Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa
File:                     34352e38302e342e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          m5qEGwTWA0BsIVJ8QluKa4rxXqZrttPNHEQorCS21pk=
Subject key identifier:   8E:17:91:C7:5C:C6:8B:88:5F:10:61:F2:EC:6E:0E:D1:5F:9A:49:1E
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       5543A4CA6122623B1C32E643C32EBBEA7A830136
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa
Signing time:             Thu 06 Mar 2025 11:53:55 +0000
ROA not before:           Thu 06 Mar 2025 11:48:55 +0000
ROA not after:            Thu 05 Mar 2026 11:53:55 +0000
asID:                     212238
IP address blocks:        45.80.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:42:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:43:a4:ca:61:22:62:3b:1c:32:e6:43:c3:2e:bb:ea:7a:83:01:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar  6 11:48:55 2025 GMT
            Not After : Mar  5 11:53:55 2026 GMT
        Subject: CN=8E1791C75CC68B885F1061F2EC6E0ED15F9A491E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:70:70:fb:7a:09:65:70:f6:7e:7c:a9:b2:f2:
                    4e:78:af:23:4d:40:d1:96:9b:d2:2b:ae:6e:b9:0c:
                    a6:22:c8:76:ed:f3:91:b2:df:a3:64:33:52:d8:b7:
                    e2:ea:ba:c9:a5:7a:ac:51:c0:63:16:00:5d:0a:af:
                    7f:af:59:b5:22:93:ff:a7:bf:03:bf:30:ea:f9:b0:
                    e6:34:26:9d:3e:26:e4:c0:11:d6:6b:e8:4e:2d:fd:
                    ae:60:b0:e0:47:d9:bb:0d:d4:35:e5:af:1b:2e:d7:
                    e2:e0:04:75:3c:9c:d2:64:98:b0:9c:c4:93:30:c1:
                    d7:76:a7:74:5a:09:88:88:b0:34:41:a6:80:ff:c0:
                    5f:4b:6e:6f:5f:77:4b:b8:38:7c:ed:9e:62:c5:42:
                    89:20:3f:14:8a:93:f5:87:cc:f7:16:b1:c5:bf:32:
                    da:dd:27:ee:68:2d:39:a6:46:6c:25:59:95:46:ad:
                    74:c8:a7:db:4d:d7:4b:13:22:f8:f4:50:01:19:4a:
                    18:fb:b4:35:e8:9d:fe:35:95:fb:b6:70:ce:06:18:
                    54:3d:22:1a:f0:42:f3:fe:39:93:0f:be:61:6b:45:
                    e3:99:41:35:4d:1a:92:72:0c:69:6e:16:90:7a:a0:
                    2d:ca:c3:d5:df:3b:27:7c:f7:32:82:c0:be:54:7f:
                    82:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:17:91:C7:5C:C6:8B:88:5F:10:61:F2:EC:6E:0E:D1:5F:9A:49:1E
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:65:7c:12:6e:fe:61:e4:f3:4b:92:fe:1d:aa:0b:47:3b:4b:
         1f:53:56:32:ed:5e:d8:c9:aa:35:cf:d5:a2:cd:8a:cc:71:06:
         d7:d1:c1:46:1e:1c:e7:a8:29:05:45:c5:99:9b:dc:5c:a2:01:
         8f:73:af:c3:6a:9d:c3:3d:a6:11:34:71:38:da:ba:51:5a:b0:
         4a:74:71:f1:1d:a2:ed:86:76:37:dd:a3:3c:ea:3c:f6:5f:78:
         a0:85:d1:c2:73:0d:85:cf:6c:77:73:f1:f7:2d:e4:58:6e:a9:
         de:02:51:9b:0f:82:20:de:84:06:1b:84:87:40:c9:79:dd:f1:
         5c:b2:36:57:b8:95:84:9b:3b:77:ab:59:01:5b:ac:46:61:48:
         a2:7b:66:bd:ca:fa:cd:2f:35:21:76:96:90:9e:6d:93:6b:6c:
         06:2a:dd:29:10:66:94:5f:c1:dd:40:71:d5:fd:55:cd:6f:6e:
         e6:ef:83:c3:0d:f2:f2:8f:d0:68:8c:a5:5b:0f:95:fc:b5:02:
         8a:67:f4:6e:e6:2e:c2:be:86:4b:ee:27:34:af:79:62:0c:3a:
         52:cb:56:10:0b:67:56:17:20:20:06:b8:b5:22:27:38:37:c0:
         5b:eb:13:13:74:83:28:ac:b3:8d:57:05:26:64:ff:55:f5:ee:
         32:57:78:b7
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVUOkymEiYjscMuZDwy676nqDATYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTAzMDYxMTQ4NTVaFw0yNjAzMDUxMTUzNTVaMDMxMTAvBgNV
BAMTKDhFMTc5MUM3NUNDNjhCODg1RjEwNjFGMkVDNkUwRUQxNUY5QTQ5MUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCocHD7egllcPZ+fKmy8k54ryNN
QNGWm9Irrm65DKYiyHbt85Gy36NkM1LYt+LqusmleqxRwGMWAF0Kr3+vWbUik/+n
vwO/MOr5sOY0Jp0+JuTAEdZr6E4t/a5gsOBH2bsN1DXlrxsu1+LgBHU8nNJkmLCc
xJMwwdd2p3RaCYiIsDRBpoD/wF9Lbm9fd0u4OHztnmLFQokgPxSKk/WHzPcWscW/
MtrdJ+5oLTmmRmwlWZVGrXTIp9tN10sTIvj0UAEZShj7tDXonf41lfu2cM4GGFQ9
IhrwQvP+OZMPvmFrReOZQTVNGpJyDGluFpB6oC3Kw9XfOyd89zKCwL5Uf4KVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjheRx1zGi4hfEGHy7G4O0V+aSR4wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUAQw
DQYJKoZIhvcNAQELBQADggEBAFhlfBJu/mHk80uS/h2qC0c7Sx9TVjLtXtjJqjXP
1aLNisxxBtfRwUYeHOeoKQVFxZmb3FyiAY9zr8NqncM9phE0cTjaulFasEp0cfEd
ou2GdjfdozzqPPZfeKCF0cJzDYXPbHdz8fct5Fhuqd4CUZsPgiDehAYbhIdAyXnd
8VyyNle4lYSbO3erWQFbrEZhSKJ7Zr3K+s0vNSF2lpCebZNrbAYq3SkQZpRfwd1A
cdX9Vc1vbubvg8MN8vKP0GiMpVsPlfy1Aopn9G7mLsK+hkvuJzSveWIMOlLLVhAL
Z1YXICAGuLUiJzg3wFvrExN0gyiss41XBSZk/1X17jJXeLc=
-----END CERTIFICATE-----