Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e203239353338.roa
File:                     3134362e31392e32322e302f32342d3234203d3e203239353338.roa (raw, json)
Hash identifier:          N+b19jY4ITQKhXRnvWL35NmXtJ6i8LA6rKQVPbb8vt4=
Subject key identifier:   75:CA:74:5C:55:58:8C:90:C9:2A:D8:5A:33:5A:3E:41:30:76:19:DC
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       1D46A2387EBB8F516058AEF9C36FC4F99FD20DF9
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e203239353338.roa
Signing time:             Mon 18 Nov 2024 05:43:28 +0000
ROA not before:           Mon 18 Nov 2024 05:38:28 +0000
ROA not after:            Mon 17 Nov 2025 05:43:28 +0000
asID:                     29538
IP address blocks:        146.19.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:46:a2:38:7e:bb:8f:51:60:58:ae:f9:c3:6f:c4:f9:9f:d2:0d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov 18 05:38:28 2024 GMT
            Not After : Nov 17 05:43:28 2025 GMT
        Subject: CN=75CA745C55588C90C92AD85A335A3E41307619DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0e:08:7b:4b:a6:f0:c1:91:81:6c:0d:8e:67:
                    65:5d:b0:27:44:e1:82:b5:fb:f0:53:c2:7b:c5:3d:
                    a0:80:a1:40:b7:cd:fb:a3:87:4c:58:82:ab:96:02:
                    9b:91:10:01:3b:06:0a:79:6b:aa:dd:a5:c0:7c:48:
                    5d:59:18:c1:2d:84:dd:8a:12:e2:f5:ef:d7:2a:6f:
                    ab:41:ca:fc:03:69:d1:77:57:0d:33:78:e5:1e:b4:
                    05:0d:04:24:f2:a2:a9:99:0e:bd:f8:6a:10:19:a5:
                    fd:b3:02:a0:42:cd:ca:d5:5b:2a:39:28:48:c6:da:
                    35:25:c2:53:38:95:0c:9b:27:46:f0:4b:19:13:43:
                    15:dd:79:13:38:11:89:7d:7c:9a:54:0b:6b:83:6c:
                    0a:4e:6c:f2:e6:f3:a7:e7:1b:6b:84:6e:38:66:9d:
                    e0:8d:e7:ce:86:44:b9:5e:5f:3f:d4:24:28:de:66:
                    73:87:a1:e6:eb:17:6a:a7:0a:ff:15:5b:02:1d:60:
                    ee:9c:9e:c9:d7:1b:bd:70:8d:45:86:b9:9d:d8:07:
                    e0:dc:3d:d3:79:7f:0d:87:69:d8:ce:cd:4f:7d:d5:
                    61:4b:b2:0c:b4:7b:85:62:d3:fd:c5:16:8d:ca:24:
                    69:2b:32:93:61:9c:0e:97:f5:6d:06:72:c5:53:79:
                    3c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:CA:74:5C:55:58:8C:90:C9:2A:D8:5A:33:5A:3E:41:30:76:19:DC
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e203239353338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c0:6b:f8:d0:88:37:f9:8d:d5:61:4a:8b:a5:f9:34:ae:dc:
         92:7c:49:a9:5f:c7:15:4a:49:19:34:70:f7:f0:24:ac:78:f3:
         ea:04:8b:ed:4a:9d:1c:a3:88:a0:b5:5d:36:88:a8:f1:f7:5a:
         c0:ea:f5:76:00:1e:eb:4f:0b:74:a3:c2:07:f9:ed:52:17:dd:
         67:4b:98:76:1f:82:f6:af:23:73:3e:93:04:59:38:df:d4:ba:
         6d:49:ef:12:b1:95:0d:77:8e:70:c9:5c:67:54:6f:77:da:3a:
         a9:42:91:05:f5:26:01:75:9e:70:e4:42:b0:f6:73:63:41:42:
         0d:cb:2e:d5:3a:2d:66:7f:45:e0:ca:2f:3c:d8:b6:c0:52:04:
         3f:ff:a0:cc:2f:61:e0:a6:0b:95:4b:31:61:fb:48:3e:9f:b0:
         01:e6:e9:95:10:96:13:92:dd:91:44:53:dd:d8:27:4e:8c:a2:
         a8:43:cc:91:3a:b4:04:d7:54:9a:1a:0a:c0:c1:eb:55:96:b1:
         0e:76:b5:85:70:d4:96:d3:6a:3a:a4:d2:b4:44:46:ab:e7:34:
         42:e2:09:30:cb:cb:5f:4f:1e:8b:b1:6d:49:e5:c0:73:53:ac:
         89:6a:05:ee:fb:a8:87:0b:be:fa:c1:19:58:63:f5:33:b4:be:
         83:84:4a:c0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHUaiOH67j1FgWK75w2/E+Z/SDfkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDExMTgwNTM4MjhaFw0yNTExMTcwNTQzMjhaMDMxMTAvBgNV
BAMTKDc1Q0E3NDVDNTU1ODhDOTBDOTJBRDg1QTMzNUEzRTQxMzA3NjE5REMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjDgh7S6bwwZGBbA2OZ2VdsCdE
4YK1+/BTwnvFPaCAoUC3zfujh0xYgquWApuREAE7Bgp5a6rdpcB8SF1ZGMEthN2K
EuL179cqb6tByvwDadF3Vw0zeOUetAUNBCTyoqmZDr34ahAZpf2zAqBCzcrVWyo5
KEjG2jUlwlM4lQybJ0bwSxkTQxXdeRM4EYl9fJpUC2uDbApObPLm86fnG2uEbjhm
neCN586GRLleXz/UJCjeZnOHoebrF2qnCv8VWwIdYO6cnsnXG71wjUWGuZ3YB+Dc
PdN5fw2HadjOzU991WFLsgy0e4Vi0/3FFo3KJGkrMpNhnA6X9W0GcsVTeTzdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdcp0XFVYjJDJKthaM1o+QTB2GdwwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM1MzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJIT
FjANBgkqhkiG9w0BAQsFAAOCAQEAY8Br+NCIN/mN1WFKi6X5NK7cknxJqV/HFUpJ
GTRw9/AkrHjz6gSL7UqdHKOIoLVdNoio8fdawOr1dgAe608LdKPCB/ntUhfdZ0uY
dh+C9q8jcz6TBFk439S6bUnvErGVDXeOcMlcZ1Rvd9o6qUKRBfUmAXWecORCsPZz
Y0FCDcsu1TotZn9F4MovPNi2wFIEP/+gzC9h4KYLlUsxYftIPp+wAebplRCWE5Ld
kURT3dgnToyiqEPMkTq0BNdUmhoKwMHrVZaxDna1hXDUltNqOqTStERGq+c0QuIJ
MMvLX08ei7FtSeXAc1OsiWoF7vuohwu++sEZWGP1M7S+g4RKwA==
-----END CERTIFICATE-----