Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3132392e33342e302f32342d3234203d3e20383334.roa
File:                     34352e3132392e33342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          xQHI+0iPp2Vcg9ypW+9HnA3jqHSWmeHc2GusOgVlmXw=
Subject key identifier:   D5:7C:C1:EB:0E:BC:FC:7E:2B:78:FC:49:A2:1D:D4:E0:61:98:A0:37
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       19660AE62184F957C2B243ABE94374C1C9D40473
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3132392e33342e302f32342d3234203d3e20383334.roa
Signing time:             Mon 18 Mar 2024 07:49:44 +0000
ROA not before:           Mon 18 Mar 2024 07:44:44 +0000
ROA not after:            Mon 17 Mar 2025 07:49:44 +0000
asID:                     834
IP address blocks:        45.129.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:66:0a:e6:21:84:f9:57:c2:b2:43:ab:e9:43:74:c1:c9:d4:04:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar 18 07:44:44 2024 GMT
            Not After : Mar 17 07:49:44 2025 GMT
        Subject: CN=D57CC1EB0EBCFC7E2B78FC49A21DD4E06198A037
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:32:29:8e:55:9c:c3:a3:b7:97:14:c9:21:8a:
                    79:8f:c8:4d:d5:bb:44:36:4c:e4:76:75:c2:1e:eb:
                    3a:15:f4:c4:8d:26:b9:a3:96:48:7c:da:eb:50:77:
                    0f:fb:23:fb:78:56:ba:6a:42:c2:5a:e4:70:ed:24:
                    2d:ba:32:c8:02:86:6a:e9:68:8a:f5:db:3a:f7:da:
                    b3:d8:16:45:29:cf:09:d3:bb:3f:21:39:03:ec:20:
                    40:14:24:22:dd:9b:67:08:ef:90:e3:9e:0e:31:7b:
                    87:31:7c:bc:15:b1:58:26:9b:36:3c:da:d1:a1:90:
                    22:72:77:94:2b:84:fe:e2:ce:28:4d:2e:8a:88:a6:
                    a7:4b:f2:b3:26:1f:ba:04:e0:2c:60:54:ad:b5:b6:
                    27:24:17:6f:e5:a2:2c:12:2b:96:e9:3a:2b:5e:83:
                    77:68:e1:7e:57:eb:a7:94:47:ac:d5:40:4d:de:87:
                    f0:15:e1:65:ef:d2:86:45:16:de:35:23:cc:02:12:
                    d7:27:62:db:7f:a7:d2:29:20:da:0f:fe:67:c8:ab:
                    8c:9c:82:8d:cf:47:2b:65:dd:c1:5e:34:ae:7d:07:
                    f8:af:c6:b2:b7:7a:49:1a:35:00:6a:c7:8f:fd:be:
                    f6:eb:f8:0c:d0:0e:eb:f5:3e:f0:7d:ee:95:18:c0:
                    b5:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:7C:C1:EB:0E:BC:FC:7E:2B:78:FC:49:A2:1D:D4:E0:61:98:A0:37
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3132392e33342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:ca:b0:81:4c:6a:54:33:17:da:f1:a0:ca:54:7d:96:72:71:
         89:d6:5f:8e:8d:f3:34:54:5e:11:4a:14:bf:4b:b7:9f:66:7f:
         98:17:90:af:1b:66:8f:4f:8c:36:08:6c:5b:5a:6c:c3:71:11:
         b3:93:ec:bd:bd:a7:eb:63:a8:80:14:c1:14:29:bb:97:26:ec:
         b5:9d:fd:5b:22:29:84:e8:0b:77:02:95:37:97:e0:93:bd:fd:
         90:ad:2d:f2:04:6e:a5:c1:dc:e7:6a:de:bc:5d:a7:68:08:c2:
         12:04:de:a0:1c:c8:a5:75:67:dd:63:db:b4:07:40:04:93:a0:
         4e:1b:4a:2e:41:2d:cf:33:ea:4a:8d:71:07:0e:ff:4b:56:11:
         55:87:3c:dc:42:63:d9:99:81:04:43:d2:30:23:ae:a2:4d:13:
         0c:f1:61:45:05:40:11:be:39:0f:8f:a5:84:46:bd:74:ab:3d:
         39:f1:f2:12:ab:37:b9:e5:97:fa:f1:ba:84:2c:81:79:1a:68:
         72:1b:73:86:36:e1:bd:e2:ab:6a:97:33:a4:39:03:cb:2d:f4:
         ef:f3:70:75:13:3c:ac:0e:0c:11:27:b4:f8:c5:9f:2e:fb:50:
         c5:82:9f:f9:39:c6:0f:ea:ca:2a:31:72:f1:e5:34:bc:8e:d6:
         db:80:b0:ee
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUGWYK5iGE+VfCskOr6UN0wcnUBHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMTgwNzQ0NDRaFw0yNTAzMTcwNzQ5NDRaMDMxMTAvBgNV
BAMTKEQ1N0NDMUVCMEVCQ0ZDN0UyQjc4RkM0OUEyMURENEUwNjE5OEEwMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYMimOVZzDo7eXFMkhinmPyE3V
u0Q2TOR2dcIe6zoV9MSNJrmjlkh82utQdw/7I/t4VrpqQsJa5HDtJC26MsgChmrp
aIr12zr32rPYFkUpzwnTuz8hOQPsIEAUJCLdm2cI75Djng4xe4cxfLwVsVgmmzY8
2tGhkCJyd5QrhP7izihNLoqIpqdL8rMmH7oE4CxgVK21tickF2/loiwSK5bpOite
g3do4X5X66eUR6zVQE3eh/AV4WXv0oZFFt41I8wCEtcnYtt/p9IpINoP/mfIq4yc
go3PRytl3cFeNK59B/ivxrK3ekkaNQBqx4/9vvbr+AzQDuv1PvB97pUYwLVLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU1XzB6w68/H4rePxJoh3U4GGYoDcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMjM5MmUzMzM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYEiMA0G
CSqGSIb3DQEBCwUAA4IBAQBUyrCBTGpUMxfa8aDKVH2WcnGJ1l+OjfM0VF4RShS/
S7efZn+YF5CvG2aPT4w2CGxbWmzDcRGzk+y9vafrY6iAFMEUKbuXJuy1nf1bIimE
6At3ApU3l+CTvf2QrS3yBG6lwdznat68XadoCMISBN6gHMildWfdY9u0B0AEk6BO
G0ouQS3PM+pKjXEHDv9LVhFVhzzcQmPZmYEEQ9IwI66iTRMM8WFFBUARvjkPj6WE
Rr10qz058fISqze55Zf68bqELIF5GmhyG3OGNuG94qtqlzOkOQPLLfTv83B1Ezys
DgwRJ7T4xZ8u+1DFgp/5OcYP6soqMXLx5TS8jtbbgLDu
-----END CERTIFICATE-----