Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa
File:                     34352e38312e35382e302f32342d3234203d3e20323039323432.roa (raw, json)
Hash identifier:          Cjq2FzLN5G1VEvkKyI6FB5noxcWUxvPOvV4W7hBfw5c=
Subject key identifier:   95:50:BD:F8:E9:69:8B:3C:CD:A1:99:E6:87:C9:AB:4A:36:03:79:72
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       14D08E987E88F4B667586461FDBA685D4917349D
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa
Signing time:             Fri 25 Apr 2025 09:54:04 +0000
ROA not before:           Fri 25 Apr 2025 09:49:04 +0000
ROA not after:            Fri 24 Apr 2026 09:54:04 +0000
asID:                     209242
IP address blocks:        45.81.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 07:45:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:d0:8e:98:7e:88:f4:b6:67:58:64:61:fd:ba:68:5d:49:17:34:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Apr 25 09:49:04 2025 GMT
            Not After : Apr 24 09:54:04 2026 GMT
        Subject: CN=9550BDF8E9698B3CCDA199E687C9AB4A36037972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e2:7f:88:d9:79:e2:4f:f7:5d:f3:06:05:41:
                    0a:a9:ee:88:7c:00:51:84:31:03:b9:d0:4f:88:e4:
                    44:9c:d3:5d:b6:b4:b1:b3:86:84:cb:93:b5:e0:c2:
                    7c:57:79:90:f0:24:23:69:4b:5c:86:47:78:02:5f:
                    74:f5:b4:64:47:66:65:7f:b7:fd:cc:90:42:19:94:
                    87:1f:23:6b:e7:ed:09:62:26:4e:dd:39:d3:8c:db:
                    a7:d2:ed:aa:4b:85:e1:df:8c:78:77:06:68:31:7e:
                    ea:dd:97:df:ed:52:25:79:23:c4:11:d2:5c:eb:51:
                    65:63:33:e4:a0:6b:40:db:17:f9:83:1a:2c:47:cb:
                    e1:42:fd:18:c9:78:00:ec:9f:0e:24:5d:3c:ae:6c:
                    8c:5c:e9:6a:47:9b:f3:2d:d9:27:5c:e5:3b:6c:27:
                    df:c5:2f:fb:90:ef:4f:15:10:49:a9:fe:f3:ea:c7:
                    a9:05:3c:25:d2:53:32:af:22:b4:c6:b0:83:a1:ed:
                    4f:4b:74:d5:ff:5c:a1:31:73:34:d6:01:bd:be:ae:
                    cf:ee:86:a1:80:8b:52:2c:48:d0:00:b9:68:0b:69:
                    39:10:a0:bc:5a:7e:cd:88:63:a4:f9:33:81:c7:4e:
                    82:40:8a:18:d2:5c:d5:03:1c:76:be:1c:2e:d3:ab:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:50:BD:F8:E9:69:8B:3C:CD:A1:99:E6:87:C9:AB:4A:36:03:79:72
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:48:9b:af:23:5b:12:9b:35:7d:37:2e:4c:f1:09:33:c7:df:
         fa:a2:b5:7d:b4:12:b9:de:c3:f6:bd:16:73:82:b8:44:e3:ed:
         13:d3:0e:92:77:cd:f9:3c:5d:3b:8c:11:d9:50:be:cb:a3:00:
         47:3e:b2:da:36:97:41:e3:bb:a3:d3:d8:0c:69:27:86:59:8e:
         7a:1c:7d:8a:b0:a4:e5:80:f2:e0:1c:78:a8:6b:49:a3:e6:98:
         84:cf:fe:97:6f:92:08:89:0e:c3:72:d5:58:4d:83:f5:92:e5:
         d4:3d:65:69:96:bb:8a:b3:65:f4:83:df:c1:50:a4:ce:3b:4c:
         83:d3:47:0d:a7:f4:7c:4c:02:5d:68:58:32:72:8c:84:06:65:
         ab:00:b3:20:9b:5f:3b:71:ab:71:78:69:25:d7:94:ed:68:6c:
         47:36:6d:9f:ba:bb:10:cf:fa:7e:25:e1:e0:8d:32:b5:16:bc:
         16:23:35:10:cc:86:89:9b:75:a0:e5:46:7f:88:23:b4:f8:2e:
         2f:93:11:48:70:81:0c:de:8c:ee:44:ba:90:f7:66:56:4b:86:
         c6:30:53:06:d8:ba:da:1c:cd:7e:c7:18:08:cf:82:4b:28:8a:
         06:79:95:23:71:9f:92:76:32:d9:43:ab:9b:c5:53:0d:12:82:
         ce:12:00:98
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFNCOmH6I9LZnWGRh/bpoXUkXNJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNTA0MjUwOTQ5MDRaFw0yNjA0MjQwOTU0MDRaMDMxMTAvBgNV
BAMTKDk1NTBCREY4RTk2OThCM0NDREExOTlFNjg3QzlBQjRBMzYwMzc5NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk4n+I2XniT/dd8wYFQQqp7oh8
AFGEMQO50E+I5ESc0122tLGzhoTLk7XgwnxXeZDwJCNpS1yGR3gCX3T1tGRHZmV/
t/3MkEIZlIcfI2vn7QliJk7dOdOM26fS7apLheHfjHh3Bmgxfurdl9/tUiV5I8QR
0lzrUWVjM+Sga0DbF/mDGixHy+FC/RjJeADsnw4kXTyubIxc6WpHm/Mt2Sdc5Tts
J9/FL/uQ708VEEmp/vPqx6kFPCXSUzKvIrTGsIOh7U9LdNX/XKExczTWAb2+rs/u
hqGAi1IsSNAAuWgLaTkQoLxafs2IY6T5M4HHToJAihjSXNUDHHa+HC7Tq9RzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUlVC9+OlpizzNoZnmh8mrSjYDeXIwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTMyMzQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1R
OjANBgkqhkiG9w0BAQsFAAOCAQEAfkibryNbEps1fTcuTPEJM8ff+qK1fbQSud7D
9r0Wc4K4ROPtE9MOknfN+TxdO4wR2VC+y6MARz6y2jaXQeO7o9PYDGknhlmOehx9
irCk5YDy4Bx4qGtJo+aYhM/+l2+SCIkOw3LVWE2D9ZLl1D1laZa7irNl9IPfwVCk
zjtMg9NHDaf0fEwCXWhYMnKMhAZlqwCzIJtfO3GrcXhpJdeU7WhsRzZtn7q7EM/6
fiXh4I0ytRa8FiM1EMyGiZt1oOVGf4gjtPguL5MRSHCBDN6M7kS6kPdmVkuGxjBT
Bti62hzNfscYCM+CSyiKBnmVI3GfknYy2UOrm8VTDRKCzhIAmA==
-----END CERTIFICATE-----