Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203634353135.roa
File:                     34352e39312e3133392e302f32342d3234203d3e203634353135.roa (raw, json)
Hash identifier:          YGSCak73+UuXoCIiYkmFcC2pdc+tbXT4hYwRzbQXjm0=
Subject key identifier:   7B:34:AE:01:7B:48:75:CE:2E:46:10:AE:23:3A:21:74:C5:B0:E7:CB
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       4B6574F680DFBF8A86722F2BBAD8B754FB52C8DA
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203634353135.roa
Signing time:             Tue 11 Jun 2024 13:05:18 +0000
ROA not before:           Tue 11 Jun 2024 13:00:18 +0000
ROA not after:            Tue 10 Jun 2025 13:05:18 +0000
asID:                     64515
IP address blocks:        45.91.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:65:74:f6:80:df:bf:8a:86:72:2f:2b:ba:d8:b7:54:fb:52:c8:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 11 13:00:18 2024 GMT
            Not After : Jun 10 13:05:18 2025 GMT
        Subject: CN=7B34AE017B4875CE2E4610AE233A2174C5B0E7CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:db:04:42:d0:9e:dc:9d:44:fc:fa:d5:70:a1:
                    9d:da:95:6c:59:4c:57:b0:e9:15:b1:84:e2:ca:a1:
                    6e:53:d1:82:b6:ec:8a:33:80:f6:87:99:71:66:2e:
                    9d:34:67:84:c6:aa:02:f7:83:8f:c8:8e:0d:f2:42:
                    19:cf:e0:dc:6f:86:86:df:02:1a:ab:02:4b:76:4b:
                    58:3e:39:2b:3f:55:c0:3b:d3:5f:4b:d4:77:4c:11:
                    1e:41:99:21:6b:21:df:d9:9b:8e:a5:1b:0c:7a:2b:
                    04:eb:d3:ff:ec:63:32:34:ab:1f:3b:64:38:e3:09:
                    4c:4b:ec:3a:90:36:ef:a2:74:d4:a6:e3:9c:26:d7:
                    83:d8:e1:5a:06:0a:78:7e:31:c7:ee:63:d0:e7:c8:
                    3a:e3:0e:3c:61:27:bb:f6:9d:73:c7:d4:54:0b:8e:
                    68:c7:1c:ea:dc:f1:f4:29:16:25:bf:4a:52:92:0d:
                    9b:c8:84:88:50:2e:c9:bd:32:af:f7:e0:f1:d4:56:
                    00:67:0d:73:21:78:8a:7c:be:78:f8:bb:c1:fc:4e:
                    fd:2d:80:cf:6c:23:77:c1:97:25:c8:57:8b:1a:7d:
                    c5:68:cf:27:31:20:93:b3:72:3e:63:83:66:9d:81:
                    b3:5d:f4:56:ec:df:b9:8e:a0:c8:76:d7:a7:8e:82:
                    8f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:34:AE:01:7B:48:75:CE:2E:46:10:AE:23:3A:21:74:C5:B0:E7:CB
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133392e302f32342d3234203d3e203634353135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:9d:cf:c6:b0:54:a9:27:a2:e8:c0:f1:53:8a:ff:f5:61:1a:
         a2:2c:cd:21:51:05:71:62:11:08:45:83:ae:8b:b7:fb:db:e8:
         a6:bb:2b:a9:bf:64:cd:e8:fa:c3:ad:6c:3c:28:bc:01:08:d0:
         7b:73:7a:5c:ee:62:22:7a:65:61:2d:d0:db:db:07:76:d8:3a:
         fd:2e:1a:6b:1d:ac:0f:67:6a:30:2b:f7:2d:89:25:d5:7f:dd:
         84:4d:d0:3f:34:f2:6c:97:fe:ef:ba:d0:13:11:37:c5:cd:18:
         82:60:e2:ec:93:24:48:2f:c1:a1:6c:51:46:b1:a8:f8:24:db:
         c1:62:9d:7f:18:67:15:0c:07:6c:d0:01:32:62:1d:44:78:25:
         18:95:2a:fc:cc:0a:f3:09:2a:42:fc:fb:d6:bc:9d:fb:a7:b2:
         80:b0:77:64:4a:e6:8f:7c:8c:2c:61:05:a7:c9:cf:7f:a3:e0:
         8d:32:92:13:3c:6a:13:f0:48:12:fa:0a:80:ea:cc:bf:99:3d:
         23:d5:4e:90:ba:10:85:b5:08:18:16:4c:1c:ed:9d:b8:f8:34:
         48:fe:24:d3:16:f7:35:d5:5d:07:af:00:7e:70:79:b2:cd:3c:
         23:23:2e:5f:6c:d1:cd:c9:b6:03:6a:29:88:d8:42:82:c3:eb:
         ef:53:50:16
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUS2V09oDfv4qGci8ruti3VPtSyNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNDA2MTExMzAwMThaFw0yNTA2MTAxMzA1MThaMDMxMTAvBgNV
BAMTKDdCMzRBRTAxN0I0ODc1Q0UyRTQ2MTBBRTIzM0EyMTc0QzVCMEU3Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD2wRC0J7cnUT8+tVwoZ3alWxZ
TFew6RWxhOLKoW5T0YK27IozgPaHmXFmLp00Z4TGqgL3g4/Ijg3yQhnP4Nxvhobf
AhqrAkt2S1g+OSs/VcA7019L1HdMER5BmSFrId/Zm46lGwx6KwTr0//sYzI0qx87
ZDjjCUxL7DqQNu+idNSm45wm14PY4VoGCnh+McfuY9DnyDrjDjxhJ7v2nXPH1FQL
jmjHHOrc8fQpFiW/SlKSDZvIhIhQLsm9Mq/34PHUVgBnDXMheIp8vnj4u8H8Tv0t
gM9sI3fBlyXIV4safcVozycxIJOzcj5jg2adgbNd9Fbs37mOoMh216eOgo/DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUezSuAXtIdc4uRhCuIzohdMWw58swHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzNDM1MzEzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1b
izANBgkqhkiG9w0BAQsFAAOCAQEAmZ3PxrBUqSei6MDxU4r/9WEaoizNIVEFcWIR
CEWDrou3+9voprsrqb9kzej6w61sPCi8AQjQe3N6XO5iInplYS3Q29sHdtg6/S4a
ax2sD2dqMCv3LYkl1X/dhE3QPzTybJf+77rQExE3xc0YgmDi7JMkSC/BoWxRRrGo
+CTbwWKdfxhnFQwHbNABMmIdRHglGJUq/MwK8wkqQvz71ryd+6eygLB3ZErmj3yM
LGEFp8nPf6PgjTKSEzxqE/BIEvoKgOrMv5k9I9VOkLoQhbUIGBZMHO2duPg0SP4k
0xb3NdVdB68AfnB5ss08IyMuX2zRzcm2A2opiNhCgsPr71NQFg==
-----END CERTIFICATE-----