Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa
File:                     34352e38312e35382e302f32342d3234203d3e20323039323432.roa (raw, json)
Hash identifier:          PgFKkZH0aQaFuwRYs1mJhheMQU+0AR2Y9C0+BkBTwpo=
Subject key identifier:   79:BF:35:17:62:ED:BB:86:F5:34:D7:09:6E:DC:B6:09:40:21:B6:9F
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       6EECF9946011F511C1D9AC72739B4E4BE7E4C8B4
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa
Signing time:             Fri 24 May 2024 08:58:09 +0000
ROA not before:           Fri 24 May 2024 08:53:09 +0000
ROA not after:            Fri 23 May 2025 08:58:09 +0000
asID:                     209242
IP address blocks:        45.81.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:ec:f9:94:60:11:f5:11:c1:d9:ac:72:73:9b:4e:4b:e7:e4:c8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: May 24 08:53:09 2024 GMT
            Not After : May 23 08:58:09 2025 GMT
        Subject: CN=79BF351762EDBB86F534D7096EDCB6094021B69F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b8:99:11:d4:11:00:f8:31:fd:60:95:12:97:
                    86:9c:5a:4e:2d:18:f5:92:e6:23:2f:29:dc:c0:6f:
                    c9:f5:d0:ac:83:38:2b:d0:68:e5:fd:5b:2d:96:f6:
                    bb:b8:a8:93:20:8b:14:c3:a1:9d:bf:65:21:43:a5:
                    a3:98:8e:f9:06:2c:0a:bb:13:1f:a1:99:62:85:77:
                    fe:da:ce:b4:62:90:45:e2:99:55:68:94:35:ed:f9:
                    1a:23:ab:7e:c4:f7:bb:da:31:54:da:f0:53:59:4f:
                    76:05:9f:8e:bf:00:84:77:1c:7a:dd:85:15:76:e1:
                    c2:a9:9a:31:de:bb:75:08:c5:45:ec:32:bc:36:ee:
                    b8:2d:a6:bc:b5:59:fa:f5:49:73:a3:9e:35:a2:45:
                    fb:76:e3:66:9c:6c:45:c8:fb:89:f7:c6:93:ef:6f:
                    70:76:77:ab:0a:28:5a:7d:05:31:71:2b:78:0f:03:
                    a6:cd:28:f2:93:c2:0f:58:4b:87:11:23:e6:b1:b7:
                    1d:33:12:d6:b9:73:ce:42:7a:24:4f:fa:e6:c3:cf:
                    54:5b:01:ac:cb:a5:85:39:7a:be:da:74:e9:67:65:
                    23:62:ea:05:a2:30:2f:eb:94:7c:2c:32:4a:8d:5e:
                    0b:99:28:d3:5b:1e:ea:8a:38:b6:07:87:6c:5f:db:
                    93:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:BF:35:17:62:ED:BB:86:F5:34:D7:09:6E:DC:B6:09:40:21:B6:9F
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:4e:1e:db:8b:c1:c7:79:2b:f2:e1:b1:d2:27:a7:2b:f6:dc:
         a2:2b:5a:0f:56:84:b6:c2:7c:e1:52:15:3b:2e:e1:46:9c:6e:
         86:cc:3f:39:54:cc:4b:15:f5:de:60:11:9d:b5:cf:a4:e2:44:
         a1:ea:81:3f:25:a1:1c:27:e4:48:bb:fd:54:a8:54:a6:8b:6f:
         10:1d:f1:e3:7e:fc:0d:46:df:f0:ca:ca:4b:1b:34:15:15:e0:
         08:d6:c4:46:44:ae:6e:09:f5:67:32:53:dc:cf:ad:8f:9a:5d:
         f0:e1:54:36:2c:0b:15:6a:91:70:48:ef:03:18:f1:78:8d:83:
         21:1c:06:e6:0b:7d:01:ff:73:30:2e:d1:c3:24:54:59:1c:a1:
         e6:15:68:b6:5c:c1:1a:ca:dd:f3:84:50:63:0d:04:3c:99:6e:
         b4:00:be:da:06:77:14:31:b0:66:e4:ae:88:36:f2:1a:d7:ba:
         0b:06:ec:47:b1:a4:d7:a0:81:09:27:e0:81:0b:f5:88:13:43:
         02:12:ba:45:7e:df:fd:c3:22:0f:0f:fe:80:c6:4b:11:cd:20:
         dd:a4:1b:ab:18:17:07:12:90:bf:99:13:43:4e:e6:8d:a3:78:
         ce:32:b5:fb:52:3c:3b:d1:64:70:11:0e:45:55:43:29:bc:8f:
         25:05:fa:00
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbuz5lGAR9RHB2axyc5tOS+fkyLQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNDA1MjQwODUzMDlaFw0yNTA1MjMwODU4MDlaMDMxMTAvBgNV
BAMTKDc5QkYzNTE3NjJFREJCODZGNTM0RDcwOTZFRENCNjA5NDAyMUI2OUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUuJkR1BEA+DH9YJUSl4acWk4t
GPWS5iMvKdzAb8n10KyDOCvQaOX9Wy2W9ru4qJMgixTDoZ2/ZSFDpaOYjvkGLAq7
Ex+hmWKFd/7azrRikEXimVVolDXt+Rojq37E97vaMVTa8FNZT3YFn46/AIR3HHrd
hRV24cKpmjHeu3UIxUXsMrw27rgtpry1Wfr1SXOjnjWiRft242acbEXI+4n3xpPv
b3B2d6sKKFp9BTFxK3gPA6bNKPKTwg9YS4cRI+axtx0zEta5c85CeiRP+ubDz1Rb
AazLpYU5er7adOlnZSNi6gWiMC/rlHwsMkqNXguZKNNbHuqKOLYHh2xf25NXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeb81F2Ltu4b1NNcJbty2CUAhtp8wHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTMyMzQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1R
OjANBgkqhkiG9w0BAQsFAAOCAQEAT04e24vBx3kr8uGx0ienK/bcoitaD1aEtsJ8
4VIVOy7hRpxuhsw/OVTMSxX13mARnbXPpOJEoeqBPyWhHCfkSLv9VKhUpotvEB3x
4378DUbf8MrKSxs0FRXgCNbERkSubgn1ZzJT3M+tj5pd8OFUNiwLFWqRcEjvAxjx
eI2DIRwG5gt9Af9zMC7RwyRUWRyh5hVotlzBGsrd84RQYw0EPJlutAC+2gZ3FDGw
ZuSuiDbyGte6CwbsR7Gk16CBCSfggQv1iBNDAhK6RX7f/cMiDw/+gMZLEc0g3aQb
qxgXBxKQv5kTQ07mjaN4zjK1+1I8O9FkcBEORVVDKbyPJQX6AA==
-----END CERTIFICATE-----