Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e372e302f32342d3234203d3e203430363736.roa
File:                     34352e3135302e372e302f32342d3234203d3e203430363736.roa (raw, json)
Hash identifier:          7wQrqMox9QAmR2vQp8q5VdavN4YrXCFJ3Bes/IozaAU=
Subject key identifier:   7D:4D:E4:7B:B3:17:65:B5:A4:AD:D4:A3:38:C4:E9:5D:27:A5:A2:F7
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       1953002065B485C2C06B3DE24120A7DF6A016BF7
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e372e302f32342d3234203d3e203430363736.roa
Signing time:             Tue 13 Aug 2024 23:45:27 +0000
ROA not before:           Tue 13 Aug 2024 23:40:27 +0000
ROA not after:            Tue 12 Aug 2025 23:45:27 +0000
asID:                     40676
IP address blocks:        45.150.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:53:00:20:65:b4:85:c2:c0:6b:3d:e2:41:20:a7:df:6a:01:6b:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Aug 13 23:40:27 2024 GMT
            Not After : Aug 12 23:45:27 2025 GMT
        Subject: CN=7D4DE47BB31765B5A4ADD4A338C4E95D27A5A2F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:01:d4:b0:30:b9:13:bf:76:5d:38:e4:e3:a0:
                    2b:d6:c4:ab:48:47:bc:8a:b1:c1:14:cf:d1:41:2f:
                    09:76:d3:f5:97:00:08:e3:8e:c8:b7:04:12:5e:da:
                    dd:46:c0:4a:15:01:65:ee:cd:2a:73:41:70:7d:bd:
                    29:cd:69:ef:a0:99:0b:bb:36:08:f3:98:53:47:4e:
                    8c:87:0e:1a:83:95:92:c6:54:d3:f0:2d:3a:e6:8f:
                    de:be:91:a2:d6:92:da:c2:41:58:93:cf:ff:3c:ba:
                    bd:be:ef:a9:11:90:0c:a6:ce:08:f1:08:7d:b1:f6:
                    bf:9f:ee:87:a5:0b:d4:dd:9c:fb:02:93:e9:71:0b:
                    46:0e:45:71:1d:e1:e6:5f:04:7f:ce:c1:9b:18:e9:
                    f2:bd:4c:aa:4f:f2:1b:1b:21:60:2a:28:58:53:cd:
                    b8:08:a5:ad:59:29:30:cc:ce:30:7a:9f:23:ec:9a:
                    c6:55:ce:b5:5a:98:ab:b5:ef:91:67:e1:64:16:15:
                    4e:22:71:eb:7e:81:af:a5:62:4e:86:26:e8:86:b9:
                    54:1a:83:a5:f9:86:4a:13:e9:a3:ed:a0:19:83:68:
                    b7:70:28:0f:58:48:d7:e6:36:c5:03:79:ee:3c:d9:
                    38:34:b0:25:be:6e:9f:a8:64:11:5f:47:39:4c:8b:
                    5d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:4D:E4:7B:B3:17:65:B5:A4:AD:D4:A3:38:C4:E9:5D:27:A5:A2:F7
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e372e302f32342d3234203d3e203430363736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:0e:ac:e7:d3:24:19:47:ff:31:e6:86:83:0d:47:51:de:a0:
         fc:91:b4:c9:73:18:66:71:0d:cc:2f:0b:7e:44:88:12:fe:87:
         21:4f:ff:ae:f2:88:d9:15:fa:22:77:fa:bd:dc:4d:8e:f3:0f:
         81:6f:65:dd:3b:50:1a:fb:69:9e:ed:a5:f6:81:7c:fe:d8:6e:
         41:17:b5:e3:49:39:0f:3d:a2:73:c6:98:be:e9:45:b6:27:97:
         ca:d5:e9:4b:c4:78:9a:7c:51:42:40:dc:4c:71:9b:b3:ab:04:
         82:be:9b:26:0f:08:a1:64:b0:a5:7e:61:38:9c:74:b0:9d:99:
         97:42:1c:73:5c:4e:db:88:44:fe:a1:b3:3f:b6:40:95:ab:57:
         12:8a:98:69:30:91:cf:ef:b0:d7:05:cf:24:2c:58:b0:cb:df:
         52:b9:b9:a8:b2:6b:9f:da:b5:bf:d6:cf:83:e7:68:2e:2d:f3:
         6f:1f:48:fa:2c:79:88:14:86:b6:2e:3c:48:b1:a6:8d:b0:71:
         a1:d3:7b:d4:f9:41:71:17:4c:aa:39:3b:5e:9a:de:68:b8:51:
         0c:a5:60:1b:80:01:9a:a9:71:27:10:57:3d:47:26:bf:a3:2b:
         f4:58:9e:0e:a7:38:91:ca:03:6b:58:33:d6:cb:d9:f7:a7:8a:
         f5:2c:a9:99
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGVMAIGW0hcLAaz3iQSCn32oBa/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNDA4MTMyMzQwMjdaFw0yNTA4MTIyMzQ1MjdaMDMxMTAvBgNV
BAMTKDdENERFNDdCQjMxNzY1QjVBNEFERDRBMzM4QzRFOTVEMjdBNUEyRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5AdSwMLkTv3ZdOOTjoCvWxKtI
R7yKscEUz9FBLwl20/WXAAjjjsi3BBJe2t1GwEoVAWXuzSpzQXB9vSnNae+gmQu7
NgjzmFNHToyHDhqDlZLGVNPwLTrmj96+kaLWktrCQViTz/88ur2+76kRkAymzgjx
CH2x9r+f7oelC9TdnPsCk+lxC0YORXEd4eZfBH/OwZsY6fK9TKpP8hsbIWAqKFhT
zbgIpa1ZKTDMzjB6nyPsmsZVzrVamKu175Fn4WQWFU4icet+ga+lYk6GJuiGuVQa
g6X5hkoT6aPtoBmDaLdwKA9YSNfmNsUDee482Tg0sCW+bp+oZBFfRzlMi12RAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUfU3ke7MXZbWkrdSjOMTpXSelovcwHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzNjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlgcw
DQYJKoZIhvcNAQELBQADggEBABcOrOfTJBlH/zHmhoMNR1HeoPyRtMlzGGZxDcwv
C35EiBL+hyFP/67yiNkV+iJ3+r3cTY7zD4FvZd07UBr7aZ7tpfaBfP7YbkEXteNJ
OQ89onPGmL7pRbYnl8rV6UvEeJp8UUJA3Exxm7OrBIK+myYPCKFksKV+YTicdLCd
mZdCHHNcTtuIRP6hsz+2QJWrVxKKmGkwkc/vsNcFzyQsWLDL31K5uaiya5/atb/W
z4PnaC4t828fSPoseYgUhrYuPEixpo2wcaHTe9T5QXEXTKo5O16a3mi4UQylYBuA
AZqpcScQVz1HJr+jK/RYng6nOJHKA2tYM9bL2fenivUsqZk=
-----END CERTIFICATE-----