Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2033323233.roa
File:                     3134362e31392e32322e302f32342d3234203d3e2033323233.roa (raw, json)
Hash identifier:          5djGdaUBT0gZw8OUWVBFUji2gCMHI09a06zXHqY9Zz4=
Subject key identifier:   B0:CA:01:52:1C:CF:56:FC:B9:46:B4:63:ED:83:CF:ED:B6:1A:FA:14
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       4F0D9376EFA99D5EC8A1B71FAEB35090478B148D
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2033323233.roa
Signing time:             Fri 15 Nov 2024 03:43:28 +0000
ROA not before:           Fri 15 Nov 2024 03:38:28 +0000
ROA not after:            Fri 14 Nov 2025 03:43:28 +0000
asID:                     3223
IP address blocks:        146.19.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:0d:93:76:ef:a9:9d:5e:c8:a1:b7:1f:ae:b3:50:90:47:8b:14:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov 15 03:38:28 2024 GMT
            Not After : Nov 14 03:43:28 2025 GMT
        Subject: CN=B0CA01521CCF56FCB946B463ED83CFEDB61AFA14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:fc:fc:59:c1:5b:d0:8f:d6:8a:56:ed:99:c4:
                    97:e6:ac:3c:bd:70:fd:f4:12:ef:5c:6e:ef:bd:1d:
                    da:a6:b5:ed:82:54:e9:2d:29:41:d6:4c:ee:46:68:
                    58:cf:62:c7:ff:97:99:38:99:9b:98:21:0d:9f:99:
                    6d:cc:13:85:7a:a2:8c:00:e9:b6:0a:db:ef:3d:3a:
                    85:0a:66:d9:00:d3:46:9b:00:30:93:a6:b7:0d:ea:
                    d9:ab:15:92:da:0c:77:bd:1d:3d:cd:28:50:a3:83:
                    31:a6:c8:10:fc:9f:cf:51:dc:f3:09:79:e5:d9:4e:
                    13:04:1c:50:86:f1:34:44:8d:50:14:e8:54:2c:88:
                    18:8d:3a:56:e7:ac:fa:e7:72:bb:84:bf:5a:03:9f:
                    7d:78:9c:fc:22:ab:60:56:37:05:db:49:2c:f9:94:
                    a3:22:22:bf:6d:f9:69:66:aa:2b:47:c0:3b:95:43:
                    2d:c5:18:5a:f4:3e:56:9f:43:8c:8d:7b:13:b8:04:
                    43:4a:77:72:46:83:4f:ae:79:5c:84:fd:55:57:09:
                    6d:16:f1:90:2d:ae:02:2d:89:39:00:59:f1:cd:a4:
                    50:f3:a3:3e:a6:09:4a:b3:85:87:f2:3e:e9:f5:f7:
                    6c:3e:70:f8:17:0f:68:03:18:a0:86:c5:98:20:3c:
                    3d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CA:01:52:1C:CF:56:FC:B9:46:B4:63:ED:83:CF:ED:B6:1A:FA:14
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2033323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:c6:91:aa:7d:2a:76:ae:9a:2d:a5:d0:8d:67:ae:92:f1:94:
         ef:c1:e5:35:b0:84:45:20:f6:fa:75:70:65:ed:0c:87:80:76:
         d0:e3:e5:ef:5f:df:63:bd:17:21:fe:6d:fa:d9:6c:de:4f:13:
         61:61:92:3d:a4:17:24:a2:a7:3d:7a:d8:ef:04:c3:79:e3:9e:
         58:22:c4:b8:c9:62:cf:88:ed:f7:1b:33:b1:ee:13:63:1f:83:
         64:55:54:70:7b:4a:5e:21:0e:79:ef:a1:f1:bd:7d:00:60:64:
         53:5c:7b:0c:a8:b4:87:a7:eb:4d:41:18:49:d6:d1:e8:26:6b:
         a5:bb:e8:8f:b5:c4:e0:bf:26:fc:d8:e4:16:7d:a2:bd:47:9a:
         cf:51:95:a5:09:a5:42:af:ac:fd:e1:17:aa:04:fa:24:7d:50:
         4c:a5:df:bf:45:f9:7f:e4:2b:f1:4a:63:43:59:36:00:a4:8d:
         5f:93:97:1f:b4:6b:08:a5:c3:86:d2:7a:fc:70:33:10:7f:54:
         14:af:75:50:ba:b6:e3:f6:7e:3d:59:b1:a0:b0:c3:ca:d3:10:
         74:dd:ad:70:ed:58:47:5d:a8:ec:4f:ca:d7:68:17:8b:dc:31:
         18:3c:5f:d1:0a:76:0d:58:6b:31:e2:5d:7d:ae:03:df:52:45:
         87:43:1d:19
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUTw2Tdu+pnV7IobcfrrNQkEeLFI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDExMTUwMzM4MjhaFw0yNTExMTQwMzQzMjhaMDMxMTAvBgNV
BAMTKEIwQ0EwMTUyMUNDRjU2RkNCOTQ2QjQ2M0VEODNDRkVEQjYxQUZBMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf/PxZwVvQj9aKVu2ZxJfmrDy9
cP30Eu9cbu+9Hdqmte2CVOktKUHWTO5GaFjPYsf/l5k4mZuYIQ2fmW3ME4V6oowA
6bYK2+89OoUKZtkA00abADCTprcN6tmrFZLaDHe9HT3NKFCjgzGmyBD8n89R3PMJ
eeXZThMEHFCG8TREjVAU6FQsiBiNOlbnrPrncruEv1oDn314nPwiq2BWNwXbSSz5
lKMiIr9t+WlmqitHwDuVQy3FGFr0PlafQ4yNexO4BENKd3JGg0+ueVyE/VVXCW0W
8ZAtrgItiTkAWfHNpFDzoz6mCUqzhYfyPun192w+cPgXD2gDGKCGxZggPD1BAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUsMoBUhzPVvy5RrRj7YPP7bYa+hQwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMyMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSExYw
DQYJKoZIhvcNAQELBQADggEBAFvGkap9Knaumi2l0I1nrpLxlO/B5TWwhEUg9vp1
cGXtDIeAdtDj5e9f32O9FyH+bfrZbN5PE2Fhkj2kFySipz162O8Ew3njnlgixLjJ
Ys+I7fcbM7HuE2Mfg2RVVHB7Sl4hDnnvofG9fQBgZFNcewyotIen601BGEnW0egm
a6W76I+1xOC/JvzY5BZ9or1Hms9RlaUJpUKvrP3hF6oE+iR9UEyl379F+X/kK/FK
Y0NZNgCkjV+Tlx+0awilw4bSevxwMxB/VBSvdVC6tuP2fj1ZsaCww8rTEHTdrXDt
WEddqOxPytdoF4vcMRg8X9EKdg1YazHiXX2uA99SRYdDHRk=
-----END CERTIFICATE-----