Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
File:                     34352e31332e3134392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          7jGC7aXk2sdhaV3FWaCxmxMzpUP1pNapp+AOAjKjjLA=
Subject key identifier:   76:FF:A1:71:7A:1E:61:B6:27:14:04:DB:66:43:8B:A5:5F:10:4B:4E
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       49FE4FB883DD90C6BE9BFF4AF20BA03508D2DF3B
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 06 Jun 2024 16:22:07 +0000
ROA not before:           Thu 06 Jun 2024 16:17:07 +0000
ROA not after:            Thu 05 Jun 2025 16:22:07 +0000
asID:                     61317
IP address blocks:        45.13.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:fe:4f:b8:83:dd:90:c6:be:9b:ff:4a:f2:0b:a0:35:08:d2:df:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:17:07 2024 GMT
            Not After : Jun  5 16:22:07 2025 GMT
        Subject: CN=76FFA1717A1E61B6271404DB66438BA55F104B4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:10:df:17:d9:18:05:ec:65:6b:99:8f:1e:bf:
                    fc:32:b8:b4:33:3d:35:cc:a3:84:92:64:bc:ce:dc:
                    ba:13:d9:92:9c:98:a2:08:15:12:d9:89:ea:e8:59:
                    22:04:aa:6c:e8:2b:dd:79:e0:b8:c6:a2:54:3a:1c:
                    e8:1f:e0:2c:d5:24:c4:7e:b4:e0:2a:8e:96:d8:77:
                    80:60:31:45:cb:50:35:a4:8d:9f:f9:77:3a:d6:20:
                    0a:d5:6a:66:14:b5:7a:b8:59:d8:02:b0:61:23:b7:
                    59:ac:01:c7:e6:00:75:00:b4:01:e2:eb:e7:1c:08:
                    f7:85:7e:70:8f:c5:c3:60:e0:d5:71:2f:94:67:73:
                    fa:5d:c2:53:16:5f:ff:38:5f:16:9f:65:91:fc:0b:
                    45:07:fd:29:5d:02:4d:f0:55:1f:73:66:9b:4e:59:
                    ec:b6:7d:29:99:96:de:85:54:8d:77:7c:b6:48:91:
                    58:7a:54:34:dc:06:1a:93:27:11:0f:b3:6c:a2:86:
                    5a:4a:b6:69:bb:bd:e2:5e:96:aa:49:9e:e3:df:07:
                    96:db:e5:3e:f6:24:ef:27:4e:df:0c:47:f1:7a:f8:
                    70:09:92:19:f3:7a:41:d7:7c:f5:e0:5e:32:c9:86:
                    14:9a:63:cd:a3:71:0a:af:1d:31:bf:9a:49:be:18:
                    19:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:FF:A1:71:7A:1E:61:B6:27:14:04:DB:66:43:8B:A5:5F:10:4B:4E
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:20:57:a7:5b:a6:a6:36:39:87:aa:a9:71:bd:11:a0:24:55:
         5d:23:f0:7f:ab:0c:29:b3:d5:13:d0:28:f2:47:5a:dd:79:e1:
         c7:e1:7a:c7:74:06:01:bb:5b:de:3e:84:ed:9c:c8:1e:04:22:
         c8:04:86:de:2d:04:cd:8b:fa:35:6c:ac:92:c7:92:b7:b6:11:
         1f:c0:6f:54:4e:3e:e6:b2:01:53:af:87:c0:d3:52:c7:cf:fd:
         d9:28:32:ff:2c:25:88:3a:56:0d:a2:b0:1d:69:2c:94:57:30:
         60:e4:1a:c7:0a:a1:f8:99:0f:27:4e:21:de:98:3e:8d:8f:29:
         f2:a9:36:44:a1:e1:60:80:f9:50:b9:53:6b:26:1a:09:81:6b:
         12:af:20:80:2b:f9:1d:4b:ed:35:d9:ce:6c:b3:85:a9:10:96:
         bb:2f:5a:c3:6d:0d:7b:08:3b:f1:13:77:ef:c8:f6:61:d7:d5:
         f8:cd:ef:58:f5:5f:43:dc:ed:05:ad:30:ad:58:0e:15:15:77:
         d8:02:d4:ae:0f:f5:29:c9:f8:22:e8:68:03:5d:39:d6:8a:95:
         bc:b0:e3:0f:20:16:de:82:83:15:9b:e3:ab:1b:aa:fe:64:a9:
         d0:95:8d:07:d3:29:db:e7:43:da:d1:80:33:4f:15:49:3c:6b:
         82:13:3c:1e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSf5PuIPdkMa+m/9K8gugNQjS3zswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE3MDdaFw0yNTA2MDUxNjIyMDdaMDMxMTAvBgNV
BAMTKDc2RkZBMTcxN0ExRTYxQjYyNzE0MDREQjY2NDM4QkE1NUYxMDRCNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJEN8X2RgF7GVrmY8ev/wyuLQz
PTXMo4SSZLzO3LoT2ZKcmKIIFRLZieroWSIEqmzoK9154LjGolQ6HOgf4CzVJMR+
tOAqjpbYd4BgMUXLUDWkjZ/5dzrWIArVamYUtXq4WdgCsGEjt1msAcfmAHUAtAHi
6+ccCPeFfnCPxcNg4NVxL5Rnc/pdwlMWX/84XxafZZH8C0UH/SldAk3wVR9zZptO
Wey2fSmZlt6FVI13fLZIkVh6VDTcBhqTJxEPs2yihlpKtmm7veJelqpJnuPfB5bb
5T72JO8nTt8MR/F6+HAJkhnzekHXfPXgXjLJhhSaY82jcQqvHTG/mkm+GBnLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdv+hcXoeYbYnFATbZkOLpV8QS04wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0N
lTANBgkqhkiG9w0BAQsFAAOCAQEACyBXp1umpjY5h6qpcb0RoCRVXSPwf6sMKbPV
E9Ao8kda3Xnhx+F6x3QGAbtb3j6E7ZzIHgQiyASG3i0EzYv6NWyskseSt7YRH8Bv
VE4+5rIBU6+HwNNSx8/92Sgy/ywliDpWDaKwHWkslFcwYOQaxwqh+JkPJ04h3pg+
jY8p8qk2RKHhYID5ULlTayYaCYFrEq8ggCv5HUvtNdnObLOFqRCWuy9aw20Newg7
8RN378j2YdfV+M3vWPVfQ9ztBa0wrVgOFRV32ALUrg/1Kcn4IuhoA1051oqVvLDj
DyAW3oKDFZvjqxuq/mSp0JWNB9Mp2+dD2tGAM08VSTxrghM8Hg==
-----END CERTIFICATE-----