Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3134332e38332e302f32342d3234203d3e203437353833.roa
File:                     34352e3134332e38332e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          NdOC/HXPqxnxyw5/lvlabRikbiRMAALt6FmMbegyCL4=
Subject key identifier:   D7:9D:08:AB:5D:B9:1D:DA:33:24:AD:FA:D9:38:CB:F1:B1:6C:CA:D7
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       4F40BD46252BEFC8FE95CD1B8E11596E4FC0A166
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3134332e38332e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:46 +0000
ROA not before:           Mon 26 Feb 2024 08:48:46 +0000
ROA not after:            Mon 24 Feb 2025 08:53:46 +0000
asID:                     47583
IP address blocks:        45.143.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:40:bd:46:25:2b:ef:c8:fe:95:cd:1b:8e:11:59:6e:4f:c0:a1:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:46 2024 GMT
            Not After : Feb 24 08:53:46 2025 GMT
        Subject: CN=D79D08AB5DB91DDA3324ADFAD938CBF1B16CCAD7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a5:e1:43:a9:a1:93:ef:de:97:f6:4a:db:56:
                    47:37:6a:c2:5e:76:9c:9d:0e:0b:83:f8:8a:5f:4d:
                    2a:9d:10:34:04:41:28:9f:f6:07:c0:74:53:17:3a:
                    3b:b4:b3:da:50:0e:88:f2:78:98:c1:49:3a:7a:46:
                    69:c1:0d:f7:cd:5c:4a:57:71:ac:dc:bf:0f:51:73:
                    0b:8b:3a:86:65:81:0c:fc:32:34:cd:b4:b9:ce:9b:
                    7f:95:d9:53:56:e4:f7:4c:c5:d9:59:b0:31:ca:27:
                    7f:44:dd:ab:e2:4f:cc:64:d2:64:3c:e4:0d:1a:20:
                    8d:f9:8d:96:24:4e:6b:6b:6b:af:52:96:73:fa:1d:
                    a5:44:09:7f:11:fa:81:92:c5:c5:0b:6e:05:6a:5a:
                    89:fe:b8:63:f4:0a:65:01:fb:f4:8a:81:76:ea:d5:
                    31:f7:2e:b1:f5:3c:c4:9f:ab:bd:2e:fd:36:d5:f6:
                    36:ac:4d:a6:75:9b:6a:9c:9f:6c:91:04:3a:30:73:
                    e9:9c:90:8a:3c:f6:e5:4e:70:c9:c6:9a:be:02:0d:
                    49:d2:7d:b9:b3:b7:d9:7f:68:0c:70:c0:a7:38:b8:
                    b4:8c:3b:a3:28:4a:cb:30:a2:80:9c:93:13:82:90:
                    0f:bc:4e:b3:ad:d7:02:fa:d9:ea:a5:f5:75:c3:cf:
                    17:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9D:08:AB:5D:B9:1D:DA:33:24:AD:FA:D9:38:CB:F1:B1:6C:CA:D7
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e3134332e38332e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:a5:9c:7e:8e:f0:a9:ee:fc:2c:08:9f:5b:d5:fa:6d:6b:7a:
         b6:2b:d2:6b:2d:6a:0e:e7:d9:fa:c0:a7:13:b9:ee:74:b6:ae:
         fc:8b:3b:6f:92:b0:9d:d4:c0:ac:9c:ed:0b:d4:3d:47:74:e1:
         de:6c:83:1a:0e:af:f7:f0:62:55:08:8e:91:34:b5:dd:1d:1b:
         c8:cd:4e:b7:50:40:bd:bf:87:bd:c8:4a:97:80:66:a8:9b:5e:
         87:d5:c5:af:23:92:a1:b7:45:61:be:ee:64:84:91:df:26:48:
         d1:7e:18:9d:3c:99:5f:ec:b0:45:c9:76:30:36:dd:c2:29:ef:
         ae:c7:67:38:52:5a:f8:a3:cb:9f:f0:64:1b:20:a5:10:fa:dc:
         e6:24:06:4a:d1:22:1a:77:f8:9e:a1:9d:04:88:96:5d:d2:88:
         f2:56:eb:46:82:84:da:37:23:3c:08:2d:0e:aa:09:df:ca:e8:
         94:06:5a:13:0e:19:5f:83:4f:2d:45:ef:06:20:44:ad:0c:ac:
         c8:09:31:41:93:27:50:18:f6:61:18:4a:e6:1b:b4:e2:96:43:
         aa:5f:db:a2:f3:0a:c6:3f:5d:40:15:da:9e:45:2c:1d:c5:b3:
         9b:8c:61:f3:4c:ff:a0:56:1f:1e:95:e9:43:87:a4:52:9d:1b:
         34:cd:41:ec
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUT0C9RiUr78j+lc0bjhFZbk/AoWYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDZaFw0yNTAyMjQwODUzNDZaMDMxMTAvBgNV
BAMTKEQ3OUQwOEFCNURCOTFEREEzMzI0QURGQUQ5MzhDQkYxQjE2Q0NBRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDApeFDqaGT796X9krbVkc3asJe
dpydDguD+IpfTSqdEDQEQSif9gfAdFMXOju0s9pQDojyeJjBSTp6RmnBDffNXEpX
cazcvw9RcwuLOoZlgQz8MjTNtLnOm3+V2VNW5PdMxdlZsDHKJ39E3aviT8xk0mQ8
5A0aII35jZYkTmtra69SlnP6HaVECX8R+oGSxcULbgVqWon+uGP0CmUB+/SKgXbq
1TH3LrH1PMSfq70u/TbV9jasTaZ1m2qcn2yRBDowc+mckIo89uVOcMnGmr4CDUnS
fbmzt9l/aAxwwKc4uLSMO6MoSsswooCckxOCkA+8TrOt1wL62eql9XXDzxc5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU150Iq125HdozJK362TjL8bFsytcwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzQzNTJlMzEzNDMzMmUzODMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2P
UzANBgkqhkiG9w0BAQsFAAOCAQEAgqWcfo7wqe78LAifW9X6bWt6tivSay1qDufZ
+sCnE7nudLau/Is7b5KwndTArJztC9Q9R3Th3myDGg6v9/BiVQiOkTS13R0byM1O
t1BAvb+HvchKl4BmqJteh9XFryOSobdFYb7uZISR3yZI0X4YnTyZX+ywRcl2MDbd
winvrsdnOFJa+KPLn/BkGyClEPrc5iQGStEiGnf4nqGdBIiWXdKI8lbrRoKE2jcj
PAgtDqoJ38rolAZaEw4ZX4NPLUXvBiBErQysyAkxQZMnUBj2YRhK5hu04pZDql/b
ovMKxj9dQBXankUsHcWzm4xh80z/oFYfHpXpQ4ekUp0bNM1B7A==
-----END CERTIFICATE-----