Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/34352e3135342e362e302f32332d3234203d3e20383334.roa
File:                     34352e3135342e362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          sWkagS+tsZkguUPrl5oOjRPyeK8JwVWo/VAAjL9On8s=
Subject key identifier:   A5:81:EC:74:85:9A:A9:CD:88:C0:AC:1A:B5:EC:83:EE:91:D3:FD:E8
Certificate issuer:       /CN=da90910c27e0a78d5f8a404e69c260275561c59b
Certificate serial:       31E5AB7A7375D9373A19B87FC039EB8CFA6752DE
Authority key identifier: DA:90:91:0C:27:E0:A7:8D:5F:8A:40:4E:69:C2:60:27:55:61:C5:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2pCRDCfgp41fikBOacJgJ1VhxZs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/34352e3135342e362e302f32332d3234203d3e20383334.roa
Signing time:             Sat 03 Jun 2023 00:00:11 +0000
ROA not before:           Fri 02 Jun 2023 23:55:11 +0000
ROA not after:            Sat 01 Jun 2024 00:00:11 +0000
asID:                     834
IP address blocks:        45.154.6.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/DA90910C27E0A78D5F8A404E69C260275561C59B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/DA90910C27E0A78D5F8A404E69C260275561C59B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2pCRDCfgp41fikBOacJgJ1VhxZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:e5:ab:7a:73:75:d9:37:3a:19:b8:7f:c0:39:eb:8c:fa:67:52:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da90910c27e0a78d5f8a404e69c260275561c59b
        Validity
            Not Before: Jun  2 23:55:11 2023 GMT
            Not After : Jun  1 00:00:11 2024 GMT
        Subject: CN=A581EC74859AA9CD88C0AC1AB5EC83EE91D3FDE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d4:d8:5f:c6:cd:4c:c4:a2:08:f0:b0:e0:75:
                    96:fb:ea:52:f3:d6:60:4a:99:82:92:84:9e:ac:6d:
                    35:2b:07:7c:b6:14:a0:13:82:b0:6a:02:02:5d:8d:
                    3b:f8:d3:ad:d5:e2:e7:24:29:39:c7:b0:58:ab:36:
                    b2:84:c2:58:3f:d9:78:9c:39:f7:4d:1b:7f:8a:5c:
                    74:c1:06:74:4b:86:30:e6:d2:60:9b:11:14:ab:38:
                    92:c9:b3:9f:a1:f3:ef:46:f4:88:19:99:a8:83:a0:
                    91:2d:df:1c:de:df:6d:a8:1b:6e:d7:3a:24:63:fd:
                    88:b2:a4:e0:98:5d:d7:7b:65:b2:a4:b8:c9:71:c7:
                    e5:7a:10:d0:a4:5b:b3:32:eb:d2:e0:86:eb:9c:6d:
                    36:54:0f:be:32:fa:ba:6a:2a:97:7e:cc:cc:47:cb:
                    3d:ef:7c:90:cb:ca:6a:38:9d:da:9f:74:c8:aa:b6:
                    b8:41:3a:be:72:28:6b:88:8e:61:12:e6:9f:18:58:
                    ee:c3:a3:0a:f0:56:76:02:2e:43:af:4e:42:5d:05:
                    07:37:e9:f6:c7:24:bd:f2:53:ec:20:a1:41:f2:9b:
                    a0:56:33:60:74:48:00:4c:fd:56:19:81:ba:d4:8c:
                    35:be:39:50:4f:8e:08:ee:65:bc:a9:d0:99:2b:1b:
                    20:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:81:EC:74:85:9A:A9:CD:88:C0:AC:1A:B5:EC:83:EE:91:D3:FD:E8
            X509v3 Authority Key Identifier:
                keyid:DA:90:91:0C:27:E0:A7:8D:5F:8A:40:4E:69:C2:60:27:55:61:C5:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/DA90910C27E0A78D5F8A404E69C260275561C59B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2pCRDCfgp41fikBOacJgJ1VhxZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d43cc54b-e7ff-4945-90bc-fd4761ccc302/0/34352e3135342e362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:e3:bb:cd:fa:5c:4a:13:7c:65:35:8d:04:57:3f:1d:e7:bf:
         7d:91:a1:eb:4b:20:e8:2d:d6:e8:5e:ba:23:3c:70:76:d7:59:
         a8:e3:04:45:cc:c1:b0:db:75:19:3d:5b:a0:c8:14:34:4f:77:
         0d:87:35:3d:41:f4:53:72:0d:57:4c:7f:da:40:99:a8:82:05:
         94:26:89:f8:2d:85:f6:60:06:51:b6:4a:05:6c:d2:84:28:ef:
         78:7e:b1:29:de:33:72:55:32:5d:a6:5c:ad:88:76:0d:6f:ca:
         6e:72:4e:24:19:70:b4:66:2c:60:f3:e9:43:6d:4d:e3:bd:08:
         b2:d2:0b:3e:8b:87:96:2f:18:b3:14:1b:3a:6b:2b:19:9f:7b:
         b7:26:36:49:55:98:9a:9f:5f:69:cc:09:37:c5:8c:31:c3:ad:
         25:f3:09:c2:e8:d1:ca:b5:45:3a:ac:11:5c:72:12:ac:8a:15:
         59:88:ee:9c:8f:15:35:60:78:ba:8e:57:b0:e8:b5:93:9b:1c:
         ae:97:fc:9f:21:9e:4b:07:b7:c8:6d:ff:0a:17:da:b4:ba:12:
         df:8e:d7:b8:30:34:ca:6a:4f:6b:9b:29:84:31:90:6a:fe:c0:
         9f:df:5b:56:c8:cc:ef:5f:63:2a:ce:17:ee:1f:fb:e9:c5:1a:
         14:99:b9:3b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUMeWrenN12Tc6Gbh/wDnrjPpnUt4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGE5MDkxMGMyN2UwYTc4ZDVmOGE0MDRlNjljMjYwMjc1
NTYxYzU5YjAeFw0yMzA2MDIyMzU1MTFaFw0yNDA2MDEwMDAwMTFaMDMxMTAvBgNV
BAMTKEE1ODFFQzc0ODU5QUE5Q0Q4OEMwQUMxQUI1RUM4M0VFOTFEM0ZERTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1Nhfxs1MxKII8LDgdZb76lLz
1mBKmYKShJ6sbTUrB3y2FKATgrBqAgJdjTv4063V4uckKTnHsFirNrKEwlg/2Xic
OfdNG3+KXHTBBnRLhjDm0mCbERSrOJLJs5+h8+9G9IgZmaiDoJEt3xze322oG27X
OiRj/YiypOCYXdd7ZbKkuMlxx+V6ENCkW7My69LghuucbTZUD74y+rpqKpd+zMxH
yz3vfJDLymo4ndqfdMiqtrhBOr5yKGuIjmES5p8YWO7DowrwVnYCLkOvTkJdBQc3
6fbHJL3yU+wgoUHym6BWM2B0SABM/VYZgbrUjDW+OVBPjgjuZbyp0JkrGyCrAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUpYHsdIWaqc2IwKwateyD7pHT/egwHwYDVR0j
BBgwFoAU2pCRDCfgp41fikBOacJgJ1VhxZswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDQzY2M1NGItZTdmZi00OTQ1LTkwYmMtZmQ0NzYxY2Nj
MzAyLzAvREE5MDkxMEMyN0UwQTc4RDVGOEE0MDRFNjlDMjYwMjc1NTYxQzU5Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJwQ1JEQ2ZncDQxZmlrQk9hY0pnSjFW
aHhacy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDQzY2M1NGIt
ZTdmZi00OTQ1LTkwYmMtZmQ0NzYxY2NjMzAyLzAvMzQzNTJlMzEzNTM0MmUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS2aBjANBgkq
hkiG9w0BAQsFAAOCAQEAhOO7zfpcShN8ZTWNBFc/Hee/fZGh60sg6C3W6F66Izxw
dtdZqOMERczBsNt1GT1boMgUNE93DYc1PUH0U3INV0x/2kCZqIIFlCaJ+C2F9mAG
UbZKBWzShCjveH6xKd4zclUyXaZcrYh2DW/KbnJOJBlwtGYsYPPpQ21N470IstIL
PouHli8YsxQbOmsrGZ97tyY2SVWYmp9facwJN8WMMcOtJfMJwujRyrVFOqwRXHIS
rIoVWYjunI8VNWB4uo5XsOi1k5scrpf8nyGeSwe3yG3/ChfatLoS347XuDA0ympP
a5sphDGQav7An99bVsjM719jKs4X7h/76cUaFJm5Ow==
-----END CERTIFICATE-----