Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e382e302f32322d3234203d3e203432333636.roa
File:                     34352e39322e382e302f32322d3234203d3e203432333636.roa (raw, json)
Hash identifier:          jg72aAvynhFxaTD5h81vV541fdAzpw8AgvnJLQOx0r0=
Subject key identifier:   A1:AB:6D:03:98:3D:98:84:3E:FB:29:F5:D3:FB:A7:86:40:ED:1F:7D
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       7B4F023E6D26F33756C1810D75BC62DCEE6EA16B
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e382e302f32322d3234203d3e203432333636.roa
Signing time:             Mon 11 Mar 2024 08:59:34 +0000
ROA not before:           Mon 11 Mar 2024 08:54:34 +0000
ROA not after:            Mon 10 Mar 2025 08:59:34 +0000
asID:                     42366
IP address blocks:        45.92.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:4f:02:3e:6d:26:f3:37:56:c1:81:0d:75:bc:62:dc:ee:6e:a1:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Mar 11 08:54:34 2024 GMT
            Not After : Mar 10 08:59:34 2025 GMT
        Subject: CN=A1AB6D03983D98843EFB29F5D3FBA78640ED1F7D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ba:61:2e:2a:28:40:a0:b8:7c:80:a0:ab:09:
                    76:d3:35:55:99:17:7e:54:60:38:d4:d8:a7:21:8e:
                    39:55:f8:e0:10:ec:87:03:5f:3d:27:6c:11:52:8c:
                    ef:45:67:c6:ce:b3:a2:40:3e:b0:8d:6c:74:c9:6f:
                    70:1a:ed:98:17:4f:8e:91:71:74:30:90:25:14:f4:
                    7a:c4:a0:fc:9c:00:11:10:00:31:0e:c9:d7:97:61:
                    bd:45:ca:7c:76:aa:25:69:8f:cc:db:21:ea:eb:6d:
                    59:41:ed:3a:c1:64:81:48:9e:ca:e1:08:d2:94:c9:
                    28:a0:98:fe:ed:87:26:31:d4:4b:8f:a6:82:d3:d2:
                    be:ae:f2:68:48:06:bf:b4:d5:c8:d0:18:b8:7f:a6:
                    ac:50:28:df:6f:ea:81:9f:5c:63:b0:6f:9d:55:86:
                    54:93:72:31:1c:4c:f0:c7:55:00:61:b5:04:f5:c3:
                    b4:37:e7:98:1a:70:f2:0d:6e:90:4c:7d:71:e9:19:
                    eb:c4:a4:49:2a:41:ae:90:80:5b:0b:01:ff:98:70:
                    21:ca:20:74:f9:3b:26:33:c7:a3:4b:fc:d2:82:f0:
                    e1:04:60:c9:a3:9c:41:db:cc:9b:9d:bf:ad:d9:07:
                    04:35:f2:82:b5:bb:32:bb:53:b4:51:84:91:cd:ff:
                    04:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:AB:6D:03:98:3D:98:84:3E:FB:29:F5:D3:FB:A7:86:40:ED:1F:7D
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e382e302f32322d3234203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:da:36:63:22:98:0e:7c:d6:a1:3c:b3:57:96:01:5a:ef:54:
         59:b7:c7:d7:ea:fe:ee:14:44:11:1e:c6:32:4a:93:82:e0:e8:
         6e:88:52:63:f9:12:b2:b2:37:c0:da:e3:ab:16:b7:59:9d:ea:
         90:73:4f:a9:a1:f2:69:d1:d4:0b:3d:a5:49:3a:36:cb:60:35:
         aa:e5:f0:e6:33:cd:5f:a2:be:35:1b:bc:d9:35:99:41:20:6d:
         d3:59:cf:37:9b:fd:e4:98:53:36:e3:c1:94:29:f3:a8:10:ef:
         f8:85:30:0d:0f:45:e7:20:ad:55:2d:78:1a:a2:8d:e2:1d:22:
         9e:78:c5:a1:d7:6f:e8:ce:15:e5:f0:ef:37:21:cc:40:8f:e8:
         48:0a:36:68:e9:1d:d5:2f:d1:55:02:8b:3e:44:26:4a:07:30:
         bb:47:54:03:cb:3e:2f:08:22:6a:74:18:74:2d:5b:28:c5:58:
         a0:ea:af:2f:ce:18:40:65:81:03:c1:25:dc:54:74:2d:d9:50:
         ce:9e:48:7b:f1:6d:74:fe:1a:4c:cd:80:22:9e:17:17:3b:36:
         7e:fe:ce:59:e6:36:bc:15:4b:a2:40:2b:02:7d:45:8e:17:9a:
         cf:c7:9a:6d:0d:60:97:c9:b6:c7:5e:df:19:7d:98:ef:53:4c:
         f8:6b:12:ca
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUe08CPm0m8zdWwYENdbxi3O5uoWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAzMTEwODU0MzRaFw0yNTAzMTAwODU5MzRaMDMxMTAvBgNV
BAMTKEExQUI2RDAzOTgzRDk4ODQzRUZCMjlGNUQzRkJBNzg2NDBFRDFGN0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbumEuKihAoLh8gKCrCXbTNVWZ
F35UYDjU2KchjjlV+OAQ7IcDXz0nbBFSjO9FZ8bOs6JAPrCNbHTJb3Aa7ZgXT46R
cXQwkCUU9HrEoPycABEQADEOydeXYb1Fynx2qiVpj8zbIerrbVlB7TrBZIFInsrh
CNKUySigmP7thyYx1EuPpoLT0r6u8mhIBr+01cjQGLh/pqxQKN9v6oGfXGOwb51V
hlSTcjEcTPDHVQBhtQT1w7Q355gacPINbpBMfXHpGevEpEkqQa6QgFsLAf+YcCHK
IHT5OyYzx6NL/NKC8OEEYMmjnEHbzJudv63ZBwQ18oK1uzK7U7RRhJHN/wTrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUoattA5g9mIQ++yn10/unhkDtH30wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzkzMjJlMzgyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzNDMyMzMzNjM2LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVwIMA0G
CSqGSIb3DQEBCwUAA4IBAQAm2jZjIpgOfNahPLNXlgFa71RZt8fX6v7uFEQRHsYy
SpOC4OhuiFJj+RKysjfA2uOrFrdZneqQc0+pofJp0dQLPaVJOjbLYDWq5fDmM81f
or41G7zZNZlBIG3TWc83m/3kmFM248GUKfOoEO/4hTAND0XnIK1VLXgaoo3iHSKe
eMWh12/ozhXl8O83IcxAj+hICjZo6R3VL9FVAos+RCZKBzC7R1QDyz4vCCJqdBh0
LVsoxVig6q8vzhhAZYEDwSXcVHQt2VDOnkh78W10/hpMzYAinhcXOzZ+/s5Z5ja8
FUuiQCsCfUWOF5rPx5ptDWCXybbHXt8ZfZjvU0z4axLK
-----END CERTIFICATE-----