Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137322e302f32342d3234203d3e20323035373333.roa
File:                     34352e382e3137322e302f32342d3234203d3e20323035373333.roa (raw, json)
Hash identifier:          lhD2AirLJKoA1byijcbKW+catIiIM5AuDHLdpKXiAzA=
Subject key identifier:   BA:FD:E5:A3:F4:C5:21:31:38:16:F9:3C:06:A9:4F:D6:C0:41:FC:12
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       45F8CB54E18B4685326B0B07D3F6BD3634A73C68
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137322e302f32342d3234203d3e20323035373333.roa
Signing time:             Fri 01 Nov 2024 15:56:41 +0000
ROA not before:           Fri 01 Nov 2024 15:51:41 +0000
ROA not after:            Fri 31 Oct 2025 15:56:41 +0000
asID:                     205733
IP address blocks:        45.8.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:f8:cb:54:e1:8b:46:85:32:6b:0b:07:d3:f6:bd:36:34:a7:3c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov  1 15:51:41 2024 GMT
            Not After : Oct 31 15:56:41 2025 GMT
        Subject: CN=BAFDE5A3F4C521313816F93C06A94FD6C041FC12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:80:ba:3b:72:a2:a7:e9:89:20:d0:67:ee:f6:
                    74:26:21:fe:a0:35:2e:65:77:87:5f:d8:17:47:f8:
                    37:97:fa:73:d9:30:07:3c:e9:29:43:81:93:00:5a:
                    28:35:51:60:0b:7c:a7:d0:e1:c3:b3:c9:44:e6:bd:
                    2e:ca:d8:39:3c:72:da:3d:ca:f1:0f:4c:81:3c:90:
                    e0:a8:26:7a:11:73:eb:2a:d5:4b:9b:b0:ef:9a:5a:
                    b8:2d:29:1a:21:38:7f:08:41:bd:2a:e1:87:54:81:
                    f3:0c:83:98:e9:94:6a:84:c1:79:b1:ad:0a:50:e3:
                    0e:3f:01:fd:c8:69:23:c8:fb:5a:cf:3f:87:b4:73:
                    7a:7a:62:62:7b:b2:70:7d:1d:ce:fb:3a:20:21:2a:
                    1f:a7:95:c1:89:ae:20:29:83:50:fb:66:86:ac:25:
                    b8:27:a8:93:75:76:d1:26:34:e8:d6:c8:ae:4c:be:
                    27:75:01:c8:d6:a1:6c:0f:49:1a:83:74:d1:fb:d5:
                    ee:f3:22:1e:57:d5:48:0c:2d:69:04:ec:c3:97:30:
                    c7:0c:93:91:6f:84:92:ae:6a:f7:e5:02:07:dd:9b:
                    85:2b:16:53:6b:e4:24:c1:d2:5f:c3:6f:f9:37:63:
                    67:bf:28:8c:40:c5:fb:8f:72:d6:87:19:ef:24:fe:
                    3f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:FD:E5:A3:F4:C5:21:31:38:16:F9:3C:06:A9:4F:D6:C0:41:FC:12
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137322e302f32342d3234203d3e20323035373333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:3a:f5:d4:f8:79:ef:f2:68:52:87:91:7f:20:94:a3:ba:61:
         c9:e5:86:41:7c:69:32:df:6b:cf:49:66:2f:0b:a1:d3:88:a0:
         ad:a0:f0:20:67:ab:3b:16:17:48:2f:f6:85:1a:d1:95:83:d4:
         29:89:da:51:81:6e:9b:fb:41:5d:ac:8d:30:ec:87:44:60:05:
         58:4a:34:bd:5e:16:fb:09:06:7e:24:f8:e0:1c:f3:9d:94:8b:
         33:31:4b:6a:b0:c4:c3:a4:d1:b9:b3:79:d2:f0:37:09:88:11:
         f3:63:e7:cc:70:08:e9:f9:ac:51:d6:da:32:27:83:d6:64:ec:
         8e:3f:22:92:ec:ae:c4:51:a0:5c:e4:76:fc:4b:98:93:87:a5:
         07:32:8a:29:b7:20:08:8a:85:80:8d:ee:b8:2e:45:e6:02:91:
         52:59:2c:83:4b:be:e6:82:4f:2b:c3:4c:ed:0c:b1:76:df:04:
         42:a4:34:cf:c7:4b:27:10:67:1a:de:e3:6d:ed:d3:99:5a:a1:
         59:21:4d:5b:8d:2e:f8:53:5d:75:3f:46:03:79:41:fe:19:0e:
         f2:93:b1:24:f2:90:70:30:a6:be:36:4b:af:b4:25:42:96:85:
         c1:89:f9:91:84:c2:92:0c:80:4e:1d:16:19:82:67:7d:08:28:
         40:e6:29:0d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURfjLVOGLRoUyawsH0/a9NjSnPGgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDExMDExNTUxNDFaFw0yNTEwMzExNTU2NDFaMDMxMTAvBgNV
BAMTKEJBRkRFNUEzRjRDNTIxMzEzODE2RjkzQzA2QTk0RkQ2QzA0MUZDMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxgLo7cqKn6Ykg0Gfu9nQmIf6g
NS5ld4df2BdH+DeX+nPZMAc86SlDgZMAWig1UWALfKfQ4cOzyUTmvS7K2Dk8cto9
yvEPTIE8kOCoJnoRc+sq1UubsO+aWrgtKRohOH8IQb0q4YdUgfMMg5jplGqEwXmx
rQpQ4w4/Af3IaSPI+1rPP4e0c3p6YmJ7snB9Hc77OiAhKh+nlcGJriApg1D7Zoas
JbgnqJN1dtEmNOjWyK5Mvid1AcjWoWwPSRqDdNH71e7zIh5X1UgMLWkE7MOXMMcM
k5FvhJKuavflAgfdm4UrFlNr5CTB0l/Db/k3Y2e/KIxAxfuPctaHGe8k/j91AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuv3lo/TFITE4Fvk8BqlP1sBB/BIwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNTM3MzMzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rDANBgkqhkiG9w0BAQsFAAOCAQEAOTr11Ph57/JoUoeRfyCUo7phyeWGQXxpMt9r
z0lmLwuh04igraDwIGerOxYXSC/2hRrRlYPUKYnaUYFum/tBXayNMOyHRGAFWEo0
vV4W+wkGfiT44BzznZSLMzFLarDEw6TRubN50vA3CYgR82PnzHAI6fmsUdbaMieD
1mTsjj8ikuyuxFGgXOR2/EuYk4elBzKKKbcgCIqFgI3uuC5F5gKRUlksg0u+5oJP
K8NM7Qyxdt8EQqQ0z8dLJxBnGt7jbe3TmVqhWSFNW40u+FNddT9GA3lB/hkO8pOx
JPKQcDCmvjZLr7QlQpaFwYn5kYTCkgyATh0WGYJnfQgoQOYpDQ==
-----END CERTIFICATE-----