Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3130392e3233362e36312e302f32342d3234203d3e20383334.roa
File:                     3130392e3233362e36312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          simDHINct9AN9LfrebWEu/mHCwFCUAGdma0jXI37pzw=
Subject key identifier:   57:B5:CF:0A:34:87:10:72:BC:B5:B3:71:DD:62:66:C3:1B:8A:80:CC
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       45C7E2F8CE0E075E9D3E259733ECA74ABDCFCC58
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3130392e3233362e36312e302f32342d3234203d3e20383334.roa
Signing time:             Wed 02 Oct 2024 08:05:07 +0000
ROA not before:           Wed 02 Oct 2024 08:00:07 +0000
ROA not after:            Wed 01 Oct 2025 08:05:07 +0000
asID:                     834
IP address blocks:        109.236.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:c7:e2:f8:ce:0e:07:5e:9d:3e:25:97:33:ec:a7:4a:bd:cf:cc:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Oct  2 08:00:07 2024 GMT
            Not After : Oct  1 08:05:07 2025 GMT
        Subject: CN=57B5CF0A34871072BCB5B371DD6266C31B8A80CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:27:36:d1:eb:bb:df:72:31:ea:6c:0a:3f:ab:
                    85:d2:bf:9f:0e:f8:28:8f:f7:b4:df:d5:7c:a3:47:
                    18:b2:0e:4a:c7:e2:01:dd:61:9e:26:22:8f:84:e5:
                    ae:4c:4a:d8:1e:91:2a:f7:7a:aa:5e:fd:d2:d3:8d:
                    ec:7a:e3:a4:54:fe:12:f3:6e:9e:89:34:b3:3d:b7:
                    ca:59:42:56:0d:bd:b7:d9:a1:80:3a:98:5b:e4:ca:
                    ad:6b:76:e8:e3:23:8f:6b:f6:a6:69:04:4c:f4:04:
                    50:fc:c5:d8:45:6d:46:3b:c6:5c:1c:32:5f:3d:6a:
                    1d:ce:87:b6:7a:ba:28:83:e7:d3:20:af:d7:03:e2:
                    ae:b7:9a:f1:27:21:ef:dc:00:f9:5d:c8:08:ba:24:
                    45:88:d3:2c:a7:20:c4:cf:ee:09:4c:04:56:37:3e:
                    48:91:82:b1:1f:c2:c3:ca:cb:7b:e8:1d:db:70:96:
                    44:23:ac:37:c5:50:26:b9:0b:6d:55:19:7b:ee:53:
                    fa:96:ac:d4:ec:77:25:ec:42:d7:01:b1:2d:e7:b4:
                    cf:23:73:30:aa:ca:ce:f3:0d:bd:eb:98:50:7e:2c:
                    e2:70:81:5f:3d:a7:55:6e:38:7c:c1:50:13:ab:40:
                    ab:55:d3:27:08:a4:c2:36:cc:dc:c8:5a:60:39:b0:
                    bf:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B5:CF:0A:34:87:10:72:BC:B5:B3:71:DD:62:66:C3:1B:8A:80:CC
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/3130392e3233362e36312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:36:e0:16:a5:a5:64:59:83:03:19:0e:ca:d2:bd:a1:ff:fd:
         ad:a7:1d:11:50:15:04:4d:23:ec:93:79:f9:fa:d1:91:e2:a0:
         e8:e3:f6:4d:70:34:84:04:c9:50:e3:b4:04:98:86:2a:60:85:
         76:37:73:22:fd:47:f1:22:b1:ff:e4:8d:d8:58:7f:fa:c2:4c:
         a7:17:a8:4e:db:47:9a:72:90:48:b7:ab:ef:37:49:09:84:2d:
         d1:cc:2e:42:85:4d:47:63:04:77:56:43:f1:68:83:20:51:42:
         27:7e:7e:06:68:15:f7:3c:6d:3b:32:55:e9:06:33:82:ba:5d:
         c8:69:92:f5:c7:1d:f9:c9:78:f0:5d:1b:8e:a2:40:fd:35:f3:
         01:be:ea:c5:99:25:a1:5e:95:7a:fb:5a:a3:69:7c:c1:05:3a:
         58:8f:94:30:13:b0:6b:d8:9c:37:0c:2f:dd:c6:f8:b3:85:f8:
         bb:49:85:2f:9e:6c:3e:c3:65:65:71:b6:07:7d:54:45:85:f7:
         63:65:32:05:5a:fd:e7:77:80:83:4a:ea:a2:5c:06:d6:b8:8f:
         9a:9f:cc:84:0e:64:c7:cc:f2:d0:ae:b8:32:7d:10:a2:f4:7b:
         c7:ac:cf:01:03:d8:3a:5c:b6:86:53:8c:2b:57:3d:84:f8:cb:
         c4:40:92:2c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURcfi+M4OB16dPiWXM+ynSr3PzFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDEwMDIwODAwMDdaFw0yNTEwMDEwODA1MDdaMDMxMTAvBgNV
BAMTKDU3QjVDRjBBMzQ4NzEwNzJCQ0I1QjM3MURENjI2NkMzMUI4QTgwQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdJzbR67vfcjHqbAo/q4XSv58O
+CiP97Tf1XyjRxiyDkrH4gHdYZ4mIo+E5a5MStgekSr3eqpe/dLTjex646RU/hLz
bp6JNLM9t8pZQlYNvbfZoYA6mFvkyq1rdujjI49r9qZpBEz0BFD8xdhFbUY7xlwc
Ml89ah3Oh7Z6uiiD59Mgr9cD4q63mvEnIe/cAPldyAi6JEWI0yynIMTP7glMBFY3
PkiRgrEfwsPKy3voHdtwlkQjrDfFUCa5C21VGXvuU/qWrNTsdyXsQtcBsS3ntM8j
czCqys7zDb3rmFB+LOJwgV89p1VuOHzBUBOrQKtV0ycIpMI2zNzIWmA5sL/DAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUV7XPCjSHEHK8tbNx3WJmwxuKgMwwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzEzMDM5MmUzMjMzMzYyZTM2
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABt7D0w
DQYJKoZIhvcNAQELBQADggEBALM24BalpWRZgwMZDsrSvaH//a2nHRFQFQRNI+yT
efn60ZHioOjj9k1wNIQEyVDjtASYhipghXY3cyL9R/Eisf/kjdhYf/rCTKcXqE7b
R5pykEi3q+83SQmELdHMLkKFTUdjBHdWQ/FogyBRQid+fgZoFfc8bTsyVekGM4K6
XchpkvXHHfnJePBdG46iQP018wG+6sWZJaFelXr7WqNpfMEFOliPlDATsGvYnDcM
L93G+LOF+LtJhS+ebD7DZWVxtgd9VEWF92NlMgVa/ed3gINK6qJcBta4j5qfzIQO
ZMfM8tCuuDJ9EKL0e8eszwED2DpctoZTjCtXPYT4y8RAkiw=
-----END CERTIFICATE-----