Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e362e302f32342d3234203d3e203538303631.roa
File:                     34352e3135302e362e302f32342d3234203d3e203538303631.roa (raw, json)
Hash identifier:          ZujLRBhcAaylT2jct3Y544NAE6KlaySAKXKPTdekmfU=
Subject key identifier:   82:D0:23:C9:86:11:5A:3A:02:E0:74:80:2C:5F:BE:BD:6C:77:02:90
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       60B957BAFF431F91EBFA00E81D6219161EA64323
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e362e302f32342d3234203d3e203538303631.roa
Signing time:             Tue 19 Mar 2024 11:51:39 +0000
ROA not before:           Tue 19 Mar 2024 11:46:39 +0000
ROA not after:            Tue 18 Mar 2025 11:51:39 +0000
asID:                     58061
IP address blocks:        45.150.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:b9:57:ba:ff:43:1f:91:eb:fa:00:e8:1d:62:19:16:1e:a6:43:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Mar 19 11:46:39 2024 GMT
            Not After : Mar 18 11:51:39 2025 GMT
        Subject: CN=82D023C986115A3A02E074802C5FBEBD6C770290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:87:ea:d5:3c:3a:c2:f9:5e:72:d5:27:4d:74:
                    de:eb:43:80:2a:6e:c7:67:3a:b7:f7:a8:57:0e:86:
                    58:2e:12:c7:10:4f:3f:32:ec:b6:0a:f0:94:2b:87:
                    6b:15:db:c6:d9:24:17:21:99:90:4c:a1:bf:ae:dd:
                    61:ce:2f:a6:a4:5f:c1:4c:2e:ea:7a:12:9c:d4:8b:
                    d0:cb:77:ee:63:49:ef:7a:db:57:2d:b9:a4:a8:56:
                    77:a6:1d:bb:bd:a4:ce:bb:2b:fa:eb:46:e9:53:ed:
                    4e:4d:0d:c8:f9:3d:c9:99:db:73:ae:4b:f5:b1:7b:
                    6d:9b:9a:4a:32:fb:7b:3b:18:5b:95:f7:8a:3b:66:
                    af:19:60:87:dd:76:61:61:b6:f0:c2:c1:7f:d9:09:
                    62:2a:27:47:c3:d7:11:ea:e5:b6:44:98:15:b6:71:
                    7b:c2:b4:a5:bd:0e:1d:9d:c8:a5:1e:36:0b:80:9b:
                    48:bc:99:9f:69:51:5d:e7:99:90:bc:5c:44:76:c8:
                    6c:58:76:90:13:9e:ff:7a:ce:c0:db:a0:00:45:bd:
                    b8:8c:58:68:ed:d9:6a:da:75:ea:62:8a:72:d8:5c:
                    f4:ae:04:53:ad:24:38:24:08:d2:3a:8d:1d:0b:b9:
                    19:64:8d:49:34:82:71:93:73:50:3b:4d:c0:5a:d0:
                    43:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D0:23:C9:86:11:5A:3A:02:E0:74:80:2C:5F:BE:BD:6C:77:02:90
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e362e302f32342d3234203d3e203538303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:cc:c8:5f:ff:74:04:12:26:9b:9f:0d:cd:16:46:d2:bf:5d:
         48:5c:69:43:c4:37:6c:70:c6:89:5c:88:65:ff:59:c6:a5:fa:
         60:e5:df:69:66:e4:f4:45:93:50:9d:94:2e:d3:5f:8a:c0:02:
         d5:48:e5:69:10:fc:ad:04:15:79:fe:61:30:62:df:1a:7c:62:
         46:f9:a2:65:3c:45:37:89:61:c9:5c:cb:bd:83:54:89:4a:1f:
         a2:7d:7e:fa:17:92:bd:90:99:70:a2:ab:57:02:d0:88:99:73:
         a8:05:47:16:a9:df:01:00:46:cc:31:de:2c:ca:07:7e:58:93:
         59:51:af:41:85:21:00:56:61:69:b8:5d:d8:8b:13:0f:ce:90:
         81:01:9c:2b:e3:02:ee:bf:91:fe:0b:06:1e:b4:8d:d0:70:1f:
         ff:2d:68:5e:c9:df:e0:c6:fb:8e:49:e5:b2:31:57:88:da:99:
         b7:d6:53:8c:8f:2d:11:a3:2a:70:58:f2:a2:d5:bb:de:d5:07:
         8b:06:78:95:29:5e:bb:e6:7a:01:1f:e1:6a:8e:34:e2:cc:a6:
         af:2d:cb:23:54:8a:ae:d8:4f:22:42:55:7c:02:84:f1:84:7e:
         09:0a:24:8f:af:41:7c:a0:90:5f:a8:81:73:95:2b:54:9c:b3:
         d9:88:c3:7b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYLlXuv9DH5Hr+gDoHWIZFh6mQyMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNDAzMTkxMTQ2MzlaFw0yNTAzMTgxMTUxMzlaMDMxMTAvBgNV
BAMTKDgyRDAyM0M5ODYxMTVBM0EwMkUwNzQ4MDJDNUZCRUJENkM3NzAyOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5h+rVPDrC+V5y1SdNdN7rQ4Aq
bsdnOrf3qFcOhlguEscQTz8y7LYK8JQrh2sV28bZJBchmZBMob+u3WHOL6akX8FM
Lup6EpzUi9DLd+5jSe9621ctuaSoVnemHbu9pM67K/rrRulT7U5NDcj5PcmZ23Ou
S/Wxe22bmkoy+3s7GFuV94o7Zq8ZYIfddmFhtvDCwX/ZCWIqJ0fD1xHq5bZEmBW2
cXvCtKW9Dh2dyKUeNguAm0i8mZ9pUV3nmZC8XER2yGxYdpATnv96zsDboABFvbiM
WGjt2WradepiinLYXPSuBFOtJDgkCNI6jR0LuRlkjUk0gnGTc1A7TcBa0EN7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUgtAjyYYRWjoC4HSALF++vWx3ApAwHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzgzMDM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlgYw
DQYJKoZIhvcNAQELBQADggEBAFPMyF//dAQSJpufDc0WRtK/XUhcaUPEN2xwxolc
iGX/Wcal+mDl32lm5PRFk1CdlC7TX4rAAtVI5WkQ/K0EFXn+YTBi3xp8Ykb5omU8
RTeJYclcy72DVIlKH6J9fvoXkr2QmXCiq1cC0IiZc6gFRxap3wEARswx3izKB35Y
k1lRr0GFIQBWYWm4XdiLEw/OkIEBnCvjAu6/kf4LBh60jdBwH/8taF7J3+DG+45J
5bIxV4jambfWU4yPLRGjKnBY8qLVu97VB4sGeJUpXrvmegEf4WqONOLMpq8tyyNU
iq7YTyJCVXwChPGEfgkKJI+vQXygkF+ogXOVK1Scs9mIw3s=
-----END CERTIFICATE-----