Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e20383334.roa
File:                     34352e382e3133352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          4NBaoKLvR0qdUE89Nb0kPesnjk/aLKb9wCanK5Juhnc=
Subject key identifier:   BB:06:3E:78:B9:A7:22:D9:C7:70:85:20:D8:0D:1C:72:CA:6B:46:C5
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       335DEF2BD13E4558EA53692A2C2EBFB38A517024
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 15 Aug 2023 07:07:40 +0000
ROA not before:           Tue 15 Aug 2023 07:02:40 +0000
ROA not after:            Tue 13 Aug 2024 07:07:40 +0000
asID:                     834
IP address blocks:        45.8.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:5d:ef:2b:d1:3e:45:58:ea:53:69:2a:2c:2e:bf:b3:8a:51:70:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Aug 15 07:02:40 2023 GMT
            Not After : Aug 13 07:07:40 2024 GMT
        Subject: CN=BB063E78B9A722D9C7708520D80D1C72CA6B46C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:da:a5:01:24:2a:c7:f8:7e:d1:1a:74:e8:2f:
                    31:be:1d:68:6b:c4:f4:dc:09:58:f2:45:ea:5c:6a:
                    f6:33:0c:9b:41:61:ad:6d:65:aa:06:80:2e:76:3a:
                    31:c2:bf:35:47:f7:6c:36:de:1c:24:4e:87:ed:3e:
                    ab:d1:01:49:db:4f:eb:ac:66:3b:9a:fe:a7:d2:09:
                    79:45:82:ed:d1:89:58:e0:b5:c2:74:02:6e:26:29:
                    95:89:b5:b5:8f:f5:5f:21:14:91:1a:9e:b6:40:0c:
                    b7:d4:c3:11:c3:bb:c8:14:7f:32:1c:65:e4:33:0c:
                    db:2c:3f:a5:1a:b5:ca:b5:4d:3c:3c:b5:06:b7:56:
                    eb:ea:5e:b5:63:a0:00:0b:f7:f5:bf:73:e4:68:cf:
                    e3:18:c9:d2:01:3a:a6:d2:90:b2:f1:9c:22:e6:97:
                    69:b1:03:37:0e:fb:67:a4:9e:7d:e6:14:db:60:47:
                    c2:39:11:15:4c:4d:b3:7f:b3:aa:18:17:f7:3d:62:
                    fb:a3:f3:38:6e:cc:ee:3b:07:04:b5:f3:99:cf:6c:
                    35:38:ac:01:b3:8b:c5:2e:07:ea:14:a1:dc:4d:26:
                    e4:df:bc:ee:59:11:61:c3:b7:ea:7a:07:ea:7d:3e:
                    4c:4a:92:82:90:38:2e:91:48:1a:8f:46:66:8a:cc:
                    47:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:06:3E:78:B9:A7:22:D9:C7:70:85:20:D8:0D:1C:72:CA:6B:46:C5
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:83:6a:0d:61:9f:0d:42:d9:2f:08:c6:a3:f9:00:ce:40:72:
         2d:13:bb:72:7d:54:00:07:d8:ee:1d:dd:f8:ce:8b:02:82:26:
         07:28:b1:80:8e:c6:e8:16:5c:32:d2:37:57:40:94:99:62:d0:
         49:8f:45:d7:78:92:2f:75:b6:8f:82:2e:70:5e:5d:15:c5:a7:
         cf:60:6f:7d:62:ea:96:e0:ad:30:3f:75:07:5a:ec:73:0c:4d:
         ae:9e:7a:27:40:23:a0:a5:f0:31:01:96:f7:6b:e1:0a:b3:8d:
         b4:af:43:e1:24:c5:2d:45:d3:66:1b:b1:95:63:24:b0:73:b8:
         f8:7b:b6:50:8e:ab:dd:f4:08:59:bd:b6:29:fe:bc:bb:72:52:
         ad:26:a3:a4:fa:4c:aa:b6:0f:04:46:ff:ac:6e:de:30:0c:49:
         13:ea:08:59:3b:b0:12:6a:f7:da:0e:4f:27:09:39:76:83:8f:
         8a:5e:ef:ab:01:4d:01:00:38:16:26:fc:a3:c0:63:29:23:76:
         c1:da:6e:56:73:0c:4c:bd:08:64:fd:74:1a:4a:fd:a9:5d:56:
         c8:da:c2:7b:4a:ac:f2:43:61:09:3c:a3:a2:28:78:ae:63:c0:
         50:69:9c:2b:29:ec:0e:e1:67:b4:7c:7a:22:a8:d5:4d:4b:94:
         4d:54:37:cc
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUM13vK9E+RVjqU2kqLC6/s4pRcCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yMzA4MTUwNzAyNDBaFw0yNDA4MTMwNzA3NDBaMDMxMTAvBgNV
BAMTKEJCMDYzRTc4QjlBNzIyRDlDNzcwODUyMEQ4MEQxQzcyQ0E2QjQ2QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr2qUBJCrH+H7RGnToLzG+HWhr
xPTcCVjyRepcavYzDJtBYa1tZaoGgC52OjHCvzVH92w23hwkToftPqvRAUnbT+us
Zjua/qfSCXlFgu3RiVjgtcJ0Am4mKZWJtbWP9V8hFJEanrZADLfUwxHDu8gUfzIc
ZeQzDNssP6Uatcq1TTw8tQa3VuvqXrVjoAAL9/W/c+Roz+MYydIBOqbSkLLxnCLm
l2mxAzcO+2eknn3mFNtgR8I5ERVMTbN/s6oYF/c9Yvuj8zhuzO47BwS185nPbDU4
rAGzi8UuB+oUodxNJuTfvO5ZEWHDt+p6B+p9PkxKkoKQOC6RSBqPRmaKzEdlAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUuwY+eLmnItnHcIUg2A0ccsprRsUwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IhzANBgkq
hkiG9w0BAQsFAAOCAQEAB4NqDWGfDULZLwjGo/kAzkByLRO7cn1UAAfY7h3d+M6L
AoImByixgI7G6BZcMtI3V0CUmWLQSY9F13iSL3W2j4IucF5dFcWnz2BvfWLqluCt
MD91B1rscwxNrp56J0AjoKXwMQGW92vhCrONtK9D4STFLUXTZhuxlWMksHO4+Hu2
UI6r3fQIWb22Kf68u3JSrSajpPpMqrYPBEb/rG7eMAxJE+oIWTuwEmr32g5PJwk5
doOPil7vqwFNAQA4Fib8o8BjKSN2wdpuVnMMTL0IZP10Gkr9qV1WyNrCe0qs8kNh
CTyjoih4rmPAUGmcKynsDuFntHx6IqjVTUuUTVQ3zA==
-----END CERTIFICATE-----