Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2033323233.roa
File:                     3134362e31392e32322e302f32342d3234203d3e2033323233.roa (raw, json)
Hash identifier:          THJ0IbNKTiwH7SP2z3ohTEjo0P52fPuZ9aP6N1e2hkE=
Subject key identifier:   90:76:E5:24:BB:D6:AC:45:D0:04:CD:7D:24:FB:CA:AB:41:53:76:1F
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       07098C2CDB63CF9531F2CE0A1AB78172EE878A8D
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2033323233.roa
Signing time:             Fri 15 Dec 2023 03:39:48 +0000
ROA not before:           Fri 15 Dec 2023 03:34:48 +0000
ROA not after:            Fri 13 Dec 2024 03:39:48 +0000
asID:                     3223
IP address blocks:        146.19.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:09:8c:2c:db:63:cf:95:31:f2:ce:0a:1a:b7:81:72:ee:87:8a:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Dec 15 03:34:48 2023 GMT
            Not After : Dec 13 03:39:48 2024 GMT
        Subject: CN=9076E524BBD6AC45D004CD7D24FBCAAB4153761F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:12:92:6a:10:77:d0:17:18:3a:b3:3b:b5:4e:
                    fb:3b:f3:34:db:8c:6d:14:9c:1e:eb:21:28:8d:7b:
                    7b:f3:8b:56:73:df:97:cc:2f:2a:ad:04:97:03:cf:
                    55:b8:f6:06:9e:36:71:d9:f8:92:f6:f3:61:3a:cb:
                    22:16:71:24:27:ce:d7:17:fc:db:2c:cd:84:96:73:
                    b0:42:45:87:7b:f0:94:34:2f:33:e9:3d:b0:d1:03:
                    9b:63:cb:88:b7:14:87:47:d3:a0:c2:a1:09:91:e5:
                    ca:46:9b:43:bd:3f:7b:cd:3e:2a:c0:6e:17:ec:89:
                    30:7d:f2:92:4d:6f:be:5b:5e:7a:b1:f7:4a:bd:03:
                    d7:e1:a9:95:ac:d7:05:de:f7:6d:25:42:ad:0b:e4:
                    33:be:5b:ea:e1:cc:72:0b:e6:e1:3f:4c:5d:d7:0d:
                    91:60:de:76:07:68:bd:a9:8e:64:dd:18:32:1f:0d:
                    ff:93:d1:f6:24:ce:7e:fb:09:f9:89:b1:fa:80:ee:
                    bb:9b:bf:58:a0:a0:6e:66:5f:91:08:9d:74:0b:62:
                    07:25:48:50:42:40:80:67:24:e0:7a:ec:b1:57:cb:
                    52:f0:4d:1c:0b:61:77:66:60:bd:fd:ba:39:9b:5b:
                    a0:65:92:70:38:dd:1f:67:89:8e:6f:63:e9:e9:ab:
                    47:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:76:E5:24:BB:D6:AC:45:D0:04:CD:7D:24:FB:CA:AB:41:53:76:1F
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2033323233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:c0:d7:36:bf:3e:d2:c2:a7:dc:3f:79:b1:a2:ac:97:75:e1:
         59:86:ee:3d:1f:43:e2:24:d3:a2:2d:ea:69:89:ce:fb:4a:60:
         2d:ed:09:f0:0b:f8:a1:26:1a:38:bd:5f:22:32:33:07:b4:47:
         6b:56:59:72:3e:b0:08:51:9d:16:6b:e7:42:b3:d8:47:eb:c9:
         1a:05:9c:ef:7b:a2:a7:ba:a4:8e:55:44:b4:6b:22:fa:e5:a9:
         0b:88:d9:6d:be:b5:6c:93:10:43:c9:1e:8f:be:76:b2:db:62:
         2c:52:ab:fb:09:fc:4a:1c:be:d9:ac:73:00:ea:34:9c:2a:86:
         40:bf:2e:f4:f5:6b:2f:c8:4a:a8:7d:50:05:71:5b:f9:33:1a:
         e0:8b:9a:11:2e:21:35:39:53:56:da:74:86:f5:49:a4:6c:63:
         47:49:5b:6a:fa:12:23:8d:93:29:aa:6d:b3:ca:26:51:50:7c:
         ec:20:dc:c0:43:f8:a6:41:03:df:b9:5b:e8:88:e3:e0:b1:43:
         31:e4:e3:c4:38:9e:54:88:25:80:d1:bb:d2:f0:c8:c6:d5:e6:
         7f:a6:cd:f5:c4:80:1b:7d:c5:0a:df:3c:2e:5b:f5:bf:26:7d:
         6d:56:1d:ed:3a:fa:55:43:87:fa:79:56:f2:1c:56:51:94:0d:
         6e:a4:a5:d4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBwmMLNtjz5Ux8s4KGreBcu6Hio0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yMzEyMTUwMzM0NDhaFw0yNDEyMTMwMzM5NDhaMDMxMTAvBgNV
BAMTKDkwNzZFNTI0QkJENkFDNDVEMDA0Q0Q3RDI0RkJDQUFCNDE1Mzc2MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvEpJqEHfQFxg6szu1Tvs78zTb
jG0UnB7rISiNe3vzi1Zz35fMLyqtBJcDz1W49gaeNnHZ+JL282E6yyIWcSQnztcX
/NsszYSWc7BCRYd78JQ0LzPpPbDRA5tjy4i3FIdH06DCoQmR5cpGm0O9P3vNPirA
bhfsiTB98pJNb75bXnqx90q9A9fhqZWs1wXe920lQq0L5DO+W+rhzHIL5uE/TF3X
DZFg3nYHaL2pjmTdGDIfDf+T0fYkzn77CfmJsfqA7rubv1igoG5mX5EInXQLYgcl
SFBCQIBnJOB67LFXy1LwTRwLYXdmYL39ujmbW6BlknA43R9niY5vY+npq0dvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkHblJLvWrEXQBM19JPvKq0FTdh8wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMjMyMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSExYw
DQYJKoZIhvcNAQELBQADggEBAL7A1za/PtLCp9w/ebGirJd14VmG7j0fQ+Ik06It
6mmJzvtKYC3tCfAL+KEmGji9XyIyMwe0R2tWWXI+sAhRnRZr50Kz2EfryRoFnO97
oqe6pI5VRLRrIvrlqQuI2W2+tWyTEEPJHo++drLbYixSq/sJ/EocvtmscwDqNJwq
hkC/LvT1ay/ISqh9UAVxW/kzGuCLmhEuITU5U1badIb1SaRsY0dJW2r6EiONkymq
bbPKJlFQfOwg3MBD+KZBA9+5W+iI4+CxQzHk48Q4nlSIJYDRu9LwyMbV5n+mzfXE
gBt9xQrfPC5b9b8mfW1WHe06+lVDh/p5VvIcVlGUDW6kpdQ=
-----END CERTIFICATE-----