Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/34352e3135342e342e302f32342d3234203d3e20383334.roa
File:                     34352e3135342e342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Bq/4UsiQqUAjVtKyfwMorANTW2aYVj8J4b8/EZKAngc=
Subject key identifier:   CD:CB:A2:66:A5:12:53:DA:4D:0B:92:2C:B1:98:79:62:1E:D2:C7:CB
Certificate issuer:       /CN=da90910c27e0a78d5f8a404e69c260275561c59b
Certificate serial:       03BAE753B464A6D4504A7315EB511EAF16B72DB3
Authority key identifier: DA:90:91:0C:27:E0:A7:8D:5F:8A:40:4E:69:C2:60:27:55:61:C5:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2pCRDCfgp41fikBOacJgJ1VhxZs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/34352e3135342e342e302f32342d3234203d3e20383334.roa
Signing time:             Wed 05 Jul 2023 00:00:09 +0000
ROA not before:           Tue 04 Jul 2023 23:55:09 +0000
ROA not after:            Wed 03 Jul 2024 00:00:09 +0000
asID:                     834
IP address blocks:        45.154.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/DA90910C27E0A78D5F8A404E69C260275561C59B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/DA90910C27E0A78D5F8A404E69C260275561C59B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2pCRDCfgp41fikBOacJgJ1VhxZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ba:e7:53:b4:64:a6:d4:50:4a:73:15:eb:51:1e:af:16:b7:2d:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da90910c27e0a78d5f8a404e69c260275561c59b
        Validity
            Not Before: Jul  4 23:55:09 2023 GMT
            Not After : Jul  3 00:00:09 2024 GMT
        Subject: CN=CDCBA266A51253DA4D0B922CB19879621ED2C7CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b1:bc:16:49:ad:55:64:be:06:9b:2a:d7:21:
                    58:8e:4d:52:66:d0:72:4a:b0:6c:8d:de:66:ec:7d:
                    9d:aa:80:6b:74:2b:52:08:27:80:21:e9:7a:cd:78:
                    5f:e0:1b:a4:3a:b4:cc:ef:15:91:b9:71:ee:d6:77:
                    6f:fd:f1:2e:42:47:af:77:8b:0b:7e:ce:4f:38:25:
                    88:4a:df:02:95:11:5c:cb:8d:b3:53:8c:f4:72:79:
                    5f:cf:7c:ba:c4:b1:8c:e2:20:e2:f3:41:93:79:8b:
                    61:30:fc:e7:16:0a:85:bc:f2:07:a6:00:30:5f:7b:
                    04:21:50:aa:16:29:0b:12:36:8b:cc:5f:a6:ff:5b:
                    c0:94:98:1b:1f:17:79:a5:1d:be:f9:b3:c1:ed:08:
                    df:98:56:db:28:39:c4:52:aa:f0:95:f3:c6:4b:98:
                    8c:da:4b:2d:68:2f:49:81:66:78:db:85:2d:66:50:
                    a9:8c:e0:b4:fa:68:0d:95:aa:bd:4b:f8:36:f6:d7:
                    61:ff:bd:51:88:dc:04:69:27:2d:09:9a:1d:bf:40:
                    cb:94:04:2d:65:7e:28:0a:7e:58:c8:9e:b5:a3:95:
                    8b:d8:4c:26:80:df:3b:ab:7f:f5:97:f3:79:65:9f:
                    5b:1e:03:cd:bc:71:6b:1a:62:24:e1:92:18:1c:b1:
                    aa:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CB:A2:66:A5:12:53:DA:4D:0B:92:2C:B1:98:79:62:1E:D2:C7:CB
            X509v3 Authority Key Identifier:
                keyid:DA:90:91:0C:27:E0:A7:8D:5F:8A:40:4E:69:C2:60:27:55:61:C5:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/DA90910C27E0A78D5F8A404E69C260275561C59B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pCRDCfgp41fikBOacJgJ1VhxZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/34352e3135342e342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:9f:6d:2d:d8:ee:18:e0:72:6b:b1:d0:d7:c5:1f:3e:af:83:
         57:71:aa:fb:d6:a4:b9:db:3b:42:47:c6:2b:50:e1:8f:d7:c3:
         77:51:ea:92:12:5d:6b:87:74:51:b4:1c:50:ac:4a:b2:92:b4:
         12:6b:1b:dd:2d:5f:86:62:72:5b:7c:c5:58:8f:31:e1:b5:ab:
         74:0c:cb:bc:cb:ab:a1:e7:ec:05:5d:2a:aa:8d:90:3c:ba:b6:
         2f:8e:93:60:e1:56:34:79:63:33:24:e7:c2:0e:28:6f:47:00:
         f6:40:e4:be:78:41:65:f2:95:c0:e7:cd:88:a9:2a:01:97:8e:
         08:68:17:ea:34:6b:10:d3:b0:81:ae:89:a0:cf:75:15:97:07:
         f6:b4:66:c9:69:6c:66:24:4e:b1:54:f0:73:1b:31:8d:8b:de:
         36:a1:a3:e4:6d:c1:8f:97:a0:75:7a:0f:c9:2c:e6:1d:43:99:
         36:fb:31:77:65:6c:93:2c:a6:d5:74:00:30:ce:2d:14:c0:21:
         9d:ee:3e:84:51:c7:29:af:83:a8:ae:c9:ca:42:e9:18:6b:d1:
         37:7b:34:7d:de:02:dc:03:cb:d4:34:5e:2a:84:c3:27:67:ab:
         ab:20:dd:76:c2:1d:4b:64:e1:4c:35:49:33:84:22:96:84:46:
         be:78:1a:8b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUA7rnU7RkptRQSnMV61Eerxa3LbMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGE5MDkxMGMyN2UwYTc4ZDVmOGE0MDRlNjljMjYwMjc1
NTYxYzU5YjAeFw0yMzA3MDQyMzU1MDlaFw0yNDA3MDMwMDAwMDlaMDMxMTAvBgNV
BAMTKENEQ0JBMjY2QTUxMjUzREE0RDBCOTIyQ0IxOTg3OTYyMUVEMkM3Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYsbwWSa1VZL4GmyrXIViOTVJm
0HJKsGyN3mbsfZ2qgGt0K1IIJ4Ah6XrNeF/gG6Q6tMzvFZG5ce7Wd2/98S5CR693
iwt+zk84JYhK3wKVEVzLjbNTjPRyeV/PfLrEsYziIOLzQZN5i2Ew/OcWCoW88gem
ADBfewQhUKoWKQsSNovMX6b/W8CUmBsfF3mlHb75s8HtCN+YVtsoOcRSqvCV88ZL
mIzaSy1oL0mBZnjbhS1mUKmM4LT6aA2Vqr1L+Db212H/vVGI3ARpJy0Jmh2/QMuU
BC1lfigKfljInrWjlYvYTCaA3zurf/WX83lln1seA828cWsaYiThkhgcsaoPAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUzcuiZqUSU9pNC5IssZh5Yh7Sx8swHwYDVR0j
BBgwFoAU2pCRDCfgp41fikBOacJgJ1VhxZswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDQzY2M1NGItZTdmZi00OTQ1LTkwYmMtZmQ0NzYxY2Nj
MzAyLzAvREE5MDkxMEMyN0UwQTc4RDVGOEE0MDRFNjlDMjYwMjc1NTYxQzU5Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJwQ1JEQ2ZncDQxZmlrQk9hY0pnSjFW
aHhacy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDQzY2M1NGIt
ZTdmZi00OTQ1LTkwYmMtZmQ0NzYxY2NjMzAyLzAvMzQzNTJlMzEzNTM0MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2aBDANBgkq
hkiG9w0BAQsFAAOCAQEAB59tLdjuGOBya7HQ18UfPq+DV3Gq+9akuds7QkfGK1Dh
j9fDd1HqkhJda4d0UbQcUKxKspK0Emsb3S1fhmJyW3zFWI8x4bWrdAzLvMuroefs
BV0qqo2QPLq2L46TYOFWNHljMyTnwg4ob0cA9kDkvnhBZfKVwOfNiKkqAZeOCGgX
6jRrENOwga6JoM91FZcH9rRmyWlsZiROsVTwcxsxjYveNqGj5G3Bj5egdXoPySzm
HUOZNvsxd2Vskyym1XQAMM4tFMAhne4+hFHHKa+DqK7JykLpGGvRN3s0fd4C3APL
1DReKoTDJ2erqyDddsIdS2ThTDVJM4QiloRGvngaiw==
-----END CERTIFICATE-----