Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e2037303138.roa
File:                     34352e3134362e3130372e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          8j++GR/bIkhz46rWtnfnzNYO+M5k7g44HhFXfUAC6TE=
Subject key identifier:   A3:70:A7:5B:90:6F:69:17:3C:48:D2:2A:9D:E8:AD:FA:B4:06:1F:51
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       446163C56DA056FB5B7A2B7EE20DF08B7C39468A
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e2037303138.roa
Signing time:             Thu 04 Apr 2024 11:05:14 +0000
ROA not before:           Thu 04 Apr 2024 11:00:14 +0000
ROA not after:            Thu 03 Apr 2025 11:05:14 +0000
asID:                     7018
IP address blocks:        45.146.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:61:63:c5:6d:a0:56:fb:5b:7a:2b:7e:e2:0d:f0:8b:7c:39:46:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:14 2024 GMT
            Not After : Apr  3 11:05:14 2025 GMT
        Subject: CN=A370A75B906F69173C48D22A9DE8ADFAB4061F51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:02:bc:df:40:82:b6:39:b7:dc:de:72:04:1d:
                    eb:60:22:00:8d:80:fa:1d:55:eb:62:32:59:cd:85:
                    ca:3c:08:57:b0:9f:61:85:01:10:49:f7:52:cb:24:
                    22:21:34:98:0a:59:2f:1c:a4:a5:9a:07:d3:8d:8b:
                    97:84:24:01:50:7c:29:67:ca:ff:97:d1:b5:16:b7:
                    42:ad:b3:bc:a1:fd:c4:8a:06:21:72:2e:1b:23:ee:
                    cf:78:c5:f8:36:7b:bc:76:c6:b6:18:a8:9b:c8:6e:
                    9c:3c:05:80:52:2b:2e:5d:ba:80:00:66:0a:19:a4:
                    66:62:5f:d5:74:f6:f2:e0:95:02:58:fd:6f:c3:fd:
                    0c:f8:a0:12:e9:67:74:14:7f:e7:b1:49:66:66:13:
                    b4:52:26:ad:6e:50:af:5b:0f:b2:d1:9d:b0:60:fe:
                    27:26:c9:43:1b:91:8e:33:01:c6:b7:63:6c:84:18:
                    14:c3:ae:72:2e:01:da:81:85:c1:c4:5f:2e:e6:4d:
                    3f:57:9e:5b:1d:c4:d8:0a:e9:e1:95:50:0c:15:9b:
                    c0:87:40:57:aa:76:8f:07:dd:da:33:ea:c1:24:86:
                    50:be:b7:2c:92:08:b3:d2:ce:ab:bf:d4:22:62:74:
                    5c:51:66:e0:3c:5d:c2:6d:1a:96:74:63:b2:a3:cf:
                    b0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:70:A7:5B:90:6F:69:17:3C:48:D2:2A:9D:E8:AD:FA:B4:06:1F:51
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:ed:1a:61:e5:84:92:1e:a0:91:e2:a5:d2:04:cb:20:80:9d:
         1c:c6:9e:14:77:05:a3:10:a0:27:d6:0e:5f:a3:53:66:27:00:
         82:aa:86:d8:8d:ac:58:db:9d:26:c5:41:55:fc:05:da:4b:34:
         cc:87:4a:ea:e6:f1:e1:a8:58:33:dc:b6:2b:94:d1:37:ac:24:
         0e:1a:7d:4a:09:88:2e:d3:c2:0a:b4:1a:b9:09:39:ee:81:ac:
         c8:60:e2:c4:e3:16:46:e1:da:53:36:75:23:e7:1a:ad:da:d2:
         22:d2:48:c0:b5:10:4e:1e:b4:57:fd:07:3f:0f:59:a1:cb:63:
         30:6f:94:68:2a:44:ee:65:d2:38:ea:46:3f:07:34:bc:76:37:
         24:10:04:41:0b:e6:34:56:2f:c1:9b:ac:ed:32:4f:50:b8:7a:
         f1:95:ee:79:8f:1c:e4:20:fc:3e:3b:9e:29:f8:66:33:76:58:
         9d:fb:5b:ba:c1:e1:fd:95:5e:c4:4e:50:f8:07:56:b9:90:12:
         26:9e:d4:7d:4e:67:eb:52:e0:09:43:a0:41:c7:c2:fb:0c:f4:
         94:e2:dc:cf:72:d8:07:f2:42:67:3c:b2:88:87:94:2a:27:57:
         98:d3:ff:f1:f6:07:9f:61:e9:7a:0b:4c:7a:f1:b5:8d:53:c6:
         44:97:e0:2b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURGFjxW2gVvtbeit+4g3wi3w5RoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTRaFw0yNTA0MDMxMTA1MTRaMDMxMTAvBgNV
BAMTKEEzNzBBNzVCOTA2RjY5MTczQzQ4RDIyQTlERThBREZBQjQwNjFGNTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ArzfQIK2Obfc3nIEHetgIgCN
gPodVetiMlnNhco8CFewn2GFARBJ91LLJCIhNJgKWS8cpKWaB9ONi5eEJAFQfCln
yv+X0bUWt0Kts7yh/cSKBiFyLhsj7s94xfg2e7x2xrYYqJvIbpw8BYBSKy5duoAA
ZgoZpGZiX9V09vLglQJY/W/D/Qz4oBLpZ3QUf+exSWZmE7RSJq1uUK9bD7LRnbBg
/icmyUMbkY4zAca3Y2yEGBTDrnIuAdqBhcHEXy7mTT9XnlsdxNgK6eGVUAwVm8CH
QFeqdo8H3doz6sEkhlC+tyySCLPSzqu/1CJidFxRZuA8XcJtGpZ0Y7Kjz7CZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUo3CnW5BvaRc8SNIqneit+rQGH1EwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzNDM2MmUzMTMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNzMwMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2S
azANBgkqhkiG9w0BAQsFAAOCAQEAR+0aYeWEkh6gkeKl0gTLIICdHMaeFHcFoxCg
J9YOX6NTZicAgqqG2I2sWNudJsVBVfwF2ks0zIdK6ubx4ahYM9y2K5TRN6wkDhp9
SgmILtPCCrQauQk57oGsyGDixOMWRuHaUzZ1I+cardrSItJIwLUQTh60V/0HPw9Z
octjMG+UaCpE7mXSOOpGPwc0vHY3JBAEQQvmNFYvwZus7TJPULh68ZXueY8c5CD8
PjueKfhmM3ZYnftbusHh/ZVexE5Q+AdWuZASJp7UfU5n61LgCUOgQcfC+wz0lOLc
z3LYB/JCZzyyiIeUKidXmNP/8fYHn2HpegtMevG1jVPGRJfgKw==
-----END CERTIFICATE-----