Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e382e302f32332d3332203d3e203531313637.roa
File:                     34352e39322e382e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          IsT3IwMCIfEW2Ba4DKIe41kD3xMHBnDbCHtdnPsN5zY=
Subject key identifier:   0A:43:60:E1:68:AA:C6:A6:CC:51:F7:60:B7:D2:F4:E0:03:29:72:0D
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       491DBD9A05F99FC78B84BFDA417DADF3D14B08E9
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e382e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:51:55 +0000
ROA not before:           Wed 22 May 2024 12:46:55 +0000
ROA not after:            Wed 21 May 2025 12:51:55 +0000
asID:                     51167
IP address blocks:        45.92.8.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:1d:bd:9a:05:f9:9f:c7:8b:84:bf:da:41:7d:ad:f3:d1:4b:08:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: May 22 12:46:55 2024 GMT
            Not After : May 21 12:51:55 2025 GMT
        Subject: CN=0A4360E168AAC6A6CC51F760B7D2F4E00329720D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:43:b6:19:b7:78:b5:3a:f7:f9:db:80:d9:a6:
                    b2:19:17:ea:b1:02:b8:13:cf:d9:dd:0e:76:fb:4c:
                    fb:fa:22:a7:f0:89:da:39:0d:da:aa:02:f3:74:1f:
                    89:ea:0f:fc:1a:1c:f3:d5:9b:31:fa:27:16:db:ae:
                    69:b9:75:d2:c9:94:c1:d1:4e:2a:be:bc:f0:71:6a:
                    c1:66:a1:67:be:bb:5e:35:b6:e8:03:fd:f6:1e:e0:
                    92:53:4f:f9:17:fc:9a:b6:5f:c7:2c:40:71:86:4b:
                    c3:74:da:64:a9:e3:af:dd:ea:cb:35:88:0b:8f:76:
                    ef:fa:97:0a:1b:5e:90:74:77:7c:60:9c:fa:f1:9c:
                    9d:9b:fb:d7:03:87:64:6b:cf:a9:09:f7:ac:86:34:
                    11:7f:4a:0f:cc:e0:b5:78:f6:41:6f:b4:65:4f:96:
                    35:bb:79:00:3c:ba:0e:1a:60:b0:40:be:05:b1:0b:
                    54:53:11:3d:ee:b5:92:29:38:45:21:e1:9e:87:b4:
                    6d:46:e9:0c:7d:48:1d:c7:43:5d:87:65:9a:b0:76:
                    e8:70:36:b5:48:b2:23:8f:42:56:89:d1:67:5a:21:
                    51:f9:69:c5:f8:a6:08:c4:2c:52:8a:16:01:90:07:
                    8d:f2:8d:4b:5a:5b:1c:12:11:ce:78:c9:83:10:c7:
                    f6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:43:60:E1:68:AA:C6:A6:CC:51:F7:60:B7:D2:F4:E0:03:29:72:0D
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e39322e382e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:22:99:d6:51:2b:d4:be:d0:6f:74:85:25:ac:25:ce:91:20:
         c3:03:88:6a:cf:39:a2:bf:dc:76:be:d2:5e:fe:7b:13:79:8c:
         d0:20:d8:f7:7b:3e:1f:ac:20:05:50:b4:c4:fd:e4:bd:30:89:
         a3:12:15:99:40:d9:80:27:b6:aa:08:8c:09:07:17:ad:5a:24:
         1c:1c:89:4e:cc:e2:6c:a9:d2:20:d4:94:0f:74:06:0d:c1:18:
         b1:73:b3:66:be:af:f8:0d:02:a9:50:0b:a8:1e:09:06:e4:74:
         46:4f:47:af:24:25:70:75:18:70:9c:c6:63:ff:42:ec:8a:bb:
         a2:b4:b4:ab:7d:59:d9:93:ca:c0:51:42:30:40:a9:01:e9:bf:
         42:c1:46:de:de:86:d2:ac:45:02:ab:39:fd:95:9f:26:ae:e0:
         1f:2f:cf:29:3d:49:b7:e2:9f:11:c4:e0:be:54:98:d3:49:ab:
         eb:6a:8b:07:dc:5c:57:c8:90:68:00:00:c9:59:c8:57:5e:2d:
         3b:53:08:99:0c:81:be:2c:ea:f8:89:7f:de:b4:2c:c6:87:56:
         d8:46:e8:95:e3:b7:84:e2:71:e3:82:8e:fe:7a:83:db:d4:21:
         3e:7b:2c:b8:a4:ea:7d:bd:c2:aa:e2:6b:af:da:cd:c9:cf:91:
         76:ae:93:ab
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSR29mgX5n8eLhL/aQX2t89FLCOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDA1MjIxMjQ2NTVaFw0yNTA1MjExMjUxNTVaMDMxMTAvBgNV
BAMTKDBBNDM2MEUxNjhBQUM2QTZDQzUxRjc2MEI3RDJGNEUwMDMyOTcyMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1Q7YZt3i1Ovf524DZprIZF+qx
ArgTz9ndDnb7TPv6Iqfwido5DdqqAvN0H4nqD/waHPPVmzH6Jxbbrmm5ddLJlMHR
Tiq+vPBxasFmoWe+u141tugD/fYe4JJTT/kX/Jq2X8csQHGGS8N02mSp46/d6ss1
iAuPdu/6lwobXpB0d3xgnPrxnJ2b+9cDh2Rrz6kJ96yGNBF/Sg/M4LV49kFvtGVP
ljW7eQA8ug4aYLBAvgWxC1RTET3utZIpOEUh4Z6HtG1G6Qx9SB3HQ12HZZqwduhw
NrVIsiOPQlaJ0WdaIVH5acX4pgjELFKKFgGQB43yjUtaWxwSEc54yYMQx/Z7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUCkNg4WiqxqbMUfdgt9L04AMpcg0wHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzkzMjJlMzgyZTMw
MmYzMjMzMmQzMzMyMjAzZDNlMjAzNTMxMzEzNjM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVwIMA0G
CSqGSIb3DQEBCwUAA4IBAQBnIpnWUSvUvtBvdIUlrCXOkSDDA4hqzzmiv9x2vtJe
/nsTeYzQINj3ez4frCAFULTE/eS9MImjEhWZQNmAJ7aqCIwJBxetWiQcHIlOzOJs
qdIg1JQPdAYNwRixc7Nmvq/4DQKpUAuoHgkG5HRGT0evJCVwdRhwnMZj/0Lsirui
tLSrfVnZk8rAUUIwQKkB6b9CwUbe3obSrEUCqzn9lZ8mruAfL88pPUm34p8RxOC+
VJjTSavraosH3FxXyJBoAADJWchXXi07UwiZDIG+LOr4iX/etCzGh1bYRuiV47eE
4nHjgo7+eoPb1CE+eyy4pOp9vcKq4muv2s3Jz5F2rpOr
-----END CERTIFICATE-----