Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135342e302f32342d3332203d3e203531313637.roa
File:                     34352e31302e3135342e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          4lR8ML1VMveC2WiZ2UdLq2FzUXiH2Oq8LaKWbijh1a8=
Subject key identifier:   87:FE:92:21:95:15:5B:72:5A:DD:B6:6C:88:F5:BB:0B:19:D1:F4:3B
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       053CCC929C41CD82FF67DCD2A1D43BED74DFB29C
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135342e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:39 +0000
ROA not before:           Mon 26 Feb 2024 08:48:39 +0000
ROA not after:            Mon 24 Feb 2025 08:53:39 +0000
asID:                     51167
IP address blocks:        45.10.154.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:3c:cc:92:9c:41:cd:82:ff:67:dc:d2:a1:d4:3b:ed:74:df:b2:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:39 2024 GMT
            Not After : Feb 24 08:53:39 2025 GMT
        Subject: CN=87FE922195155B725ADDB66C88F5BB0B19D1F43B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:8a:43:6f:2c:2b:8e:5d:77:f4:d8:23:c2:06:
                    52:b0:65:17:43:ce:c8:5a:fd:2a:04:73:59:20:ee:
                    c7:a4:c1:f7:6e:f6:4a:95:23:67:98:c9:4b:3c:d9:
                    18:b1:e6:ee:b1:a2:50:6f:d5:c0:5a:8e:c4:c2:7b:
                    e6:d6:23:6c:48:8f:e3:08:22:17:1a:c6:59:d1:f7:
                    54:78:15:eb:75:ea:3b:97:ea:b4:fa:1d:64:cc:10:
                    73:6c:2a:d8:58:72:5e:33:b4:62:bd:72:00:97:fc:
                    b0:ee:bf:e1:4a:b0:ec:a1:63:92:a8:b8:29:b8:59:
                    f8:fe:40:23:fc:83:c6:08:de:6a:28:94:25:45:ec:
                    8c:5a:1b:01:33:01:a4:60:dc:b4:f5:32:e4:c9:46:
                    92:7d:e9:95:75:ba:66:f6:54:70:a0:0b:1e:ef:be:
                    07:a7:23:5e:a6:a6:a7:4f:71:88:b6:b7:42:1f:88:
                    64:cf:d4:02:8b:8e:3d:4b:a2:50:f8:09:85:c4:6d:
                    e2:2a:98:b6:5a:ec:6d:18:48:64:c7:24:b3:d9:da:
                    1e:6e:5b:ee:19:8a:ed:d8:de:11:ff:5f:02:5d:4c:
                    0f:75:07:3e:42:c5:d7:fa:7b:88:42:1b:3b:ea:bc:
                    34:5c:c4:bf:b6:3c:7e:5c:df:34:b5:97:d0:78:9f:
                    56:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FE:92:21:95:15:5B:72:5A:DD:B6:6C:88:F5:BB:0B:19:D1:F4:3B
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e31302e3135342e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c6:e0:5f:6c:34:bd:66:9f:b8:68:9e:d5:47:d6:de:c4:4c:
         ab:75:50:78:6e:0c:a3:70:1d:fb:31:c9:8d:1a:3d:39:40:6c:
         14:8f:ef:da:c3:68:f3:c0:f8:a0:3d:cd:0f:63:3b:27:78:b9:
         f2:3d:f5:68:5d:61:f1:69:d7:e6:95:dc:16:aa:0a:39:b8:59:
         1b:4e:4c:c3:8a:66:39:49:41:63:10:12:6a:f8:c3:84:e5:3f:
         08:80:bd:52:f4:c2:7e:5a:32:5b:c6:ce:cf:0b:58:80:70:1b:
         45:2e:7d:cd:f6:2b:f3:3e:d4:a5:ac:a8:fd:e8:a9:82:3d:5d:
         e6:1f:1e:6f:75:62:2c:54:90:44:55:40:0d:08:f0:4b:96:7f:
         43:12:32:1d:f0:3b:a6:0c:92:e7:66:a7:84:a8:65:f3:f2:19:
         e9:7c:87:53:59:23:83:c4:b4:19:27:f0:59:06:0b:02:3c:4b:
         d7:ce:ac:dd:e8:35:47:e8:e9:a7:b2:98:35:2c:d2:32:53:e0:
         74:30:41:4a:77:b1:79:b2:83:ee:72:cb:ce:a7:9d:2d:fa:56:
         88:2a:4f:09:e4:7e:c7:c1:3c:7b:bd:c2:e2:b2:25:4b:2d:65:
         36:88:ec:e3:72:be:aa:7b:a6:ec:43:3f:40:ba:b9:77:86:90:
         cd:53:94:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBTzMkpxBzYL/Z9zSodQ77XTfspwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzlaFw0yNTAyMjQwODUzMzlaMDMxMTAvBgNV
BAMTKDg3RkU5MjIxOTUxNTVCNzI1QUREQjY2Qzg4RjVCQjBCMTlEMUY0M0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9ikNvLCuOXXf02CPCBlKwZRdD
zsha/SoEc1kg7sekwfdu9kqVI2eYyUs82Rix5u6xolBv1cBajsTCe+bWI2xIj+MI
IhcaxlnR91R4Fet16juX6rT6HWTMEHNsKthYcl4ztGK9cgCX/LDuv+FKsOyhY5Ko
uCm4Wfj+QCP8g8YI3moolCVF7IxaGwEzAaRg3LT1MuTJRpJ96ZV1umb2VHCgCx7v
vgenI16mpqdPcYi2t0IfiGTP1AKLjj1LolD4CYXEbeIqmLZa7G0YSGTHJLPZ2h5u
W+4Ziu3Y3hH/XwJdTA91Bz5Cxdf6e4hCGzvqvDRcxL+2PH5c3zS1l9B4n1bjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUh/6SIZUVW3Ja3bZsiPW7CxnR9DswHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzMDJlMzEzNTM0
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0K
mjANBgkqhkiG9w0BAQsFAAOCAQEAQMbgX2w0vWafuGie1UfW3sRMq3VQeG4Mo3Ad
+zHJjRo9OUBsFI/v2sNo88D4oD3ND2M7J3i58j31aF1h8WnX5pXcFqoKObhZG05M
w4pmOUlBYxASavjDhOU/CIC9UvTCfloyW8bOzwtYgHAbRS59zfYr8z7Upayo/eip
gj1d5h8eb3ViLFSQRFVADQjwS5Z/QxIyHfA7pgyS52anhKhl8/IZ6XyHU1kjg8S0
GSfwWQYLAjxL186s3eg1R+jpp7KYNSzSMlPgdDBBSnexebKD7nLLzqedLfpWiCpP
CeR+x8E8e73C4rIlSy1lNojs43K+qnum7EM/QLq5d4aQzVOUlg==
-----END CERTIFICATE-----