Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133362e302f32332d3234203d3e20383334.roa
File:                     34352e39312e3133362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          DX96QKcBmVukPv7JSimzIp2lOyBqIy5R5TYQXKRY8/c=
Subject key identifier:   BE:E6:98:42:1E:FB:79:ED:51:B8:C2:2E:CE:12:32:1C:BA:C9:BB:8C
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       488159463A48C93A879F07C76D34152045793481
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133362e302f32332d3234203d3e20383334.roa
Signing time:             Tue 06 May 2025 00:02:38 +0000
ROA not before:           Mon 05 May 2025 23:57:38 +0000
ROA not after:            Tue 05 May 2026 00:02:38 +0000
asID:                     834
IP address blocks:        45.91.136.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 18:43:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:81:59:46:3a:48:c9:3a:87:9f:07:c7:6d:34:15:20:45:79:34:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: May  5 23:57:38 2025 GMT
            Not After : May  5 00:02:38 2026 GMT
        Subject: CN=BEE698421EFB79ED51B8C22ECE12321CBAC9BB8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3e:a6:6e:90:59:ab:1e:b6:e5:fc:b4:18:fc:
                    f4:74:36:42:73:f3:34:b7:8c:d1:90:86:39:56:a3:
                    71:94:a0:ba:19:95:05:98:91:80:3c:fb:3e:94:1b:
                    78:80:fc:a4:b7:44:05:10:cb:0c:93:26:3d:bb:b4:
                    d6:04:b2:f0:94:84:e1:52:57:55:dc:99:9b:e5:48:
                    7a:25:2d:17:4e:f3:ef:0a:c0:ec:49:24:a5:78:fc:
                    93:20:2c:4a:9d:c6:be:27:07:94:5d:2b:11:89:08:
                    15:1a:21:a4:65:19:e5:f4:a4:43:aa:c4:3b:78:00:
                    80:fa:17:58:3e:04:d9:ff:d5:95:8c:67:5b:4e:1e:
                    e7:47:86:d7:8a:85:57:2f:df:38:b3:24:c5:6f:70:
                    76:e3:67:28:7d:8c:bd:0a:6f:00:01:45:78:2a:24:
                    3a:cb:ac:d4:65:e7:7f:24:40:8e:df:c3:c0:3f:35:
                    5a:8e:10:52:99:dc:cd:e5:42:e5:27:53:c6:2c:00:
                    29:95:ea:8d:24:6c:69:19:1b:4d:99:19:08:e6:25:
                    e3:a3:3c:39:1a:12:d9:a8:6c:c8:a4:72:39:0a:36:
                    cd:17:a4:c8:1f:5b:fc:f8:13:79:2f:55:ad:97:45:
                    07:32:7d:b6:00:00:8a:18:d0:d5:a4:da:77:0e:15:
                    6b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E6:98:42:1E:FB:79:ED:51:B8:C2:2E:CE:12:32:1C:BA:C9:BB:8C
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:cc:53:43:54:1e:14:67:69:c5:c0:9f:23:b3:8a:c9:7d:94:
         91:04:f0:2d:3f:0d:9b:de:af:58:ba:1d:37:1f:67:79:35:ae:
         31:89:52:c8:f6:b4:0a:35:f7:ad:d9:76:bf:26:44:42:ab:d5:
         59:b7:f3:1e:5a:bc:12:5d:de:72:b0:ef:b7:74:bb:d9:c2:11:
         9d:1c:37:7d:c7:f8:29:60:6c:b8:99:78:f7:a5:be:40:e1:fd:
         82:44:1d:3b:8f:19:58:4d:92:0f:4f:b6:e8:1a:94:5d:ca:28:
         e6:c3:01:5d:9c:e4:1d:67:fc:a3:e2:f6:e0:27:90:88:a4:cc:
         ec:6d:59:2f:40:f7:dc:07:f1:13:d1:35:fa:00:58:cf:65:df:
         e8:3d:03:74:a7:09:82:e8:ca:35:14:41:be:3d:f4:28:a5:23:
         90:6c:a8:23:24:4f:df:b4:17:b0:c7:3d:a5:96:79:79:c7:25:
         38:dc:cc:34:c4:4f:f8:ed:bf:de:fd:02:f0:60:de:8d:59:61:
         73:1a:99:45:0a:63:b6:58:54:3b:59:22:da:16:84:aa:82:29:
         bf:07:f6:f0:ab:d3:c9:85:97:fa:d1:59:ef:54:06:ec:e9:6c:
         68:a3:85:b8:62:65:41:43:c7:a3:63:60:16:18:e4:cc:1f:f8:
         aa:1f:47:7a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSIFZRjpIyTqHnwfHbTQVIEV5NIEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA1MDUyMzU3MzhaFw0yNjA1MDUwMDAyMzhaMDMxMTAvBgNV
BAMTKEJFRTY5ODQyMUVGQjc5RUQ1MUI4QzIyRUNFMTIzMjFDQkFDOUJCOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1PqZukFmrHrbl/LQY/PR0NkJz
8zS3jNGQhjlWo3GUoLoZlQWYkYA8+z6UG3iA/KS3RAUQywyTJj27tNYEsvCUhOFS
V1XcmZvlSHolLRdO8+8KwOxJJKV4/JMgLEqdxr4nB5RdKxGJCBUaIaRlGeX0pEOq
xDt4AID6F1g+BNn/1ZWMZ1tOHudHhteKhVcv3zizJMVvcHbjZyh9jL0KbwABRXgq
JDrLrNRl538kQI7fw8A/NVqOEFKZ3M3lQuUnU8YsACmV6o0kbGkZG02ZGQjmJeOj
PDkaEtmobMikcjkKNs0XpMgfW/z4E3kvVa2XRQcyfbYAAIoY0NWk2ncOFWszAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUvuaYQh77ee1RuMIuzhIyHLrJu4wwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVuIMA0G
CSqGSIb3DQEBCwUAA4IBAQBgzFNDVB4UZ2nFwJ8js4rJfZSRBPAtPw2b3q9Yuh03
H2d5Na4xiVLI9rQKNfet2Xa/JkRCq9VZt/MeWrwSXd5ysO+3dLvZwhGdHDd9x/gp
YGy4mXj3pb5A4f2CRB07jxlYTZIPT7boGpRdyijmwwFdnOQdZ/yj4vbgJ5CIpMzs
bVkvQPfcB/ET0TX6AFjPZd/oPQN0pwmC6Mo1FEG+PfQopSOQbKgjJE/ftBewxz2l
lnl5xyU43Mw0xE/47b/e/QLwYN6NWWFzGplFCmO2WFQ7WSLaFoSqgim/B/bwq9PJ
hZf60VnvVAbs6Wxoo4W4YmVBQ8ejY2AWGOTMH/iqH0d6
-----END CERTIFICATE-----