Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
File:                     34352e31332e3134382e302f32332d3233203d3e203632333837.roa (raw, json)
Hash identifier:          Ye3mPOZbA+4HTsSpwuy0VV1ypo1d5aDucJ1kgVkdB7I=
Subject key identifier:   2B:36:71:DA:C3:18:FE:A2:DA:C5:DC:A1:61:25:BB:9C:7C:31:AB:B5
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       2B297C9DF8A914DBE6CEB2FCA604BD35A00E91E9
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
Signing time:             Thu 06 Jun 2024 16:22:55 +0000
ROA not before:           Thu 06 Jun 2024 16:17:55 +0000
ROA not after:            Thu 05 Jun 2025 16:22:55 +0000
asID:                     62387
IP address blocks:        45.13.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:29:7c:9d:f8:a9:14:db:e6:ce:b2:fc:a6:04:bd:35:a0:0e:91:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:17:55 2024 GMT
            Not After : Jun  5 16:22:55 2025 GMT
        Subject: CN=2B3671DAC318FEA2DAC5DCA16125BB9C7C31ABB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:83:40:a7:b1:ce:71:6b:e0:49:d0:00:48:4c:
                    fc:d1:9e:b1:07:d4:5d:78:21:c2:5f:51:27:4a:7d:
                    35:b4:50:e0:0b:d7:e2:91:6b:29:69:87:f4:09:a8:
                    0d:3b:5e:4f:ac:1a:60:0c:98:c2:bb:40:0a:33:7e:
                    ef:9d:22:9b:fd:82:e4:36:79:d6:a7:64:60:41:30:
                    f3:bd:4b:45:4d:67:ee:43:9f:48:9c:e5:75:47:16:
                    05:ee:1d:47:fe:92:c6:75:68:74:1e:60:3f:df:d2:
                    ad:5f:d2:ea:73:b4:28:9c:d0:1e:68:81:af:52:e6:
                    a6:81:82:a0:2b:38:49:09:0b:02:01:a9:84:05:43:
                    27:f0:bf:45:32:07:94:c6:88:0d:f0:19:e2:60:30:
                    1d:f5:8d:c0:f6:3c:b5:69:3a:6a:1a:18:24:95:b6:
                    b0:d5:7f:b1:9e:85:b6:5d:bd:ba:63:5e:c1:71:1d:
                    e5:9e:e8:24:38:85:46:aa:09:52:93:1b:4c:e9:ea:
                    39:5b:38:62:42:41:7d:cb:e9:50:0d:ec:56:c6:85:
                    10:8d:66:75:8f:23:eb:0f:c4:ed:0c:f8:0c:29:8b:
                    81:5e:1c:19:82:4e:04:3b:a3:81:a3:7c:65:c4:0e:
                    01:72:cd:a4:16:d9:36:7f:55:9e:01:c4:8b:87:8d:
                    08:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:36:71:DA:C3:18:FE:A2:DA:C5:DC:A1:61:25:BB:9C:7C:31:AB:B5
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:50:58:17:c2:0f:86:d1:09:4c:8f:b4:a0:2a:34:46:3a:1d:
         42:d7:06:f0:7a:47:82:d4:db:7e:7d:ac:86:99:39:74:da:c9:
         b8:86:9f:94:22:bd:9c:c6:26:64:e8:16:f4:fc:88:19:f7:d8:
         9d:32:e1:95:c3:3a:d9:11:84:93:b4:b6:0e:32:7a:e3:bd:38:
         2d:7c:78:1d:5d:24:58:64:56:d1:2e:ea:99:f6:4f:23:f8:da:
         bb:ef:fe:9b:ca:11:9c:47:b0:7e:e7:6b:94:cf:51:3a:f2:96:
         1a:ff:fa:fb:0c:ae:f0:2d:fb:15:93:74:13:24:6f:36:a2:77:
         73:63:2c:cf:2f:06:e5:fb:60:84:72:0b:26:e6:4a:f3:70:74:
         3f:48:b6:78:0a:61:7c:73:67:d0:0d:2a:92:89:df:85:f3:f1:
         57:a0:0c:27:5b:59:67:15:bc:1b:7a:1f:9b:5f:f3:e1:53:46:
         ac:ab:2b:7a:17:fb:1c:86:52:4c:1a:96:10:22:95:b5:9e:8d:
         08:ca:9c:75:4a:74:ee:23:d3:ce:cc:54:53:48:45:e6:20:f5:
         34:57:9f:c5:cf:18:54:ce:e9:22:57:40:a6:03:4f:5f:67:34:
         cf:ce:b0:dd:d3:e5:94:38:16:12:06:25:4f:1b:e8:fb:a8:05:
         fb:12:6b:5a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKyl8nfipFNvmzrL8pgS9NaAOkekwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE3NTVaFw0yNTA2MDUxNjIyNTVaMDMxMTAvBgNV
BAMTKDJCMzY3MURBQzMxOEZFQTJEQUM1RENBMTYxMjVCQjlDN0MzMUFCQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkg0Cnsc5xa+BJ0ABITPzRnrEH
1F14IcJfUSdKfTW0UOAL1+KRaylph/QJqA07Xk+sGmAMmMK7QAozfu+dIpv9guQ2
edanZGBBMPO9S0VNZ+5Dn0ic5XVHFgXuHUf+ksZ1aHQeYD/f0q1f0upztCic0B5o
ga9S5qaBgqArOEkJCwIBqYQFQyfwv0UyB5TGiA3wGeJgMB31jcD2PLVpOmoaGCSV
trDVf7GehbZdvbpjXsFxHeWe6CQ4hUaqCVKTG0zp6jlbOGJCQX3L6VAN7FbGhRCN
ZnWPI+sPxO0M+Awpi4FeHBmCTgQ7o4GjfGXEDgFyzaQW2TZ/VZ4BxIuHjQhNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKzZx2sMY/qLaxdyhYSW7nHwxq7UwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzYzMjMzMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0N
lDANBgkqhkiG9w0BAQsFAAOCAQEAflBYF8IPhtEJTI+0oCo0RjodQtcG8HpHgtTb
fn2shpk5dNrJuIaflCK9nMYmZOgW9PyIGffYnTLhlcM62RGEk7S2DjJ64704LXx4
HV0kWGRW0S7qmfZPI/jau+/+m8oRnEewfudrlM9ROvKWGv/6+wyu8C37FZN0EyRv
NqJ3c2Mszy8G5ftghHILJuZK83B0P0i2eAphfHNn0A0qkonfhfPxV6AMJ1tZZxW8
G3ofm1/z4VNGrKsrehf7HIZSTBqWECKVtZ6NCMqcdUp07iPTzsxUU0hF5iD1NFef
xc8YVM7pIldApgNPX2c0z86w3dPllDgWEgYlTxvo+6gF+xJrWg==
-----END CERTIFICATE-----