Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203136323736.roa
File:                     34352e3135302e342e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          9mHnd00uunafGA8q/TVJFJFPW9fb4JWq02s0Qp84WEA=
Subject key identifier:   83:EE:21:7F:97:37:32:9E:60:47:2C:AC:CC:5B:F0:80:D6:AD:6B:BF
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       530838CDD66ADE80B6EA9E1FB19D667A92A4BA71
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203136323736.roa
Signing time:             Sun 10 Nov 2024 19:42:35 +0000
ROA not before:           Sun 10 Nov 2024 19:37:35 +0000
ROA not after:            Sun 09 Nov 2025 19:42:35 +0000
asID:                     16276
IP address blocks:        45.150.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:08:38:cd:d6:6a:de:80:b6:ea:9e:1f:b1:9d:66:7a:92:a4:ba:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Nov 10 19:37:35 2024 GMT
            Not After : Nov  9 19:42:35 2025 GMT
        Subject: CN=83EE217F9737329E60472CACCC5BF080D6AD6BBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:59:0e:a3:58:aa:d7:98:ca:c4:bc:e9:81:a1:
                    ca:9b:a2:90:6b:c2:c1:45:c9:c9:ff:de:d3:54:cb:
                    ca:29:07:6d:16:b4:47:84:81:2a:3a:da:24:4f:cc:
                    94:2a:c7:6f:ae:8f:26:eb:20:84:55:4e:f6:b1:32:
                    38:36:82:32:7a:bf:e2:b6:b2:77:aa:57:26:fc:d6:
                    49:ed:f1:3b:d8:79:72:75:4b:9c:d9:91:36:c3:9b:
                    e0:07:94:01:b2:c3:be:b7:d9:46:f3:d9:80:11:ca:
                    89:31:d7:0c:0d:46:7e:04:77:08:14:16:5d:39:43:
                    1d:83:de:55:ec:3a:05:8c:75:a0:90:4b:20:df:19:
                    d1:6a:73:52:a4:19:c4:7f:3e:92:ee:08:91:c0:96:
                    e0:6b:f3:7b:3e:ed:82:f7:2c:92:fd:2a:ba:12:c5:
                    81:35:dc:7f:d8:04:01:ff:a2:5b:f3:64:73:63:08:
                    23:cd:4b:8d:67:00:3d:2b:6f:75:e6:77:9d:f1:ad:
                    c6:5e:2b:b0:ad:a0:be:67:b1:23:a2:0e:96:03:e3:
                    e4:f7:c4:b2:cf:b3:a9:c2:d5:9e:dd:45:b6:ae:c5:
                    98:35:e8:e2:8c:12:52:3e:e7:7c:84:c7:7e:b6:67:
                    58:ef:32:67:c6:29:fe:3e:4d:ab:07:e5:34:c3:1b:
                    7d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:EE:21:7F:97:37:32:9E:60:47:2C:AC:CC:5B:F0:80:D6:AD:6B:BF
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:29:c7:69:2a:ac:4f:a2:30:2c:ef:5e:d7:20:73:5a:4f:5c:
         44:b1:ba:3a:47:31:b3:d3:ca:1c:df:b5:e1:40:17:86:55:81:
         10:d2:42:3a:a6:de:17:39:bc:29:00:2d:58:e1:f5:d9:85:9a:
         1a:7b:c9:8c:70:a1:3b:a4:d3:0a:a6:42:76:e2:a7:c7:5d:1a:
         57:82:c6:b0:d1:ac:24:67:60:38:0a:9c:b6:9a:e1:f9:21:56:
         93:83:a7:9f:f1:84:d8:00:c2:97:02:e3:2d:0d:9e:01:a9:96:
         29:2c:cb:2a:f6:97:3b:7f:c5:0a:8b:24:4b:ec:04:96:ea:51:
         a1:1c:78:1a:4c:f0:50:c2:9d:1f:d1:fa:e3:65:08:72:9f:03:
         b4:cf:d5:5d:37:c3:d0:97:4f:22:f7:ea:31:a1:bd:79:3c:78:
         b1:e0:c9:02:b7:6a:29:27:90:02:04:3d:c9:70:a8:4c:73:bd:
         77:97:50:37:fe:3f:c9:07:6a:0b:5f:6c:7c:94:b1:84:a3:37:
         20:b2:13:49:a7:58:e4:e5:cc:ae:ee:9b:95:52:93:c3:d4:4b:
         89:c4:d0:58:f9:eb:f6:43:e8:36:ea:5c:81:61:ac:50:32:73:
         46:09:a7:1e:d2:58:ef:b5:7b:4c:b8:a3:f5:43:82:11:60:27:
         0e:e8:1f:b9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUwg4zdZq3oC26p4fsZ1mepKkunEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNDExMTAxOTM3MzVaFw0yNTExMDkxOTQyMzVaMDMxMTAvBgNV
BAMTKDgzRUUyMTdGOTczNzMyOUU2MDQ3MkNBQ0NDNUJGMDgwRDZBRDZCQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WQ6jWKrXmMrEvOmBocqbopBr
wsFFycn/3tNUy8opB20WtEeEgSo62iRPzJQqx2+ujybrIIRVTvaxMjg2gjJ6v+K2
sneqVyb81knt8TvYeXJ1S5zZkTbDm+AHlAGyw7632Ubz2YARyokx1wwNRn4EdwgU
Fl05Qx2D3lXsOgWMdaCQSyDfGdFqc1KkGcR/PpLuCJHAluBr83s+7YL3LJL9KroS
xYE13H/YBAH/olvzZHNjCCPNS41nAD0rb3Xmd53xrcZeK7CtoL5nsSOiDpYD4+T3
xLLPs6nC1Z7dRbauxZg16OKMElI+53yEx362Z1jvMmfGKf4+TasH5TTDG33lAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUg+4hf5c3Mp5gRyyszFvwgNata78wHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzMjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlgQw
DQYJKoZIhvcNAQELBQADggEBAHopx2kqrE+iMCzvXtcgc1pPXESxujpHMbPTyhzf
teFAF4ZVgRDSQjqm3hc5vCkALVjh9dmFmhp7yYxwoTuk0wqmQnbip8ddGleCxrDR
rCRnYDgKnLaa4fkhVpODp5/xhNgAwpcC4y0NngGpliksyyr2lzt/xQqLJEvsBJbq
UaEceBpM8FDCnR/R+uNlCHKfA7TP1V03w9CXTyL36jGhvXk8eLHgyQK3aiknkAIE
PclwqExzvXeXUDf+P8kHagtfbHyUsYSjNyCyE0mnWOTlzK7um5VSk8PUS4nE0Fj5
6/ZD6DbqXIFhrFAyc0YJpx7SWO+1e0y4o/VDghFgJw7oH7k=
-----END CERTIFICATE-----