Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32322d3232203d3e2039303039.roa
File:                     34352e3135362e35322e302f32322d3232203d3e2039303039.roa (raw, json)
Hash identifier:          eK18gsMy8+wzgYZmaz7TkcO08JcfPTkHAWlv0aJXuz0=
Subject key identifier:   E1:F7:28:6F:49:BE:8C:49:70:9E:EF:47:F5:A9:69:24:DC:A0:B4:59
Certificate issuer:       /CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
Certificate serial:       29B153D85F7ED0DBBCC53AC54D0E75692619AF97
Authority key identifier: 92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32322d3232203d3e2039303039.roa
Signing time:             Tue 22 Apr 2025 06:57:23 +0000
ROA not before:           Tue 22 Apr 2025 06:52:23 +0000
ROA not after:            Tue 21 Apr 2026 06:57:23 +0000
asID:                     9009
IP address blocks:        45.156.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:47:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:b1:53:d8:5f:7e:d0:db:bc:c5:3a:c5:4d:0e:75:69:26:19:af:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
        Validity
            Not Before: Apr 22 06:52:23 2025 GMT
            Not After : Apr 21 06:57:23 2026 GMT
        Subject: CN=E1F7286F49BE8C49709EEF47F5A96924DCA0B459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8c:28:d1:b6:d0:fd:6b:e2:f8:cf:b6:fa:a6:
                    f9:57:ee:56:9f:ad:19:0d:50:99:5f:11:16:06:ac:
                    e1:7d:33:5a:1f:e5:86:2a:f3:98:6b:17:de:3d:97:
                    4c:ce:e3:9c:5a:3f:42:e3:4b:a9:c1:a4:3a:76:e3:
                    40:55:06:9e:46:fb:9a:82:c7:df:53:78:db:9a:cc:
                    48:8c:d6:80:e0:90:3b:da:fd:ff:05:f7:b7:cd:6b:
                    2a:a4:dd:43:4d:5d:79:0a:da:9b:15:cd:e8:26:fc:
                    c2:3b:b9:38:da:b3:20:6f:7e:a0:ec:67:df:0a:a2:
                    92:68:a6:24:74:0f:21:79:94:3b:ea:2e:49:12:f3:
                    58:6f:36:dd:07:a1:e0:9f:7b:66:e3:50:a5:f3:5f:
                    ee:46:b2:01:b6:68:ef:dd:72:05:71:68:05:40:8a:
                    31:fd:15:c6:4a:9e:db:2f:dd:33:7f:61:c1:90:65:
                    f6:fb:e9:96:b0:7e:3a:e6:cf:84:8d:6a:ca:63:45:
                    5f:cf:1c:21:72:23:37:a2:81:47:b7:c6:37:3e:f6:
                    58:94:75:a5:7a:a9:cc:47:3b:cf:38:93:e4:5c:30:
                    9c:56:08:96:d0:27:e3:6a:c0:95:24:60:c4:4d:a7:
                    16:0d:5b:56:20:7d:8d:9d:2b:9c:fb:b5:8a:f7:df:
                    15:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F7:28:6F:49:BE:8C:49:70:9E:EF:47:F5:A9:69:24:DC:A0:B4:59
            X509v3 Authority Key Identifier:
                keyid:92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32322d3232203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:65:a9:90:78:8f:90:64:8a:e0:d8:9d:d3:8b:e1:a6:c8:96:
         b8:82:4a:34:ce:83:e5:4f:52:f6:19:5f:0e:1e:27:78:0f:97:
         71:57:f8:0d:1c:fe:33:86:d1:2b:e2:70:93:41:16:3b:47:bf:
         1e:01:a4:af:a8:a4:db:78:f4:77:50:d8:fc:08:23:a3:15:27:
         a6:f3:ca:1c:da:58:d8:30:4b:7b:90:d1:b8:f3:ae:2a:09:47:
         80:ea:d8:8a:a3:ba:24:d0:59:76:57:20:ae:06:6d:48:04:63:
         7f:e1:76:fe:a9:24:61:e2:10:32:5e:dc:5f:a6:e8:39:20:f1:
         4c:71:60:34:59:4e:f6:11:fe:ea:03:d6:76:6c:a2:95:81:c4:
         ad:44:f1:3b:99:09:5f:f8:e1:eb:e7:d3:c7:c2:c2:d1:16:d4:
         ae:1a:e5:70:5d:ca:cf:fa:ef:20:6b:87:98:7f:9b:a5:f8:d5:
         40:b2:ac:5d:c6:a5:e3:5e:9a:76:da:70:2f:92:d8:ad:0a:82:
         96:6f:71:78:b2:71:33:65:51:f2:e7:54:7c:83:1f:f5:c8:4f:
         ab:47:0b:6b:94:c2:a8:6c:87:89:46:64:31:51:cf:22:ad:d6:
         37:53:70:8e:4a:0d:27:d1:f0:02:1c:66:5d:a5:9d:d1:11:0f:
         42:b2:06:f4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKbFT2F9+0Nu8xTrFTQ51aSYZr5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTJmNDlkZTg2ODRmMTI4N2Y0ZjZjYjE4NWQ1Y2Y3ZGU4
MGM5MGI5NDAeFw0yNTA0MjIwNjUyMjNaFw0yNjA0MjEwNjU3MjNaMDMxMTAvBgNV
BAMTKEUxRjcyODZGNDlCRThDNDk3MDlFRUY0N0Y1QTk2OTI0RENBMEI0NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCajCjRttD9a+L4z7b6pvlX7laf
rRkNUJlfERYGrOF9M1of5YYq85hrF949l0zO45xaP0LjS6nBpDp240BVBp5G+5qC
x99TeNuazEiM1oDgkDva/f8F97fNayqk3UNNXXkK2psVzegm/MI7uTjasyBvfqDs
Z98KopJopiR0DyF5lDvqLkkS81hvNt0HoeCfe2bjUKXzX+5GsgG2aO/dcgVxaAVA
ijH9FcZKntsv3TN/YcGQZfb76Zawfjrmz4SNaspjRV/PHCFyIzeigUe3xjc+9liU
daV6qcxHO884k+RcMJxWCJbQJ+NqwJUkYMRNpxYNW1YgfY2dK5z7tYr33xU3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4fcob0m+jElwnu9H9alpJNygtFkwHwYDVR0j
BBgwFoAUkvSd6GhPEof09ssYXVz33oDJC5QwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNjA5MjMzODktMmJkZS00M2UwLWIwZDUtZmMyNDRhNjMw
M2QwLzAvOTJGNDlERTg2ODRGMTI4N0Y0RjZDQjE4NUQ1Q0Y3REU4MEM5MEI5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2t2U2Q2R2hQRW9mMDlzc1lYVnozM29E
SkM1US5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNjA5MjMzODkt
MmJkZS00M2UwLWIwZDUtZmMyNDRhNjMwM2QwLzAvMzQzNTJlMzEzNTM2MmUzNTMy
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItnDQw
DQYJKoZIhvcNAQELBQADggEBAKFlqZB4j5BkiuDYndOL4abIlriCSjTOg+VPUvYZ
Xw4eJ3gPl3FX+A0c/jOG0SvicJNBFjtHvx4BpK+opNt49HdQ2PwII6MVJ6bzyhza
WNgwS3uQ0bjzrioJR4Dq2IqjuiTQWXZXIK4GbUgEY3/hdv6pJGHiEDJe3F+m6Dkg
8UxxYDRZTvYR/uoD1nZsopWBxK1E8TuZCV/44evn08fCwtEW1K4a5XBdys/67yBr
h5h/m6X41UCyrF3GpeNemnbacC+S2K0KgpZvcXiycTNlUfLnVHyDH/XIT6tHC2uU
wqhsh4lGZDFRzyKt1jdTcI5KDSfR8AIcZl2lndERD0KyBvQ=
-----END CERTIFICATE-----