Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e203133323133.roa
File:                     34352e38302e362e302f32342d3234203d3e203133323133.roa (raw, json)
Hash identifier:          UTH9IZsQtg880lTXNhoM/pQy1b7/oRrL+ZnGEa3Vc34=
Subject key identifier:   80:40:87:1A:EA:FE:E9:54:07:8F:43:E4:46:9C:36:E7:6A:B0:1C:50
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       5CCCCA20A106510EDE23F183457964D410D75807
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e203133323133.roa
Signing time:             Thu 12 Sep 2024 03:05:20 +0000
ROA not before:           Thu 12 Sep 2024 03:00:20 +0000
ROA not after:            Thu 11 Sep 2025 03:05:20 +0000
asID:                     13213
IP address blocks:        45.80.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:42:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:cc:ca:20:a1:06:51:0e:de:23:f1:83:45:79:64:d4:10:d7:58:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Sep 12 03:00:20 2024 GMT
            Not After : Sep 11 03:05:20 2025 GMT
        Subject: CN=8040871AEAFEE954078F43E4469C36E76AB01C50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e7:d4:d5:75:d0:69:7e:23:b1:0b:c7:1a:23:
                    74:2d:a7:95:5f:4f:a7:d5:7f:1b:7d:94:13:4f:96:
                    d3:ed:0e:c3:e3:fd:17:65:83:56:c9:77:34:d6:f2:
                    8a:ed:c0:17:50:4a:62:b4:b8:d8:b3:fc:19:d8:03:
                    c4:14:da:24:a2:fc:8e:b3:2e:a5:59:90:1c:38:47:
                    07:dc:02:8f:f6:df:ee:68:6d:8a:cc:2e:ab:7b:2e:
                    3b:f4:43:f9:0a:e8:12:75:d8:e3:08:85:cb:00:5f:
                    52:66:63:53:9b:02:e6:98:22:3f:7c:ee:d3:21:02:
                    9b:ed:0e:c7:c9:42:49:04:c5:15:51:64:d7:d9:b1:
                    74:5e:98:01:ac:d8:ef:de:5f:b3:e6:ee:fd:32:d3:
                    46:05:e6:23:af:71:c3:d2:13:d8:19:6a:c2:61:dc:
                    b8:45:09:6a:44:fe:db:21:0a:9e:6a:a7:27:06:6e:
                    c6:86:aa:62:e7:8d:2f:0d:fc:26:66:99:c2:53:5a:
                    26:1d:15:47:1b:67:d2:e0:71:7b:2a:b3:47:99:40:
                    08:a5:65:53:96:5e:82:66:e9:1d:64:be:70:f1:49:
                    9d:11:24:04:72:0d:2d:a9:7c:11:40:25:d0:ea:87:
                    51:2a:a1:28:06:d5:92:44:6b:8c:71:aa:23:5c:4c:
                    20:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:40:87:1A:EA:FE:E9:54:07:8F:43:E4:46:9C:36:E7:6A:B0:1C:50
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e203133323133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ed:df:b1:52:dc:e5:78:66:f2:c0:62:f3:db:cd:81:98:45:
         01:2b:19:b8:28:8f:9b:5e:9d:b5:46:e2:0c:29:85:da:30:95:
         2c:47:45:9f:71:7e:69:df:69:11:15:0e:8d:54:2a:04:df:8f:
         df:e0:64:5a:76:96:52:43:6f:38:1f:86:1c:31:07:3b:4d:14:
         0c:79:46:99:18:53:9f:65:0e:b6:2a:86:43:2b:ee:95:77:2b:
         b8:12:dc:60:18:c6:16:89:c4:e0:0d:53:a4:7a:48:cc:c3:31:
         f2:b8:52:01:46:46:54:6f:03:36:7c:5e:cb:65:c0:a0:c1:fe:
         8a:b9:0e:0d:98:5e:8a:af:09:fc:83:4f:5e:fa:94:97:00:cd:
         22:a4:80:37:7c:07:cd:c4:1e:74:d1:d6:e6:69:85:87:95:c2:
         b9:5a:8b:1a:1c:77:f0:b2:d7:47:f3:c2:2f:12:0d:c7:9e:4b:
         e3:3d:70:87:b9:ab:6c:e6:e5:8d:08:67:92:c5:37:8e:e8:74:
         77:be:4f:15:3f:4f:66:84:40:17:3a:7e:aa:9c:77:87:aa:6a:
         92:01:ba:4f:7d:33:49:13:b6:f3:9a:fb:b9:a7:e0:0c:a1:2f:
         71:a0:c3:52:24:e2:d5:0d:b8:c5:4a:b6:f5:ff:66:1e:f6:1d:
         71:dc:01:e6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUXMzKIKEGUQ7eI/GDRXlk1BDXWAcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNDA5MTIwMzAwMjBaFw0yNTA5MTEwMzA1MjBaMDMxMTAvBgNV
BAMTKDgwNDA4NzFBRUFGRUU5NTQwNzhGNDNFNDQ2OUMzNkU3NkFCMDFDNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC259TVddBpfiOxC8caI3Qtp5Vf
T6fVfxt9lBNPltPtDsPj/Rdlg1bJdzTW8ortwBdQSmK0uNiz/BnYA8QU2iSi/I6z
LqVZkBw4RwfcAo/23+5obYrMLqt7Ljv0Q/kK6BJ12OMIhcsAX1JmY1ObAuaYIj98
7tMhApvtDsfJQkkExRVRZNfZsXRemAGs2O/eX7Pm7v0y00YF5iOvccPSE9gZasJh
3LhFCWpE/tshCp5qpycGbsaGqmLnjS8N/CZmmcJTWiYdFUcbZ9LgcXsqs0eZQAil
ZVOWXoJm6R1kvnDxSZ0RJARyDS2pfBFAJdDqh1EqoSgG1ZJEa4xxqiNcTCCzAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUgECHGur+6VQHj0PkRpw252qwHFAwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzIzMTMzLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAGMA0G
CSqGSIb3DQEBCwUAA4IBAQAT7d+xUtzleGbywGLz282BmEUBKxm4KI+bXp21RuIM
KYXaMJUsR0WfcX5p32kRFQ6NVCoE34/f4GRadpZSQ284H4YcMQc7TRQMeUaZGFOf
ZQ62KoZDK+6Vdyu4EtxgGMYWicTgDVOkekjMwzHyuFIBRkZUbwM2fF7LZcCgwf6K
uQ4NmF6Krwn8g09e+pSXAM0ipIA3fAfNxB500dbmaYWHlcK5WosaHHfwstdH88Iv
Eg3HnkvjPXCHuats5uWNCGeSxTeO6HR3vk8VP09mhEAXOn6qnHeHqmqSAbpPfTNJ
E7bzmvu5p+AMoS9xoMNSJOLVDbjFSrb1/2Ye9h1x3AHm
-----END CERTIFICATE-----