d:bf:7d:51:e7:b1:a8:02:e1:10:37:c9:07:34:be:
                    4f:2f:20:b6:c6:51:e6:53:5b:07:f1:7b:16:40:d7:
                    2d:24:73:77:90:f2:fc:5b:b4:ff:d8:b1:29:b8:0d:
                    9a:a5:10:98:97:ac:2c:cf:20:b3:cb:49:df:1b:10:
                    6c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:E6:CA:BE:DF:1E:7D:11:38:D6:54:50:0A:0A:AD:7A:6D:41:01:59
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ec:54:c8:8d:db:0e:1d:1b:8a:b0:5e:93:ec:a6:45:4a:20:
         dd:a6:49:c4:d3:d5:23:2d:f0:f9:d2:31:bd:18:0e:19:90:81:
         7c:73:12:1b:4e:75:dc:9e:65:3c:a8:aa:04:15:3d:b9:c2:7f:
         8a:ae:c4:dd:a5:af:1c:46:a2:37:99:c0:6b:e5:10:42:4d:cd:
         81:71:2a:02:da:47:e4:f9:16:1f:ae:19:55:df:3e:08:6f:54:
         76:ef:fa:92:72:bf:e0:83:c3:f1:e3:ae:b2:c0:48:f4:4c:2b:
         aa:af:d8:ab:33:fc:fc:63:3a:99:7f:44:ae:c1:16:6b:b6:5f:
         7b:62:86:96:cf:e5:0c:22:ef:f8:99:46:38:02:14:52:01:7d:
         2b:b2:d3:60:a9:f3:86:02:4c:3e:14:89:34:91:d7:3c:e3:11:
         e4:70:5f:6a:55:3b:36:d5:c4:b6:b1:83:28:87:d7:57:86:0b:
         3b:f1:ed:d8:12:45:7f:52:ec:b3:bc:f5:25:18:7b:24:81:53:
         67:9d:a2:fb:a2:59:b6:02:2a:ec:d7:5e:36:3d:34:dc:38:b7:
         5c:b8:c1:4c:fe:c3:9f:33:2d:a2:a7:20:79:58:e4:21:01:b1:
         ef:da:f5:df:8e:1c:3b:ff:43:3d:ce:d9:a1:02:86:1f:30:d8:
         b5:96:61:ab
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUd1ksBw6wBhvTKDCNUL3fLvqEHLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yMzA3MTIxMjE4MzhaFw0yNDA3MTAxMjIzMzhaMDMxMTAvBgNV
BAMTKDFBRTZDQUJFREYxRTdEMTEzOEQ2NTQ1MDBBMEFBRDdBNkQ0MTAxNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjSw4pJgzmXvsxzNpnouJ9Gq/b
bSbvObhN4eZiRIM393b2NpTqEJrwLSmEjOu7Vj1Y0icO/qNnE3Za0oeXbTx6KdFR
GZa/QAXFjE6Wi7arnxx6X7GisW1xEf4KmZG1oOS5hC+4lRMUPS5v+Y+xmGVPObbm
fUGFssLuuOKsnDfZtGBLbVffjBkogos1DjeUdHBf/iI246uVriv26bVHsYnj2J6L
ZRo0U5bKIWdMUtSGGAZdamCkxtpruE6GMfcAmxjm4D2/fVHnsagC4RA3yQc0vk8v
ILbGUeZTWwfxexZA1y0kc3eQ8vxbtP/YsSm4DZqlEJiXrCzPILPLSd8bEGz/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGubKvt8efRE41lRQCgqtem1BAVkwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1b
izANBgkqhkiG9w0BAQsFAAOCAQEADexUyI3bDh0birBek+ymRUog3aZJxNPVIy3w
+dIxvRgOGZCBfHMSG0513J5lPKiqBBU9ucJ/iq7E3aWvHEaiN5nAa+UQQk3NgXEq
AtpH5PkWH64ZVd8+CG9Udu/6knK/4IPD8eOussBI9Ewrqq/YqzP8/GM6mX9ErsEW
a7Zfe2KGls/lDCLv+JlGOAIUUgF9K7LTYKnzhgJMPhSJNJHXPOMR5HBfalU7NtXE
trGDKIfXV4YLO/Ht2BJFf1Lss7z1JRh7JIFTZ52i+6JZtgIq7NdeNj003Di3XLjB
TP7DnzMtoqcgeVjkIQGx79r1344cO/9DPc7ZoQKGHzDYtZZhqw==
-----END CERTIFICATE-----