Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3134312e32322e302f32342d3332203d3e203531313637.roa
File:                     34352e3134312e32322e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          kiHW9Rvp5F1Va8qKvZUHx/2hYvvg1k4kw8EyKDx+QhA=
Subject key identifier:   17:91:95:22:59:A3:95:41:45:A6:40:EB:1C:59:94:47:32:21:24:B7
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       344B4D9B48815F2BF9477A99B7B7AB1CD5374756
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3134312e32322e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:40 +0000
ROA not before:           Mon 26 Feb 2024 08:48:40 +0000
ROA not after:            Mon 24 Feb 2025 08:53:40 +0000
asID:                     51167
IP address blocks:        45.141.22.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 13:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:4b:4d:9b:48:81:5f:2b:f9:47:7a:99:b7:b7:ab:1c:d5:37:47:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:40 2024 GMT
            Not After : Feb 24 08:53:40 2025 GMT
        Subject: CN=1791952259A3954145A640EB1C599447322124B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a7:d5:d9:59:f2:13:4d:66:08:97:1e:ca:db:
                    88:df:4f:12:4a:46:e8:e4:ca:b4:c5:90:4d:3d:b0:
                    5e:43:74:ef:ac:b3:d4:c4:d4:9b:28:91:cc:a9:8d:
                    3b:17:12:a8:26:ac:52:59:72:18:db:c9:67:0f:6a:
                    a2:9e:b7:a2:c8:bb:05:69:22:66:db:52:46:c3:d1:
                    3b:d9:a8:77:1d:b3:2c:f4:68:32:fa:c8:2a:79:0d:
                    34:ec:14:59:fd:28:9c:cb:33:e5:96:bc:1f:94:c0:
                    45:7e:9e:a7:0a:53:3b:54:51:94:f4:7f:c6:4d:fb:
                    d2:ba:72:f5:fb:34:4c:d8:3b:55:3a:4a:f9:42:16:
                    4e:c0:73:fd:b3:e5:d9:b7:59:ea:d1:24:76:5e:c1:
                    16:ae:55:93:27:43:e2:b7:b2:8a:77:2c:18:25:76:
                    e1:0f:9b:a4:76:0b:11:57:0e:31:65:25:25:c7:49:
                    27:2f:11:aa:74:51:24:d7:e6:48:ca:6e:da:2c:94:
                    53:91:11:ab:87:5e:5c:f3:e1:94:ab:fd:a7:ff:76:
                    f0:7c:74:c3:73:17:5f:6b:90:36:5f:37:01:4b:94:
                    f7:5e:bc:f1:a9:6d:db:33:36:c4:a4:8e:b4:44:1d:
                    81:a9:9a:d8:29:a9:29:5b:2b:09:ba:e9:39:8a:57:
                    82:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:91:95:22:59:A3:95:41:45:A6:40:EB:1C:59:94:47:32:21:24:B7
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e3134312e32322e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:6e:6d:39:6b:35:e7:08:f0:2f:95:a6:0e:38:84:83:23:05:
         bb:19:81:66:9d:8e:0d:6d:8f:71:db:29:95:45:f9:d1:03:87:
         a4:2b:45:02:2f:fb:fd:9b:69:5f:8b:a1:95:9e:5b:f2:9a:48:
         0e:fb:8f:68:12:1d:04:cd:40:c6:65:44:02:2c:8f:a1:01:9f:
         92:0b:7f:05:b8:7d:08:32:de:27:9f:be:b1:3d:ee:77:bc:62:
         81:c7:71:0d:e6:56:68:f7:78:90:38:c0:9a:da:c2:14:d9:68:
         13:62:3b:38:4a:a4:d6:71:7d:dc:4e:39:92:60:a7:e2:bb:b1:
         8a:5b:70:18:66:39:c9:3f:78:62:13:e4:ff:01:f2:92:29:e9:
         dc:b9:c2:13:31:bb:c2:2b:30:74:bd:39:f8:a9:e7:b4:5f:5e:
         80:2c:33:26:51:d5:03:35:7e:56:12:af:2b:1d:f1:06:d6:99:
         c4:e4:3d:83:bd:f4:e7:f9:7d:87:e7:86:1b:7c:8b:2e:55:59:
         5d:3b:2c:51:43:3c:ce:92:44:f6:5d:03:63:8a:d8:31:ef:7f:
         fe:9e:7a:92:da:63:cd:9b:83:44:f8:e5:fc:c1:91:d1:a8:37:
         d7:15:91:dc:05:67:06:28:ec:68:f0:86:b8:e2:2a:eb:41:69:
         4c:53:27:82
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNEtNm0iBXyv5R3qZt7erHNU3R1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4NDBaFw0yNTAyMjQwODUzNDBaMDMxMTAvBgNV
BAMTKDE3OTE5NTIyNTlBMzk1NDE0NUE2NDBFQjFDNTk5NDQ3MzIyMTI0QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0p9XZWfITTWYIlx7K24jfTxJK
RujkyrTFkE09sF5DdO+ss9TE1JsokcypjTsXEqgmrFJZchjbyWcPaqKet6LIuwVp
ImbbUkbD0TvZqHcdsyz0aDL6yCp5DTTsFFn9KJzLM+WWvB+UwEV+nqcKUztUUZT0
f8ZN+9K6cvX7NEzYO1U6SvlCFk7Ac/2z5dm3WerRJHZewRauVZMnQ+K3sop3LBgl
duEPm6R2CxFXDjFlJSXHSScvEap0USTX5kjKbtoslFOREauHXlzz4ZSr/af/dvB8
dMNzF19rkDZfNwFLlPdevPGpbdszNsSkjrREHYGpmtgpqSlbKwm66TmKV4JhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUF5GVIlmjlUFFpkDrHFmURzIhJLcwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzEzNDMxMmUzMjMy
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2N
FjANBgkqhkiG9w0BAQsFAAOCAQEAgG5tOWs15wjwL5WmDjiEgyMFuxmBZp2ODW2P
cdsplUX50QOHpCtFAi/7/ZtpX4uhlZ5b8ppIDvuPaBIdBM1AxmVEAiyPoQGfkgt/
Bbh9CDLeJ5++sT3ud7xigcdxDeZWaPd4kDjAmtrCFNloE2I7OEqk1nF93E45kmCn
4ruxiltwGGY5yT94YhPk/wHykinp3LnCEzG7wiswdL05+KnntF9egCwzJlHVAzV+
VhKvKx3xBtaZxOQ9g7305/l9h+eGG3yLLlVZXTssUUM8zpJE9l0DY4rYMe9//p56
ktpjzZuDRPjl/MGR0ag31xWR3AVnBijsaPCGuOIq60FpTFMngg==
-----END CERTIFICATE-----