Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e20313337343039.roa
File:                     34352e38302e362e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier:          pm9cJ+vac8WKhRqiukbzmT8ZtptDNEkRCRed1I/WuCM=
Subject key identifier:   50:83:18:3F:2D:B1:E0:13:33:49:8B:A4:CB:24:89:A7:B1:CA:CE:E7
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       71A0293058B5DF32707BED8A29B21461D4668992
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e20313337343039.roa
Signing time:             Thu 17 Apr 2025 09:23:29 +0000
ROA not before:           Thu 17 Apr 2025 09:18:29 +0000
ROA not after:            Thu 16 Apr 2026 09:23:29 +0000
asID:                     137409
IP address blocks:        45.80.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:a0:29:30:58:b5:df:32:70:7b:ed:8a:29:b2:14:61:d4:66:89:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 17 09:18:29 2025 GMT
            Not After : Apr 16 09:23:29 2026 GMT
        Subject: CN=5083183F2DB1E01333498BA4CB2489A7B1CACEE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e4:89:3f:ae:bb:3c:7f:cb:3c:c9:04:91:92:
                    17:c8:2a:f3:36:38:e5:ed:df:94:29:05:d1:20:ba:
                    4e:76:34:a4:6f:00:20:d9:ef:cc:1a:26:4c:32:d6:
                    d7:e7:42:ac:e4:2e:4c:7f:ab:63:25:44:50:32:07:
                    0d:99:71:cc:3b:1e:9a:9f:93:34:36:b3:85:df:d2:
                    04:68:c2:9e:90:64:cd:88:11:65:81:4b:9c:52:5d:
                    84:c3:e5:90:68:e0:b0:ac:cd:87:38:81:bf:1f:2f:
                    95:cd:fe:0f:97:d1:c3:8c:a1:6c:2f:85:eb:52:1f:
                    42:3f:b0:41:29:dc:66:db:7b:57:4d:a8:6c:b7:df:
                    94:03:73:ef:cd:d7:63:6e:b8:11:b1:c1:9d:ea:ec:
                    47:90:10:36:60:df:7f:0b:b5:48:cb:04:c3:38:b6:
                    f3:f7:e7:ff:6f:51:01:90:ac:08:74:f0:53:38:76:
                    40:6c:fd:61:45:fa:47:74:1c:44:7b:92:c5:4b:a1:
                    4a:1e:2f:2c:6d:bd:96:80:e4:38:ce:d4:1a:5d:fc:
                    1b:d2:e8:3b:e5:e2:40:86:10:13:75:5c:19:f9:36:
                    ab:68:2a:9d:af:e0:8a:49:58:1b:96:8b:af:b3:d4:
                    c6:13:61:96:9d:87:55:eb:2b:84:80:42:74:b0:53:
                    fb:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:83:18:3F:2D:B1:E0:13:33:49:8B:A4:CB:24:89:A7:B1:CA:CE:E7
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e20313337343039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:a5:f7:57:31:ae:25:be:ed:c6:96:0f:e5:7f:c5:be:f1:c4:
         0b:da:fc:64:a9:7a:75:39:0d:e2:7f:74:fd:29:e9:41:1b:a0:
         f6:dc:6d:01:ea:72:be:38:61:18:6f:d3:ce:01:82:bc:2d:f1:
         9f:6e:f4:62:70:8c:40:4f:b7:c2:4b:f3:79:61:6a:72:e3:c2:
         5e:26:33:5b:54:9e:5c:b8:39:17:87:0d:dd:75:07:af:9f:66:
         ce:cb:80:5f:e7:35:85:dd:9a:70:eb:7a:0d:9f:4b:6a:c0:d3:
         1a:7d:31:91:45:e0:ff:d0:aa:a2:bd:e0:88:9c:32:86:07:22:
         46:f2:71:2c:29:13:21:bf:0e:d2:25:54:d3:05:60:4a:ac:c0:
         f9:1f:d4:ad:0c:7b:38:2f:00:9e:de:6f:0c:c9:e8:65:b7:14:
         c3:43:8b:1e:13:59:73:31:8d:48:96:d1:17:bc:3b:33:38:8d:
         f8:42:7c:62:4b:f3:1e:bc:2b:66:75:de:fd:fd:d3:58:cb:02:
         d4:d2:84:3c:3c:dd:ca:19:89:2c:f0:9d:4c:4f:17:01:42:d2:
         d6:1c:a8:20:32:b1:ca:3c:97:db:db:b3:be:3f:40:bb:a2:04:
         08:bb:a1:95:b2:d0:77:0a:87:56:b0:bb:8c:56:34:6a:23:83:
         dc:eb:fa:58
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcaApMFi13zJwe+2KKbIUYdRmiZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTA0MTcwOTE4MjlaFw0yNjA0MTYwOTIzMjlaMDMxMTAvBgNV
BAMTKDUwODMxODNGMkRCMUUwMTMzMzQ5OEJBNENCMjQ4OUE3QjFDQUNFRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN5Ik/rrs8f8s8yQSRkhfIKvM2
OOXt35QpBdEguk52NKRvACDZ78waJkwy1tfnQqzkLkx/q2MlRFAyBw2Zccw7Hpqf
kzQ2s4Xf0gRowp6QZM2IEWWBS5xSXYTD5ZBo4LCszYc4gb8fL5XN/g+X0cOMoWwv
hetSH0I/sEEp3Gbbe1dNqGy335QDc+/N12NuuBGxwZ3q7EeQEDZg338LtUjLBMM4
tvP35/9vUQGQrAh08FM4dkBs/WFF+kd0HER7ksVLoUoeLyxtvZaA5DjO1Bpd/BvS
6Dvl4kCGEBN1XBn5NqtoKp2v4IpJWBuWi6+z1MYTYZadh1XrK4SAQnSwU/sDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUIMYPy2x4BMzSYukyySJp7HKzucwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzczNDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUAYw
DQYJKoZIhvcNAQELBQADggEBAKGl91cxriW+7caWD+V/xb7xxAva/GSpenU5DeJ/
dP0p6UEboPbcbQHqcr44YRhv084Bgrwt8Z9u9GJwjEBPt8JL83lhanLjwl4mM1tU
nly4OReHDd11B6+fZs7LgF/nNYXdmnDreg2fS2rA0xp9MZFF4P/QqqK94IicMoYH
IkbycSwpEyG/DtIlVNMFYEqswPkf1K0MezgvAJ7ebwzJ6GW3FMNDix4TWXMxjUiW
0Re8OzM4jfhCfGJL8x68K2Z13v3901jLAtTShDw83coZiSzwnUxPFwFC0tYcqCAy
sco8l9vbs74/QLuiBAi7oZWy0HcKh1awu4xWNGojg9zr+lg=
-----END CERTIFICATE-----