Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e203631333137.roa
File:                     34352e38312e35372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          PegGwAisvX3gWdbPAAYgG4l6LNoFbuBNIzNzUH+jNgg=
Subject key identifier:   9E:D4:23:48:3F:AB:C4:61:E6:47:9F:4B:B2:EB:40:16:78:A5:D3:E2
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       77E792BF9657A421C4C103CC68ED228860EE901E
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e203631333137.roa
Signing time:             Fri 15 Mar 2024 10:05:14 +0000
ROA not before:           Fri 15 Mar 2024 10:00:14 +0000
ROA not after:            Fri 14 Mar 2025 10:05:14 +0000
asID:                     61317
IP address blocks:        45.81.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:e7:92:bf:96:57:a4:21:c4:c1:03:cc:68:ed:22:88:60:ee:90:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Mar 15 10:00:14 2024 GMT
            Not After : Mar 14 10:05:14 2025 GMT
        Subject: CN=9ED423483FABC461E6479F4BB2EB401678A5D3E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b2:74:2d:86:84:ff:62:7e:36:fe:49:af:8b:
                    8d:eb:2b:84:9f:6f:07:8e:f3:42:9d:e7:e9:18:3c:
                    5c:e3:3a:8a:21:e9:b0:d9:49:b9:24:cf:0e:a8:c0:
                    3a:d2:90:10:11:23:28:43:35:c9:54:c3:3d:b8:5c:
                    23:7a:d4:cf:24:f5:2a:e2:26:d3:f3:2d:75:b4:17:
                    e7:cd:93:19:83:35:57:db:2e:6d:2d:76:5f:bd:57:
                    20:45:e5:a9:82:67:ff:a4:ac:03:d6:bc:65:d1:98:
                    ea:aa:7f:9a:8f:10:4a:68:ba:8c:3e:08:52:fb:c2:
                    44:f4:e5:40:9d:2b:68:0c:c1:4c:a6:3a:96:05:fd:
                    2c:17:d3:a3:5c:ec:df:1d:e1:7c:de:29:32:a3:97:
                    e6:c6:ea:af:80:f4:80:cc:67:dd:d2:c7:84:15:85:
                    5c:f3:0e:80:ac:d0:24:8e:86:4c:63:4e:ec:b4:1d:
                    e0:11:c9:dc:27:89:32:c4:41:81:67:83:77:ab:07:
                    52:05:01:3d:33:41:e1:90:ad:7b:bf:ec:4c:12:83:
                    4e:98:e8:2f:28:b0:7a:9f:02:05:40:52:3c:9f:89:
                    48:a1:35:c5:11:cb:64:1e:76:3a:ff:2c:7c:4b:73:
                    43:aa:f8:8a:3c:11:0a:f4:77:0b:a7:b8:17:a7:69:
                    c7:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D4:23:48:3F:AB:C4:61:E6:47:9F:4B:B2:EB:40:16:78:A5:D3:E2
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:24:c9:cf:cd:e3:5c:38:1e:80:1c:e0:84:9f:61:06:60:a9:
         b2:3c:95:5f:dd:8f:2f:53:c0:64:d4:df:91:c0:7f:09:35:8a:
         37:89:93:9b:da:6a:26:e7:64:9e:ae:30:63:77:c6:f2:f4:ba:
         f2:17:6a:ea:cf:d3:e7:36:b0:7c:10:35:4d:3e:16:68:4b:d2:
         81:7e:ea:be:0a:66:02:6d:9c:af:f2:c5:ac:39:8f:52:8f:00:
         1e:86:c3:2f:aa:8b:ef:96:09:a2:87:de:75:eb:46:b9:70:80:
         e6:b9:27:ba:3b:90:d7:57:8b:4e:80:29:b9:81:3d:0a:17:ee:
         6c:2d:9e:17:2d:5f:c5:dc:ed:a6:ae:2b:f4:a8:51:fe:c5:85:
         a7:9a:d1:47:2f:44:a8:e2:f8:c4:98:5e:53:23:61:e8:60:f7:
         a7:ca:25:a6:b4:fd:f4:44:0e:7b:34:31:a9:a7:e1:13:04:c1:
         70:0c:47:57:e0:ab:4b:c0:09:5d:bd:ef:f3:14:3a:6b:2f:d5:
         85:aa:db:0c:39:81:42:60:9c:73:68:2f:60:15:97:e1:7b:5f:
         4c:90:b4:92:d9:0a:0b:b2:bf:ea:3e:66:5e:70:9c:c6:04:84:
         da:c4:f3:76:6b:f8:ab:dd:f6:7a:fa:1d:c7:b6:82:68:13:0b:
         00:5b:46:ee
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUd+eSv5ZXpCHEwQPMaO0iiGDukB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNDAzMTUxMDAwMTRaFw0yNTAzMTQxMDA1MTRaMDMxMTAvBgNV
BAMTKDlFRDQyMzQ4M0ZBQkM0NjFFNjQ3OUY0QkIyRUI0MDE2NzhBNUQzRTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCasnQthoT/Yn42/kmvi43rK4Sf
bweO80Kd5+kYPFzjOooh6bDZSbkkzw6owDrSkBARIyhDNclUwz24XCN61M8k9Sri
JtPzLXW0F+fNkxmDNVfbLm0tdl+9VyBF5amCZ/+krAPWvGXRmOqqf5qPEEpouow+
CFL7wkT05UCdK2gMwUymOpYF/SwX06Nc7N8d4XzeKTKjl+bG6q+A9IDMZ93Sx4QV
hVzzDoCs0CSOhkxjTuy0HeARydwniTLEQYFng3erB1IFAT0zQeGQrXu/7EwSg06Y
6C8osHqfAgVAUjyfiUihNcURy2Qedjr/LHxLc0Oq+Io8EQr0dwunuBenaccvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUntQjSD+rxGHmR59LsutAFnil0+IwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUTkw
DQYJKoZIhvcNAQELBQADggEBAKkkyc/N41w4HoAc4ISfYQZgqbI8lV/djy9TwGTU
35HAfwk1ijeJk5vaaibnZJ6uMGN3xvL0uvIXaurP0+c2sHwQNU0+FmhL0oF+6r4K
ZgJtnK/yxaw5j1KPAB6Gwy+qi++WCaKH3nXrRrlwgOa5J7o7kNdXi06AKbmBPQoX
7mwtnhctX8Xc7aauK/SoUf7Fhaea0UcvRKji+MSYXlMjYehg96fKJaa0/fREDns0
Mamn4RMEwXAMR1fgq0vACV297/MUOmsv1YWq2ww5gUJgnHNoL2AVl+F7X0yQtJLZ
Cguyv+o+Zl5wnMYEhNrE83Zr+Kvd9nr6Hce2gmgTCwBbRu4=
-----END CERTIFICATE-----