Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135372e302f32342d3234203d3e20383334.roa
File:                     34352e31302e3135372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +XqeuGYGV3S2TGuFwL5udPOv1TiOn0Z5TbrMWgFqZhE=
Subject key identifier:   11:23:53:06:7B:1D:58:11:AA:0F:A8:F6:29:13:EE:6B:2C:36:10:08
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       684FD82933A8CA52FEF4ED4E3D01DA82BF57757A
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 19 Jun 2023 07:14:16 +0000
ROA not before:           Mon 19 Jun 2023 07:09:16 +0000
ROA not after:            Mon 17 Jun 2024 07:14:16 +0000
asID:                     834
IP address blocks:        45.10.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:4f:d8:29:33:a8:ca:52:fe:f4:ed:4e:3d:01:da:82:bf:57:75:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jun 19 07:09:16 2023 GMT
            Not After : Jun 17 07:14:16 2024 GMT
        Subject: CN=112353067B1D5811AA0FA8F62913EE6B2C361008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e1:b7:ab:90:8c:c0:1e:31:4f:5c:e4:95:59:
                    7c:13:6b:2e:09:ab:c8:b8:9b:1e:d4:96:3a:cc:5c:
                    4d:cc:94:fd:7d:57:3e:52:cd:cd:29:ff:0e:77:6f:
                    c3:54:bc:da:ec:be:50:dc:be:7b:ff:6f:76:26:38:
                    af:d0:cc:57:ee:ff:08:4c:45:0e:13:26:0f:2a:d4:
                    50:fd:90:d6:25:38:e6:03:ca:ad:34:64:4c:02:70:
                    1a:ee:35:22:ad:0b:e6:aa:e0:cd:fc:11:41:57:26:
                    e5:32:42:a8:7c:c9:b7:77:8b:fb:12:64:6e:be:e2:
                    85:9e:3e:51:cf:ff:be:70:8e:26:70:6c:45:ed:45:
                    fc:f2:a1:73:a6:13:ba:e1:4c:c4:de:8f:94:dc:2b:
                    04:90:dc:c6:6a:f9:80:43:c2:33:51:9d:51:16:ff:
                    28:c1:24:de:96:4c:ff:c6:15:b2:b3:ae:26:75:88:
                    c3:57:32:fa:8b:5c:6d:25:c2:2e:8e:6f:f2:29:08:
                    07:1a:c7:6f:db:2e:fc:5e:22:57:67:16:93:95:05:
                    2e:9c:9d:e8:17:a5:77:15:56:a0:00:4c:a8:a1:c8:
                    b9:69:ba:ff:ad:d1:9e:ac:0b:0b:cb:34:b4:eb:8c:
                    07:90:bd:91:ca:52:02:0f:42:40:89:72:c8:66:68:
                    27:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:23:53:06:7B:1D:58:11:AA:0F:A8:F6:29:13:EE:6B:2C:36:10:08
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ed:6e:9b:e3:c5:41:38:9c:65:29:74:08:a1:4c:50:7d:91:
         9e:2f:f7:13:4b:75:d2:c2:16:9f:1b:49:fd:e2:84:ac:3a:d1:
         cb:15:1a:8c:f3:91:e5:d6:1a:22:7e:8f:a2:2d:9a:0e:7e:89:
         51:7b:2c:68:6b:f2:fc:af:2f:2f:bc:0e:80:89:a8:32:b9:f3:
         4d:42:7a:f6:9b:c9:37:6d:f6:a4:e6:1a:db:ce:8f:00:12:5f:
         dd:59:b5:1d:ca:ad:51:99:20:41:37:bc:6c:64:6f:99:3a:bd:
         ed:c2:9e:93:f1:aa:df:fc:94:32:c9:b5:8b:35:ce:74:1b:1e:
         1c:9d:f5:f9:86:94:b2:a8:40:c1:c4:8a:b4:7b:e5:84:42:70:
         68:13:60:68:bf:3d:62:e4:05:0c:ff:88:d9:1d:72:73:84:52:
         e1:8a:a8:1c:33:a2:9f:d8:b5:b7:43:3d:40:f3:90:ea:fd:0f:
         9d:0d:9f:62:c7:4b:fe:62:d3:0f:d4:89:ab:44:23:91:17:31:
         b8:5f:0c:92:af:4f:b3:f6:39:d0:28:9e:06:b9:65:1c:8f:10:
         e6:a3:22:8e:a9:39:6f:1b:38:67:c5:b8:ec:98:63:ec:98:a0:
         e9:ac:76:4c:fa:97:8d:36:61:b8:45:7d:ad:60:a5:af:6b:e7:
         5e:14:4f:5f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUaE/YKTOoylL+9O1OPQHagr9XdXowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yMzA2MTkwNzA5MTZaFw0yNDA2MTcwNzE0MTZaMDMxMTAvBgNV
BAMTKDExMjM1MzA2N0IxRDU4MTFBQTBGQThGNjI5MTNFRTZCMkMzNjEwMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi4berkIzAHjFPXOSVWXwTay4J
q8i4mx7UljrMXE3MlP19Vz5Szc0p/w53b8NUvNrsvlDcvnv/b3YmOK/QzFfu/whM
RQ4TJg8q1FD9kNYlOOYDyq00ZEwCcBruNSKtC+aq4M38EUFXJuUyQqh8ybd3i/sS
ZG6+4oWePlHP/75wjiZwbEXtRfzyoXOmE7rhTMTej5TcKwSQ3MZq+YBDwjNRnVEW
/yjBJN6WTP/GFbKzriZ1iMNXMvqLXG0lwi6Ob/IpCAcax2/bLvxeIldnFpOVBS6c
negXpXcVVqAATKihyLlpuv+t0Z6sCwvLNLTrjAeQvZHKUgIPQkCJcshmaCerAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUESNTBnsdWBGqD6j2KRPuayw2EAgwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMDJlMzEzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQqdMA0G
CSqGSIb3DQEBCwUAA4IBAQAP7W6b48VBOJxlKXQIoUxQfZGeL/cTS3XSwhafG0n9
4oSsOtHLFRqM85Hl1hoifo+iLZoOfolReyxoa/L8ry8vvA6AiagyufNNQnr2m8k3
bfak5hrbzo8AEl/dWbUdyq1RmSBBN7xsZG+ZOr3twp6T8arf/JQyybWLNc50Gx4c
nfX5hpSyqEDBxIq0e+WEQnBoE2Bovz1i5AUM/4jZHXJzhFLhiqgcM6Kf2LW3Qz1A
85Dq/Q+dDZ9ix0v+YtMP1ImrRCORFzG4XwySr0+z9jnQKJ4GuWUcjxDmoyKOqTlv
GzhnxbjsmGPsmKDprHZM+peNNmG4RX2tYKWva+deFE9f
-----END CERTIFICATE-----