Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130362e302f32342d3234203d3e20383334.roa
File:                     34352e3133302e3130362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          BZUI/de/aG5hFI6eDtkqO1J0NRqLCZvi9yIYPJj0DmY=
Subject key identifier:   E6:81:8F:5D:6A:D3:59:27:44:1F:59:5C:C2:8A:CF:D5:07:8B:8D:4D
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       6AB3EE7AF098C452C57ED77FE0857D9F9B49CECF
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130362e302f32342d3234203d3e20383334.roa
Signing time:             Sat 19 Aug 2023 05:06:58 +0000
ROA not before:           Sat 19 Aug 2023 05:01:58 +0000
ROA not after:            Sat 17 Aug 2024 05:06:58 +0000
asID:                     834
IP address blocks:        45.130.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:b3:ee:7a:f0:98:c4:52:c5:7e:d7:7f:e0:85:7d:9f:9b:49:ce:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Aug 19 05:01:58 2023 GMT
            Not After : Aug 17 05:06:58 2024 GMT
        Subject: CN=E6818F5D6AD35927441F595CC28ACFD5078B8D4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:14:ee:ea:e2:97:93:df:ee:fa:d8:88:b7:ae:
                    c6:64:4b:7b:4c:48:29:b1:16:a2:2f:c0:bc:eb:20:
                    71:d7:d8:32:d6:fc:93:e7:34:9d:43:b3:e7:86:d3:
                    5b:2f:33:0b:8c:66:c7:72:0d:57:32:f5:c3:84:49:
                    4b:0a:56:72:ab:11:da:0c:0a:90:84:a4:1e:ba:f4:
                    31:5b:bc:49:8f:4b:bd:30:10:53:9d:32:7a:67:42:
                    9c:4a:60:01:99:e0:5d:26:df:77:e7:2b:6d:e4:43:
                    a0:86:61:5a:49:c1:3e:6e:f8:6a:7d:25:20:f9:fe:
                    5d:28:94:d0:a2:32:bb:cd:94:33:65:2e:32:a2:44:
                    9a:36:70:5c:16:64:75:d7:83:48:24:43:f5:d5:ec:
                    e7:76:10:a0:c0:59:cc:58:7c:e1:74:d5:b8:83:00:
                    c9:60:99:e9:59:53:33:90:e7:0f:e7:28:24:85:9c:
                    50:8e:00:1a:b0:30:7f:9e:d7:61:39:46:ff:af:32:
                    4c:4c:b5:6a:ab:b2:94:88:1f:8c:94:59:8b:8e:90:
                    9b:cc:03:8a:88:bb:2f:35:aa:65:f1:2f:a2:35:75:
                    78:c3:3c:9d:2b:23:6e:7c:77:95:8d:77:b6:db:da:
                    49:40:72:7d:2d:54:35:74:1b:e8:39:ac:d5:3a:51:
                    52:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:81:8F:5D:6A:D3:59:27:44:1F:59:5C:C2:8A:CF:D5:07:8B:8D:4D
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3133302e3130362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a3:10:ea:6d:64:ea:b2:9f:ec:9f:45:d4:8a:3e:53:f8:1f:
         88:35:a4:5d:b1:fe:ff:e2:6d:49:fd:5c:94:17:a4:29:3e:fd:
         ab:ac:bf:06:af:21:0b:14:75:a9:a2:3e:b6:b6:43:99:bd:3f:
         b0:b0:f1:e8:6c:97:0b:71:15:6f:15:29:bc:f1:9a:ba:a5:e7:
         8c:42:0a:a0:68:8f:84:50:6b:7e:f8:80:67:a5:3a:96:f9:e6:
         3b:5a:d4:4b:f9:ce:de:93:10:7b:0c:37:8e:c4:c7:13:76:5d:
         f6:39:0f:cc:e3:f0:08:b4:5e:f7:16:6b:fd:c9:67:a0:94:29:
         c8:8e:33:62:ad:dd:0a:ee:35:54:28:9e:d9:e7:72:f0:fc:9b:
         17:a6:f4:ef:66:e3:7f:b2:59:14:e6:f8:1c:dc:40:8c:38:85:
         69:8d:3c:50:2d:fa:c2:ee:31:b1:1c:65:77:c1:4e:9a:a9:3c:
         0f:e3:89:25:e2:e9:db:d3:05:2c:e0:e7:f6:11:1a:8f:c6:38:
         9c:80:e0:7e:e6:20:5a:6f:79:a4:55:a0:f5:ac:de:4b:a7:13:
         11:d5:2b:0a:5b:f1:cd:77:f3:40:0d:52:80:77:76:72:7c:d2:
         c5:e3:d3:20:47:c5:a8:f8:57:ff:88:31:b4:23:68:f1:1e:3a:
         55:fa:bd:f5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUarPuevCYxFLFftd/4IV9n5tJzs8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yMzA4MTkwNTAxNThaFw0yNDA4MTcwNTA2NThaMDMxMTAvBgNV
BAMTKEU2ODE4RjVENkFEMzU5Mjc0NDFGNTk1Q0MyOEFDRkQ1MDc4QjhENEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrFO7q4peT3+762Ii3rsZkS3tM
SCmxFqIvwLzrIHHX2DLW/JPnNJ1Ds+eG01svMwuMZsdyDVcy9cOESUsKVnKrEdoM
CpCEpB669DFbvEmPS70wEFOdMnpnQpxKYAGZ4F0m33fnK23kQ6CGYVpJwT5u+Gp9
JSD5/l0olNCiMrvNlDNlLjKiRJo2cFwWZHXXg0gkQ/XV7Od2EKDAWcxYfOF01biD
AMlgmelZUzOQ5w/nKCSFnFCOABqwMH+e12E5Rv+vMkxMtWqrspSIH4yUWYuOkJvM
A4qIuy81qmXxL6I1dXjDPJ0rI258d5WNd7bb2klAcn0tVDV0G+g5rNU6UVLDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5oGPXWrTWSdEH1lcworP1QeLjU0wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzMzMwMmUzMTMw
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtgmow
DQYJKoZIhvcNAQELBQADggEBAE6jEOptZOqyn+yfRdSKPlP4H4g1pF2x/v/ibUn9
XJQXpCk+/ausvwavIQsUdamiPra2Q5m9P7Cw8ehslwtxFW8VKbzxmrql54xCCqBo
j4RQa374gGelOpb55jta1Ev5zt6TEHsMN47ExxN2XfY5D8zj8Ai0XvcWa/3JZ6CU
KciOM2Kt3QruNVQontnncvD8mxem9O9m43+yWRTm+BzcQIw4hWmNPFAt+sLuMbEc
ZXfBTpqpPA/jiSXi6dvTBSzg5/YRGo/GOJyA4H7mIFpveaRVoPWs3kunExHVKwpb
8c1380ANUoB3dnJ80sXj0yBHxaj4V/+IMbQjaPEeOlX6vfU=
-----END CERTIFICATE-----