Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3135312e302f32342d3234203d3e203134343435.roa
File:                     34352e36362e3135312e302f32342d3234203d3e203134343435.roa (raw, json)
Hash identifier:          YcMfxtlC0OZvWXWuQvAufJCcKwFf+SVOgvxwMBge394=
Subject key identifier:   9D:8C:B4:DE:69:FE:42:68:F8:A7:DB:64:2A:DB:70:A4:83:89:BB:2F
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       712E6D269F4B67A99CF7547EBFEE0CC6A650E63E
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3135312e302f32342d3234203d3e203134343435.roa
Signing time:             Thu 06 Jun 2024 16:21:38 +0000
ROA not before:           Thu 06 Jun 2024 16:16:38 +0000
ROA not after:            Thu 05 Jun 2025 16:21:38 +0000
asID:                     14445
IP address blocks:        45.66.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:2e:6d:26:9f:4b:67:a9:9c:f7:54:7e:bf:ee:0c:c6:a6:50:e6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jun  6 16:16:38 2024 GMT
            Not After : Jun  5 16:21:38 2025 GMT
        Subject: CN=9D8CB4DE69FE4268F8A7DB642ADB70A48389BB2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c0:b1:20:f9:05:41:4b:24:c0:7d:96:c3:aa:
                    6e:71:e7:46:cf:15:d7:8a:95:3c:11:e8:27:2c:01:
                    39:3e:f4:57:bf:0d:08:9b:4c:5a:51:d0:99:f7:6c:
                    ae:02:b6:61:49:c8:01:b4:03:eb:a1:0f:27:53:97:
                    99:00:28:7d:94:b1:bd:89:a7:de:61:ec:3b:a6:27:
                    a4:4e:3a:00:e9:b5:b9:a2:16:ac:d2:36:cf:27:d9:
                    21:1c:3a:80:a7:a3:ae:a1:a3:85:11:ec:16:24:ae:
                    98:48:ff:cf:22:e4:f0:97:de:dd:2a:cb:e0:db:7d:
                    55:6d:a6:20:d8:71:67:4e:98:49:f4:34:d9:c1:f2:
                    0d:ea:d7:5b:c5:c2:2f:cf:37:8f:65:30:e4:f1:d3:
                    59:ad:34:f6:c7:d4:e8:f1:d5:8f:23:ee:16:c8:cc:
                    fe:47:67:9a:c3:dd:90:69:29:12:c1:8e:ce:bb:74:
                    f2:e1:f8:01:b6:94:9d:71:ba:e1:0d:aa:5d:9b:27:
                    64:ff:c3:dd:99:b0:45:14:28:65:33:20:02:78:b1:
                    22:91:7e:69:04:76:cd:61:24:20:36:1b:f4:34:fa:
                    10:b8:21:69:b3:17:12:39:94:d7:52:f0:49:01:79:
                    4e:5f:1b:27:e6:d9:f9:5e:52:d1:f6:7a:bb:c2:ec:
                    b5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:8C:B4:DE:69:FE:42:68:F8:A7:DB:64:2A:DB:70:A4:83:89:BB:2F
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e36362e3135312e302f32342d3234203d3e203134343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:88:4e:8f:a6:ff:f9:9c:98:9a:62:16:b1:f6:80:50:21:30:
         f6:e8:a3:61:35:9e:ba:e8:e6:5b:0f:06:d1:ba:f5:04:67:da:
         39:11:8a:d0:df:1d:88:a1:18:7b:3a:93:8b:d1:8a:f8:50:12:
         02:83:a5:18:07:af:82:f1:52:22:70:48:bf:5a:7c:52:b5:be:
         d7:1f:91:ec:c4:84:74:81:1c:4d:0a:f0:d4:bb:89:8e:26:70:
         bd:54:fd:5d:36:59:1d:2e:16:dc:ea:46:b7:df:a1:16:a9:b4:
         ff:ce:7d:2c:c9:18:cd:b2:c9:92:23:35:eb:47:05:7f:21:c9:
         a5:97:fd:a9:db:90:f4:85:de:60:ef:6a:57:95:db:4c:3c:0b:
         02:92:f3:8e:de:fd:31:76:5b:9c:55:58:07:9d:3e:e0:dd:c2:
         d2:8f:da:dd:58:ce:8c:e7:74:db:d7:2f:b0:ea:bf:fd:ed:b1:
         13:dc:5b:14:62:27:fe:3f:39:71:d6:6a:70:97:9e:f4:97:c2:
         ec:4e:51:56:fc:03:4b:e7:a2:0b:59:af:af:9b:35:0e:0b:3b:
         01:6e:5a:5b:b9:ba:38:b8:f2:ba:de:3b:46:55:8f:77:65:60:
         f5:8f:38:9e:ca:1a:67:45:b3:a2:57:38:f2:57:7b:9e:44:fa:
         b9:23:c8:d7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcS5tJp9LZ6mc91R+v+4MxqZQ5j4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDA2MDYxNjE2MzhaFw0yNTA2MDUxNjIxMzhaMDMxMTAvBgNV
BAMTKDlEOENCNERFNjlGRTQyNjhGOEE3REI2NDJBREI3MEE0ODM4OUJCMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBwLEg+QVBSyTAfZbDqm5x50bP
FdeKlTwR6CcsATk+9Fe/DQibTFpR0Jn3bK4CtmFJyAG0A+uhDydTl5kAKH2Usb2J
p95h7DumJ6ROOgDptbmiFqzSNs8n2SEcOoCno66ho4UR7BYkrphI/88i5PCX3t0q
y+DbfVVtpiDYcWdOmEn0NNnB8g3q11vFwi/PN49lMOTx01mtNPbH1Ojx1Y8j7hbI
zP5HZ5rD3ZBpKRLBjs67dPLh+AG2lJ1xuuENql2bJ2T/w92ZsEUUKGUzIAJ4sSKR
fmkEds1hJCA2G/Q0+hC4IWmzFxI5lNdS8EkBeU5fGyfm2fleUtH2ervC7LWfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnYy03mn+Qmj4p9tkKttwpIOJuy8wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzYzNjJlMzEzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM0MzQzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
lzANBgkqhkiG9w0BAQsFAAOCAQEARIhOj6b/+ZyYmmIWsfaAUCEw9uijYTWeuujm
Ww8G0br1BGfaORGK0N8diKEYezqTi9GK+FASAoOlGAevgvFSInBIv1p8UrW+1x+R
7MSEdIEcTQrw1LuJjiZwvVT9XTZZHS4W3OpGt9+hFqm0/859LMkYzbLJkiM160cF
fyHJpZf9qduQ9IXeYO9qV5XbTDwLApLzjt79MXZbnFVYB50+4N3C0o/a3VjOjOd0
29cvsOq//e2xE9xbFGIn/j85cdZqcJee9JfC7E5RVvwDS+eiC1mvr5s1Dgs7AW5a
W7m6OLjyut47RlWPd2Vg9Y84nsoaZ0Wzolc48ld7nkT6uSPI1w==
-----END CERTIFICATE-----