Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35392e302f32342d3234203d3e20323132333834.roa
File:                     34352e38312e35392e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          7ySWNlqh8pfpYqSc3fbfv+VTSwiuDNFNlc7aZa5se9U=
Subject key identifier:   FD:53:63:9D:02:91:34:6A:8D:C3:26:B5:8B:1B:D9:00:AC:6B:C6:13
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       4AAC281A73233B1C32364037C806720CC042863C
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35392e302f32342d3234203d3e20323132333834.roa
Signing time:             Thu 02 Jan 2025 13:53:51 +0000
ROA not before:           Thu 02 Jan 2025 13:48:51 +0000
ROA not after:            Thu 01 Jan 2026 13:53:51 +0000
asID:                     212384
IP address blocks:        45.81.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:ac:28:1a:73:23:3b:1c:32:36:40:37:c8:06:72:0c:c0:42:86:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Jan  2 13:48:51 2025 GMT
            Not After : Jan  1 13:53:51 2026 GMT
        Subject: CN=FD53639D0291346A8DC326B58B1BD900AC6BC613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6a:e5:93:88:ef:f9:57:d7:aa:21:22:f4:91:
                    78:1b:27:82:e6:88:fc:0c:1d:94:d0:f3:1a:fa:00:
                    82:d8:b1:5d:60:28:3b:b8:a5:c4:fd:0d:95:d1:3c:
                    e4:56:f0:c8:97:ad:1b:8d:47:75:3f:63:06:a0:77:
                    6f:dc:4c:57:03:e1:4f:dc:6f:19:75:fd:68:1c:65:
                    1f:6d:b2:75:48:62:e9:d3:db:b1:db:36:99:b6:39:
                    58:43:8d:cd:75:f3:aa:8d:44:fa:be:fc:33:61:a1:
                    f4:88:4f:fe:6a:d0:58:5d:d9:f6:26:48:97:e8:fa:
                    64:0e:74:4d:49:51:c4:5e:3a:c0:f1:db:4c:f6:e0:
                    2a:2d:60:07:d9:82:6c:4d:ea:9f:f0:c2:a8:da:02:
                    65:49:a2:8b:24:a0:2b:9f:f7:77:77:f2:0d:6b:85:
                    b7:ff:fe:51:94:a5:b7:6e:80:cb:f0:2b:eb:05:4d:
                    2a:b9:af:16:8f:48:06:b7:5c:ae:dc:79:88:5e:e1:
                    47:49:52:3d:5f:9d:5d:3e:20:16:c6:ba:1e:95:ad:
                    6e:a6:cc:35:64:f6:fc:96:00:0a:6a:7d:65:7b:0e:
                    56:33:d4:95:05:54:63:8c:0f:2e:36:5a:cb:b6:86:
                    b9:1e:92:21:70:66:b2:6e:f3:87:d6:36:da:8c:97:
                    bc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:53:63:9D:02:91:34:6A:8D:C3:26:B5:8B:1B:D9:00:AC:6B:C6:13
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35392e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b5:56:06:5f:46:ba:d3:37:6f:f3:6a:68:2e:a4:1b:70:9e:
         03:1f:c9:68:0f:c6:c2:5c:28:f4:42:2d:43:bb:54:ae:82:47:
         51:9c:d2:6e:e2:08:1b:c2:f9:7a:7e:98:ce:f4:80:56:c0:87:
         12:ca:a0:47:6e:6b:4e:23:eb:cd:f5:88:1c:e1:d3:3d:ef:33:
         72:dc:a1:c0:c5:3b:2d:ea:e1:ae:25:d5:65:5a:51:e5:cc:75:
         8f:47:16:8e:58:cf:aa:d2:64:74:bb:55:65:b6:8a:87:3a:e9:
         58:56:b0:ef:5a:9a:a2:52:cf:45:36:88:e9:3a:e5:da:33:a5:
         ff:f2:b8:00:96:4f:59:20:38:da:de:66:a4:52:ff:29:14:bd:
         eb:b7:75:03:aa:64:d5:80:0c:a1:cc:a2:cf:5f:eb:43:af:8b:
         12:27:47:13:a0:76:f7:51:1e:ab:37:18:55:06:b0:e8:47:f1:
         fe:e0:4b:60:34:dd:1b:b2:ec:6d:29:e8:e0:50:31:9f:22:d0:
         00:be:5e:f5:2a:ad:5a:15:06:9f:06:db:b8:9d:05:8f:c8:fc:
         51:8b:bf:cf:19:aa:36:fd:bb:f1:ce:84:69:23:a5:ad:6c:4a:
         1c:39:75:d0:55:77:98:d3:6b:74:1a:fa:83:fa:b5:d9:df:fd:
         22:aa:3e:6f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSqwoGnMjOxwyNkA3yAZyDMBChjwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNTAxMDIxMzQ4NTFaFw0yNjAxMDExMzUzNTFaMDMxMTAvBgNV
BAMTKEZENTM2MzlEMDI5MTM0NkE4REMzMjZCNThCMUJEOTAwQUM2QkM2MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVauWTiO/5V9eqISL0kXgbJ4Lm
iPwMHZTQ8xr6AILYsV1gKDu4pcT9DZXRPORW8MiXrRuNR3U/Ywagd2/cTFcD4U/c
bxl1/WgcZR9tsnVIYunT27HbNpm2OVhDjc1186qNRPq+/DNhofSIT/5q0Fhd2fYm
SJfo+mQOdE1JUcReOsDx20z24CotYAfZgmxN6p/wwqjaAmVJooskoCuf93d38g1r
hbf//lGUpbdugMvwK+sFTSq5rxaPSAa3XK7ceYhe4UdJUj1fnV0+IBbGuh6VrW6m
zDVk9vyWAApqfWV7DlYz1JUFVGOMDy42Wsu2hrkekiFwZrJu84fWNtqMl7xHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/VNjnQKRNGqNwya1ixvZAKxrxhMwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMzMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1R
OzANBgkqhkiG9w0BAQsFAAOCAQEAa7VWBl9GutM3b/NqaC6kG3CeAx/JaA/Gwlwo
9EItQ7tUroJHUZzSbuIIG8L5en6YzvSAVsCHEsqgR25rTiPrzfWIHOHTPe8zctyh
wMU7LerhriXVZVpR5cx1j0cWjljPqtJkdLtVZbaKhzrpWFaw71qaolLPRTaI6Trl
2jOl//K4AJZPWSA42t5mpFL/KRS967d1A6pk1YAMocyiz1/rQ6+LEidHE6B291Ee
qzcYVQaw6Efx/uBLYDTdG7LsbSno4FAxnyLQAL5e9SqtWhUGnwbbuJ0Fj8j8UYu/
zxmqNv278c6EaSOlrWxKHDl10FV3mNNrdBr6g/q12d/9Iqo+bw==
-----END CERTIFICATE-----