Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e203239353338.roa
File:                     3134362e31392e32322e302f32342d3234203d3e203239353338.roa (raw, json)
Hash identifier:          a+a5Rzs95c3lFQwHQi2w3tS4zNenExLcmh919B9jnV8=
Subject key identifier:   8C:54:89:A1:A5:99:28:CB:EB:18:18:0D:4B:D3:CF:E4:6C:8D:9C:B1
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       26ABD5F3F6C1230FA3337745F1738F60A3C8581D
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e203239353338.roa
Signing time:             Mon 18 Dec 2023 04:51:19 +0000
ROA not before:           Mon 18 Dec 2023 04:46:19 +0000
ROA not after:            Mon 16 Dec 2024 04:51:19 +0000
asID:                     29538
IP address blocks:        146.19.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ab:d5:f3:f6:c1:23:0f:a3:33:77:45:f1:73:8f:60:a3:c8:58:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec 18 04:46:19 2023 GMT
            Not After : Dec 16 04:51:19 2024 GMT
        Subject: CN=8C5489A1A59928CBEB18180D4BD3CFE46C8D9CB1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:6a:42:3e:cf:13:4e:83:3e:fd:c3:f9:fc:b6:
                    07:c3:94:81:1f:c9:da:5f:2f:30:29:48:4f:ff:ec:
                    9b:8f:23:fd:bf:53:25:29:bf:55:de:50:bb:5e:d3:
                    73:c2:66:75:ef:0b:d1:a4:cf:85:ee:b1:59:07:88:
                    60:e3:e5:3b:4c:37:68:a8:cc:d7:83:26:b0:d6:74:
                    2e:08:dc:22:e6:e0:87:eb:15:11:2f:39:32:9e:38:
                    8c:a2:98:81:31:df:58:6b:8f:c2:98:8d:b1:89:3c:
                    91:f0:af:f8:d8:91:9f:3e:80:87:ca:d2:f8:d1:8a:
                    2d:44:df:cb:29:d2:76:74:10:76:d1:40:a7:29:92:
                    fd:06:ab:23:56:44:65:0d:53:12:40:33:17:f4:eb:
                    a9:de:d8:8f:b1:82:b3:3f:ea:27:07:f8:6f:b7:81:
                    5b:1d:eb:69:02:0d:20:de:87:e0:40:bb:ae:b2:3b:
                    db:b0:6a:0a:52:3d:d1:a6:c7:7a:af:1a:de:f2:58:
                    eb:63:16:76:5f:e6:73:df:7f:99:4c:7f:89:40:12:
                    59:bc:b6:ac:c1:65:c9:1d:b9:25:27:fc:01:d2:ef:
                    f6:a8:de:77:82:0e:ca:48:17:a2:29:2d:ba:3c:a8:
                    f8:92:fb:8c:1f:23:f9:48:86:00:d6:67:eb:c0:26:
                    71:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:54:89:A1:A5:99:28:CB:EB:18:18:0D:4B:D3:CF:E4:6C:8D:9C:B1
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e203239353338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:4e:62:4f:77:8f:c4:d1:b1:f9:8d:76:86:d0:fa:d8:32:0b:
         fe:de:ea:9e:b0:a8:ef:c5:1b:88:11:a9:1f:cd:7a:1f:2e:23:
         ee:b8:66:b7:12:cd:7a:c6:25:20:20:87:ac:de:b2:2d:fe:d1:
         c3:b1:2d:41:a1:b2:4a:a4:9f:9b:32:9a:cb:67:03:91:66:d9:
         a8:67:54:35:b8:8d:40:50:27:50:5c:bd:02:ba:a7:46:5d:24:
         11:13:7a:ad:87:d4:c2:f1:aa:60:c1:fc:df:54:f5:bc:31:1f:
         11:c0:52:f4:2d:65:a9:33:f1:14:db:5d:fb:ea:48:3c:0b:9e:
         c1:41:be:e9:f5:f9:6a:13:26:79:f9:7e:a9:ba:1b:b5:7c:8b:
         ba:27:2c:e7:26:24:b8:06:0c:cc:05:0e:bb:83:85:9d:fe:1d:
         42:ec:85:91:7c:0b:6e:83:88:24:eb:74:9f:c2:77:5f:cd:cc:
         f8:9d:b8:2b:e2:67:06:ba:88:4b:4d:53:a4:6d:20:57:3b:67:
         60:3e:ef:6b:77:63:f2:bd:62:74:84:4f:8c:83:1a:b0:9a:eb:
         6c:10:09:59:c5:19:61:c6:b2:9e:60:b4:83:60:64:e9:05:13:
         3d:8a:30:30:36:f0:01:14:d7:d5:4d:6b:b7:37:1a:62:14:01:
         01:cd:0c:8b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJqvV8/bBIw+jM3dF8XOPYKPIWB0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMTgwNDQ2MTlaFw0yNDEyMTYwNDUxMTlaMDMxMTAvBgNV
BAMTKDhDNTQ4OUExQTU5OTI4Q0JFQjE4MTgwRDRCRDNDRkU0NkM4RDlDQjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmakI+zxNOgz79w/n8tgfDlIEf
ydpfLzApSE//7JuPI/2/UyUpv1XeULte03PCZnXvC9Gkz4XusVkHiGDj5TtMN2io
zNeDJrDWdC4I3CLm4IfrFREvOTKeOIyimIEx31hrj8KYjbGJPJHwr/jYkZ8+gIfK
0vjRii1E38sp0nZ0EHbRQKcpkv0GqyNWRGUNUxJAMxf066ne2I+xgrM/6icH+G+3
gVsd62kCDSDeh+BAu66yO9uwagpSPdGmx3qvGt7yWOtjFnZf5nPff5lMf4lAElm8
tqzBZckduSUn/AHS7/ao3neCDspIF6IpLbo8qPiS+4wfI/lIhgDWZ+vAJnHTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjFSJoaWZKMvrGBgNS9PP5GyNnLEwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM1MzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJIT
FjANBgkqhkiG9w0BAQsFAAOCAQEAxk5iT3ePxNGx+Y12htD62DIL/t7qnrCo78Ub
iBGpH816Hy4j7rhmtxLNesYlICCHrN6yLf7Rw7EtQaGySqSfmzKay2cDkWbZqGdU
NbiNQFAnUFy9ArqnRl0kERN6rYfUwvGqYMH831T1vDEfEcBS9C1lqTPxFNtd++pI
PAuewUG+6fX5ahMmefl+qbobtXyLuics5yYkuAYMzAUOu4OFnf4dQuyFkXwLboOI
JOt0n8J3X83M+J24K+JnBrqIS01TpG0gVztnYD7va3dj8r1idIRPjIMasJrrbBAJ
WcUZYcaynmC0g2Bk6QUTPYowMDbwARTX1U1rtzcaYhQBAc0Miw==
-----END CERTIFICATE-----