Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e203631333137.roa
File:                     34352e38312e35372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Nt6v0on8wvNIRTqw0ZzJ5VjTWjEZFT63u0ZbVbhKyNc=
Subject key identifier:   6A:E1:FB:58:06:E1:A5:90:15:C4:92:37:D6:BF:5F:BD:01:8D:24:5F
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       2237814F0CE603A85007293AC8D2C1E2CD96E115
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e203631333137.roa
Signing time:             Fri 14 Feb 2025 10:53:55 +0000
ROA not before:           Fri 14 Feb 2025 10:48:55 +0000
ROA not after:            Fri 13 Feb 2026 10:53:55 +0000
asID:                     61317
IP address blocks:        45.81.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 17:56:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:37:81:4f:0c:e6:03:a8:50:07:29:3a:c8:d2:c1:e2:cd:96:e1:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Feb 14 10:48:55 2025 GMT
            Not After : Feb 13 10:53:55 2026 GMT
        Subject: CN=6AE1FB5806E1A59015C49237D6BF5FBD018D245F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:87:76:fc:13:fd:d0:04:14:ad:9e:73:ce:77:
                    4b:42:15:11:82:ef:69:06:1e:f6:39:f8:d1:fa:24:
                    32:59:72:99:ab:07:10:b0:a1:52:9c:2f:06:d8:49:
                    01:96:64:54:5f:b1:5b:ff:9c:65:25:c1:b9:f1:b3:
                    24:88:f2:f6:d4:1f:30:2e:80:a8:95:8e:be:a7:28:
                    05:e1:11:94:ef:45:fa:9f:ab:17:0d:3a:12:fd:77:
                    cb:39:c1:3b:76:c7:ad:48:e5:47:b8:9e:7b:59:52:
                    b3:7c:d9:9d:ae:62:1a:72:8a:15:e2:46:fe:5c:3f:
                    88:9c:73:56:59:43:7a:d0:3a:47:af:40:80:5e:2c:
                    ac:f8:85:c6:09:0a:99:6d:1b:07:59:42:09:8c:46:
                    7b:93:f8:dd:e9:83:f1:0e:6b:14:05:b0:90:3e:42:
                    63:41:74:99:c4:78:00:a8:d2:a8:24:3b:ab:39:fa:
                    f8:42:30:52:7c:3c:b7:1b:1c:30:1c:66:a4:2b:44:
                    16:c4:e7:ec:8d:0f:33:9d:b2:c6:99:10:6b:1a:24:
                    aa:6f:49:64:cb:e6:e5:11:30:ea:54:90:ff:25:a7:
                    2c:0f:b6:15:3a:8a:26:de:78:ea:50:b8:d6:cc:79:
                    08:28:ed:90:54:3a:35:e8:1e:54:7c:ec:68:56:fb:
                    22:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:E1:FB:58:06:E1:A5:90:15:C4:92:37:D6:BF:5F:BD:01:8D:24:5F
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:fb:2b:75:cd:24:1c:9e:dc:8d:cc:4d:82:7c:b4:2d:8d:bd:
         e3:24:c9:f6:cb:f0:45:37:e3:55:6b:63:2e:d9:14:cf:d7:1d:
         8b:d5:22:02:53:48:93:5e:87:45:f3:29:39:ee:c5:0d:72:ee:
         b8:c5:89:16:cc:cf:b3:ac:c5:5d:2d:1e:ce:2a:de:fb:e7:a8:
         ad:b3:70:54:4d:ec:92:c9:49:b8:1d:e3:c5:70:a5:05:a7:d2:
         1b:6f:85:2f:02:25:37:b5:43:82:79:d3:f9:e5:c2:f3:70:fe:
         62:b7:92:2d:43:06:ed:09:34:c4:2c:5a:8e:c8:47:23:0d:f3:
         47:58:1d:7a:6b:07:80:66:22:11:ca:e5:1d:bf:bc:fe:f8:7f:
         28:64:cb:1e:49:c2:a9:22:ce:36:2d:50:9f:78:a2:19:2f:58:
         e6:8e:af:c3:5e:01:94:fa:7c:b1:6f:b4:c9:4d:aa:80:9c:3f:
         f5:08:2b:ed:7b:2e:b0:d5:28:7d:da:01:15:08:dc:26:36:34:
         d5:95:62:ca:fa:1e:14:41:54:0e:f5:fe:44:ee:1c:92:fc:0f:
         01:ab:91:da:fc:e7:ae:85:d8:d4:43:43:6b:02:4a:25:e9:ff:
         46:d2:91:bf:ad:99:12:b5:2f:c4:7b:4c:fb:c4:92:7b:38:67:
         45:56:ac:f4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIjeBTwzmA6hQByk6yNLB4s2W4RUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNTAyMTQxMDQ4NTVaFw0yNjAyMTMxMDUzNTVaMDMxMTAvBgNV
BAMTKDZBRTFGQjU4MDZFMUE1OTAxNUM0OTIzN0Q2QkY1RkJEMDE4RDI0NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEh3b8E/3QBBStnnPOd0tCFRGC
72kGHvY5+NH6JDJZcpmrBxCwoVKcLwbYSQGWZFRfsVv/nGUlwbnxsySI8vbUHzAu
gKiVjr6nKAXhEZTvRfqfqxcNOhL9d8s5wTt2x61I5Ue4nntZUrN82Z2uYhpyihXi
Rv5cP4icc1ZZQ3rQOkevQIBeLKz4hcYJCpltGwdZQgmMRnuT+N3pg/EOaxQFsJA+
QmNBdJnEeACo0qgkO6s5+vhCMFJ8PLcbHDAcZqQrRBbE5+yNDzOdssaZEGsaJKpv
SWTL5uURMOpUkP8lpywPthU6iibeeOpQuNbMeQgo7ZBUOjXoHlR87GhW+yILAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUauH7WAbhpZAVxJI31r9fvQGNJF8wHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUTkw
DQYJKoZIhvcNAQELBQADggEBAFf7K3XNJBye3I3MTYJ8tC2NveMkyfbL8EU341Vr
Yy7ZFM/XHYvVIgJTSJNeh0XzKTnuxQ1y7rjFiRbMz7OsxV0tHs4q3vvnqK2zcFRN
7JLJSbgd48VwpQWn0htvhS8CJTe1Q4J50/nlwvNw/mK3ki1DBu0JNMQsWo7IRyMN
80dYHXprB4BmIhHK5R2/vP74fyhkyx5JwqkizjYtUJ94ohkvWOaOr8NeAZT6fLFv
tMlNqoCcP/UIK+17LrDVKH3aARUI3CY2NNWVYsr6HhRBVA71/kTuHJL8DwGrkdr8
566F2NRDQ2sCSiXp/0bSkb+tmRK1L8R7TPvEkns4Z0VWrPQ=
-----END CERTIFICATE-----