Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa
File:                     34352e38302e342e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          OCI+VRpcS3ZcpIURQQTRQt+yWluF8aa+P+JbEp2noVc=
Subject key identifier:   25:96:1F:1C:E6:A1:40:0D:58:58:CC:4C:F4:73:69:68:D5:FB:FB:FE
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       6E8E622676F61F2FAEFBB35932AC4681823E2ABC
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa
Signing time:             Thu 04 Apr 2024 11:05:14 +0000
ROA not before:           Thu 04 Apr 2024 11:00:14 +0000
ROA not after:            Thu 03 Apr 2025 11:05:14 +0000
asID:                     212238
IP address blocks:        45.80.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:8e:62:26:76:f6:1f:2f:ae:fb:b3:59:32:ac:46:81:82:3e:2a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr  4 11:00:14 2024 GMT
            Not After : Apr  3 11:05:14 2025 GMT
        Subject: CN=25961F1CE6A1400D5858CC4CF4736968D5FBFBFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f3:86:3f:b3:37:c8:f6:a4:21:da:c0:be:73:
                    ad:11:e4:e1:38:16:29:17:8a:1e:19:54:9c:cc:c9:
                    93:55:02:2f:70:5f:f9:fd:8a:67:39:a4:94:31:bc:
                    43:59:0e:97:22:1d:2c:58:24:3b:9f:38:8b:35:75:
                    20:90:8e:51:f0:30:60:7d:7c:6e:9c:a0:fd:b5:97:
                    7d:92:d3:26:0c:9f:eb:27:51:15:97:fc:73:f3:a9:
                    e3:7f:ca:0a:67:9b:29:4f:83:a3:a9:6b:0b:c8:67:
                    32:2d:08:3f:7d:f7:f2:02:14:6d:4b:37:d1:8d:80:
                    65:77:4d:33:99:11:bf:fa:c4:b3:cf:45:58:53:56:
                    9f:35:f0:bb:94:67:4d:26:86:27:29:83:b9:b0:1c:
                    be:54:2b:36:50:c9:ce:ed:00:1e:45:dc:76:d0:17:
                    12:20:44:00:e5:72:8c:2b:51:20:0e:1f:dd:cf:82:
                    b8:f1:ff:73:8b:d8:9d:79:10:94:f1:8c:0f:9f:9c:
                    4e:84:99:ca:df:50:7c:c6:d6:2d:e6:cf:88:4a:3d:
                    ad:01:d7:c8:9d:70:a4:09:80:35:40:d6:6e:34:19:
                    0b:98:ae:b7:57:ff:b1:84:10:38:b4:7d:15:bc:19:
                    60:f8:4a:ca:73:61:fa:be:17:0e:ce:f6:e3:cc:98:
                    c8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:96:1F:1C:E6:A1:40:0D:58:58:CC:4C:F4:73:69:68:D5:FB:FB:FE
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:15:43:e8:66:a1:1c:b7:30:de:06:73:21:37:ca:1b:5b:60:
         71:9f:4c:7b:4e:92:47:b4:a1:f7:7b:4d:a5:af:4d:d1:e1:c3:
         70:d7:ee:29:a4:21:c2:fc:72:c1:58:ac:2c:6b:57:b8:75:51:
         27:69:c6:a3:54:4d:e5:f5:89:86:91:ad:fc:7e:f6:02:63:5c:
         b3:dd:2e:33:de:41:c4:45:aa:22:80:b6:32:7c:12:ed:25:ae:
         65:c9:e5:6c:bf:e0:76:0b:56:a3:41:52:cf:d5:2a:67:34:72:
         4f:c8:54:22:99:eb:fb:c4:77:9f:80:1f:30:7d:f0:49:03:d9:
         74:f3:9c:b6:b1:48:dc:34:70:5f:48:1d:61:50:3f:19:27:78:
         0a:a1:41:57:86:74:ac:66:29:ff:09:0b:2b:4c:a6:a6:0b:a5:
         55:6a:9e:0e:af:b8:a1:06:f3:b5:ed:d8:52:70:2e:ce:4e:f2:
         cb:01:a2:56:9a:36:bc:04:85:c7:29:3f:94:92:6c:34:5c:68:
         d7:84:64:b5:15:f2:15:f8:f3:e9:33:77:fa:5c:c8:81:c3:b5:
         a0:33:9a:98:c6:7f:c3:a6:3a:4a:54:51:03:ad:87:91:17:d2:
         54:c9:90:15:f0:ca:8f:d2:d3:99:c6:78:58:b9:b6:a0:77:76:
         55:54:20:69
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbo5iJnb2Hy+u+7NZMqxGgYI+KrwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA0MDQxMTAwMTRaFw0yNTA0MDMxMTA1MTRaMDMxMTAvBgNV
BAMTKDI1OTYxRjFDRTZBMTQwMEQ1ODU4Q0M0Q0Y0NzM2OTY4RDVGQkZCRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ84Y/szfI9qQh2sC+c60R5OE4
FikXih4ZVJzMyZNVAi9wX/n9imc5pJQxvENZDpciHSxYJDufOIs1dSCQjlHwMGB9
fG6coP21l32S0yYMn+snURWX/HPzqeN/ygpnmylPg6OpawvIZzItCD999/ICFG1L
N9GNgGV3TTOZEb/6xLPPRVhTVp818LuUZ00mhicpg7mwHL5UKzZQyc7tAB5F3HbQ
FxIgRADlcowrUSAOH93Pgrjx/3OL2J15EJTxjA+fnE6EmcrfUHzG1i3mz4hKPa0B
18idcKQJgDVA1m40GQuYrrdX/7GEEDi0fRW8GWD4SspzYfq+Fw7O9uPMmMi9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJZYfHOahQA1YWMxM9HNpaNX7+/4wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUAQw
DQYJKoZIhvcNAQELBQADggEBAC4VQ+hmoRy3MN4GcyE3yhtbYHGfTHtOkke0ofd7
TaWvTdHhw3DX7imkIcL8csFYrCxrV7h1USdpxqNUTeX1iYaRrfx+9gJjXLPdLjPe
QcRFqiKAtjJ8Eu0lrmXJ5Wy/4HYLVqNBUs/VKmc0ck/IVCKZ6/vEd5+AHzB98EkD
2XTznLaxSNw0cF9IHWFQPxkneAqhQVeGdKxmKf8JCytMpqYLpVVqng6vuKEG87Xt
2FJwLs5O8ssBolaaNrwEhccpP5SSbDRcaNeEZLUV8hX48+kzd/pcyIHDtaAzmpjG
f8OmOkpUUQOth5EX0lTJkBXwyo/S05nGeFi5tqB3dlVUIGk=
-----END CERTIFICATE-----