Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e203133323133.roa
File:                     34352e38302e362e302f32342d3234203d3e203133323133.roa (raw, json)
Hash identifier:          cDjPedEICAIuGCA9dctUJb9B2ry+ikvX2PPvHLA25Gg=
Subject key identifier:   2F:42:D1:BA:D1:12:48:C3:12:B3:A6:3F:FD:E1:28:3F:DC:D0:20:1E
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       0CDB1E866B8A49DAC09B128C88EBD5E256955B4F
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e203133323133.roa
Signing time:             Thu 12 Oct 2023 02:07:05 +0000
ROA not before:           Thu 12 Oct 2023 02:02:05 +0000
ROA not after:            Thu 10 Oct 2024 02:07:05 +0000
asID:                     13213
IP address blocks:        45.80.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:db:1e:86:6b:8a:49:da:c0:9b:12:8c:88:eb:d5:e2:56:95:5b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Oct 12 02:02:05 2023 GMT
            Not After : Oct 10 02:07:05 2024 GMT
        Subject: CN=2F42D1BAD11248C312B3A63FFDE1283FDCD0201E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3b:9d:b7:22:39:dc:df:9d:10:1b:94:06:03:
                    26:14:7f:02:89:f4:75:44:13:ef:44:d0:2d:ce:2f:
                    51:6f:e6:ae:89:cf:7a:0f:2e:46:73:29:30:0b:d1:
                    0a:8c:b5:c1:0a:33:47:a0:d2:50:84:1b:c4:d3:ae:
                    c9:08:56:23:1b:65:7d:e9:4a:b4:6f:63:96:a0:41:
                    de:cc:60:02:60:1e:4d:3e:45:0f:83:11:31:f8:3a:
                    4c:b8:4f:aa:f8:d6:a7:f0:27:b2:be:1e:ed:df:04:
                    88:cd:a7:56:3a:7b:41:4c:a3:1e:2d:aa:14:b9:a3:
                    b1:54:f1:3a:45:73:58:6b:ed:23:e8:01:cd:c5:a7:
                    2f:b5:7e:79:1e:b1:74:d9:22:cc:32:c7:9c:2e:2d:
                    10:97:ab:bd:85:e1:5d:a9:a1:09:af:44:eb:49:d2:
                    80:9e:c5:da:e6:2b:76:43:c6:58:7d:c6:3d:b2:df:
                    ec:44:d2:3c:34:d1:3a:8b:eb:f1:b7:7f:0f:6e:27:
                    b0:11:ed:85:2c:5c:79:90:1e:41:bc:d2:e0:01:fc:
                    33:5e:44:70:ee:62:06:e7:76:cd:4d:90:2d:cf:31:
                    9f:03:27:9c:9e:81:c0:c4:d1:06:08:44:33:6d:de:
                    a0:5f:0a:a9:6d:4b:6b:44:f6:1f:74:6f:6c:0a:e6:
                    69:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:42:D1:BA:D1:12:48:C3:12:B3:A6:3F:FD:E1:28:3F:DC:D0:20:1E
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e203133323133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:0e:f2:50:e7:99:ca:55:78:30:9a:3b:f2:b3:f8:ce:a4:3e:
         91:df:e3:4e:58:a1:29:08:ff:45:4f:78:ae:07:36:42:c1:da:
         37:cd:31:75:7c:51:14:6d:31:12:96:8f:1d:87:09:00:63:12:
         0b:e4:b5:bf:5a:fd:f0:97:6f:0c:57:a3:f7:12:88:e4:18:e7:
         29:f5:63:2e:7c:9e:5b:37:07:d3:14:df:dd:f7:83:0f:09:c1:
         0f:65:11:d5:24:16:b8:ba:77:05:cc:06:2a:04:88:0b:c8:7f:
         ce:2c:c5:da:46:96:7c:2c:94:7a:e7:3d:14:7d:64:08:8a:f0:
         17:df:cc:7a:51:56:cc:1c:47:0f:20:b8:2d:11:c9:c7:40:c0:
         9b:48:29:5b:6c:12:c3:ae:f7:e3:db:94:dc:14:06:96:95:b0:
         60:49:7e:78:f8:78:27:07:1c:7e:95:f6:94:b1:5c:43:e2:83:
         15:85:b0:27:c3:6e:73:d1:2e:22:18:43:a9:f4:1f:f0:0b:f7:
         c9:b2:04:91:50:6d:65:0c:f3:b5:e5:71:6e:8f:52:33:a1:8c:
         78:fb:59:22:c5:c5:ca:b8:5e:54:f1:29:b6:11:e3:18:f8:26:
         8c:af:53:0b:b9:f8:f8:fd:ca:d0:38:08:ac:46:58:db:40:8d:
         06:b9:39:5d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDNsehmuKSdrAmxKMiOvV4laVW08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yMzEwMTIwMjAyMDVaFw0yNDEwMTAwMjA3MDVaMDMxMTAvBgNV
BAMTKDJGNDJEMUJBRDExMjQ4QzMxMkIzQTYzRkZERTEyODNGRENEMDIwMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoO523Ijnc350QG5QGAyYUfwKJ
9HVEE+9E0C3OL1Fv5q6Jz3oPLkZzKTAL0QqMtcEKM0eg0lCEG8TTrskIViMbZX3p
SrRvY5agQd7MYAJgHk0+RQ+DETH4Oky4T6r41qfwJ7K+Hu3fBIjNp1Y6e0FMox4t
qhS5o7FU8TpFc1hr7SPoAc3Fpy+1fnkesXTZIswyx5wuLRCXq72F4V2poQmvROtJ
0oCexdrmK3ZDxlh9xj2y3+xE0jw00TqL6/G3fw9uJ7AR7YUsXHmQHkG80uAB/DNe
RHDuYgbnds1NkC3PMZ8DJ5yegcDE0QYIRDNt3qBfCqltS2tE9h90b2wK5ml3AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUL0LRutESSMMSs6Y//eEoP9zQIB4wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzIzMTMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAGMA0G
CSqGSIb3DQEBCwUAA4IBAQB3DvJQ55nKVXgwmjvys/jOpD6R3+NOWKEpCP9FT3iu
BzZCwdo3zTF1fFEUbTESlo8dhwkAYxIL5LW/Wv3wl28MV6P3EojkGOcp9WMufJ5b
NwfTFN/d94MPCcEPZRHVJBa4uncFzAYqBIgLyH/OLMXaRpZ8LJR65z0UfWQIivAX
38x6UVbMHEcPILgtEcnHQMCbSClbbBLDrvfj25TcFAaWlbBgSX54+HgnBxx+lfaU
sVxD4oMVhbAnw25z0S4iGEOp9B/wC/fJsgSRUG1lDPO15XFuj1IzoYx4+1kixcXK
uF5U8Sm2EeMY+CaMr1MLufj4/crQOAisRljbQI0GuTld
-----END CERTIFICATE-----