Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134302e3138362e302f32342d3234203d3e20383334.roa
File:                     34352e3134302e3138362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          iv5tDZSLzEOd51WbVmnrmPMxgmiW9PpoLxoP8pkRRDk=
Subject key identifier:   52:C7:C4:FE:C0:F6:7F:28:19:8B:7B:97:97:C3:7E:FB:E5:E5:9B:58
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       7B0C5C9724A8229C2B3FB3B0E9A836A926AA66E5
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134302e3138362e302f32342d3234203d3e20383334.roa
Signing time:             Wed 26 Jul 2023 09:55:44 +0000
ROA not before:           Wed 26 Jul 2023 09:50:44 +0000
ROA not after:            Wed 24 Jul 2024 09:55:44 +0000
asID:                     834
IP address blocks:        45.140.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:0c:5c:97:24:a8:22:9c:2b:3f:b3:b0:e9:a8:36:a9:26:aa:66:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jul 26 09:50:44 2023 GMT
            Not After : Jul 24 09:55:44 2024 GMT
        Subject: CN=52C7C4FEC0F67F28198B7B9797C37EFBE5E59B58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b5:2e:19:bb:b7:c8:9b:5c:06:07:20:fe:a3:
                    a6:c8:7e:3e:a1:ff:06:64:01:10:1a:13:f5:f5:db:
                    89:26:f4:c5:81:e7:43:f6:25:92:93:a9:f6:79:d1:
                    1a:96:ac:49:dc:4f:2f:f8:91:69:49:9a:d5:68:75:
                    93:2b:b1:38:b4:4d:d9:fd:51:cc:0c:3d:61:bd:63:
                    ed:38:36:5a:ec:42:a4:5b:bf:60:1d:31:f5:d8:a5:
                    0c:42:34:a4:33:36:46:3b:57:c7:7e:89:65:36:82:
                    cc:51:f8:4b:46:51:59:1a:db:f4:56:d6:61:b4:8d:
                    f2:1c:8b:de:c7:a6:15:fd:fd:75:76:f7:95:51:70:
                    4d:a8:da:5e:0a:c3:01:e3:85:6b:95:a2:a5:3a:a2:
                    1d:c0:b5:85:c2:79:7f:3b:20:6f:fd:71:ee:12:9f:
                    ab:86:cc:52:53:63:63:26:28:a9:61:d0:8b:6b:e6:
                    e5:5d:80:05:cc:15:9c:94:ef:d6:7c:9e:37:6b:61:
                    c8:9b:13:80:a2:ef:ea:bb:24:b9:a8:67:3f:bf:34:
                    b0:69:47:54:8f:e0:7f:85:b4:2a:9a:89:89:12:9e:
                    c9:6e:73:20:64:3a:4b:2f:36:ed:a5:8d:23:af:20:
                    1f:74:1d:3c:72:b7:15:98:94:96:62:3a:02:06:94:
                    3a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C7:C4:FE:C0:F6:7F:28:19:8B:7B:97:97:C3:7E:FB:E5:E5:9B:58
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3134302e3138362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:95:33:9a:28:ec:05:d9:01:b7:b9:8f:76:94:2b:f3:e2:40:
         b4:5c:0d:2d:22:49:d0:ef:06:c4:e7:5b:d2:81:86:92:0d:c8:
         a3:d8:5a:28:14:a5:90:be:fa:d5:28:2a:7d:5b:7f:43:d6:b2:
         cf:9c:ec:6e:02:c1:83:99:d9:c4:c3:75:af:bb:df:49:d6:12:
         33:b5:1b:be:b7:51:f3:e5:16:e9:b1:24:5c:4c:b6:80:31:90:
         6c:28:2c:3b:07:1d:ce:0c:a3:d2:a3:5e:7f:bf:08:39:c3:f1:
         8d:1c:47:4e:49:46:8a:50:78:cd:b6:b9:0f:81:8b:fa:e4:a5:
         be:fa:21:29:1d:48:08:cc:59:45:9c:a5:02:14:c8:73:63:6b:
         45:15:ed:a3:a6:46:32:58:19:60:11:0b:a6:ff:07:83:84:1f:
         86:74:0c:86:d0:cb:d4:1a:1f:2d:af:e4:18:8d:e3:83:6b:f4:
         24:7b:b2:74:e7:50:7d:8b:3f:40:ef:38:c2:02:56:b2:1c:6f:
         4e:4c:b1:fc:32:52:b8:54:b6:1d:3d:73:e8:89:04:91:f5:46:
         6e:29:13:7b:48:a6:68:02:c9:3a:d9:37:90:94:31:71:a8:56:
         1c:66:55:87:12:9c:c5:0a:c4:f0:14:82:52:58:41:aa:fd:d6:
         86:c3:01:23
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUewxclySoIpwrP7Ow6ag2qSaqZuUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzA3MjYwOTUwNDRaFw0yNDA3MjQwOTU1NDRaMDMxMTAvBgNV
BAMTKDUyQzdDNEZFQzBGNjdGMjgxOThCN0I5Nzk3QzM3RUZCRTVFNTlCNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKtS4Zu7fIm1wGByD+o6bIfj6h
/wZkARAaE/X124km9MWB50P2JZKTqfZ50RqWrEncTy/4kWlJmtVodZMrsTi0Tdn9
UcwMPWG9Y+04NlrsQqRbv2AdMfXYpQxCNKQzNkY7V8d+iWU2gsxR+EtGUVka2/RW
1mG0jfIci97HphX9/XV295VRcE2o2l4KwwHjhWuVoqU6oh3AtYXCeX87IG/9ce4S
n6uGzFJTY2MmKKlh0Itr5uVdgAXMFZyU79Z8njdrYcibE4Ci7+q7JLmoZz+/NLBp
R1SP4H+FtCqaiYkSnslucyBkOksvNu2ljSOvIB90HTxytxWYlJZiOgIGlDplAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUsfE/sD2fygZi3uXl8N+++Xlm1gwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNDMwMmUzMTM4
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjLow
DQYJKoZIhvcNAQELBQADggEBAA2VM5oo7AXZAbe5j3aUK/PiQLRcDS0iSdDvBsTn
W9KBhpINyKPYWigUpZC++tUoKn1bf0PWss+c7G4CwYOZ2cTDda+730nWEjO1G763
UfPlFumxJFxMtoAxkGwoLDsHHc4Mo9KjXn+/CDnD8Y0cR05JRopQeM22uQ+Bi/rk
pb76ISkdSAjMWUWcpQIUyHNja0UV7aOmRjJYGWARC6b/B4OEH4Z0DIbQy9QaHy2v
5BiN44Nr9CR7snTnUH2LP0DvOMICVrIcb05MsfwyUrhUth09c+iJBJH1Rm4pE3tI
pmgCyTrZN5CUMXGoVhxmVYcSnMUKxPAUglJYQar91obDASM=
-----END CERTIFICATE-----