Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35362e302f32332d3234203d3e20323034313730.roa
File:                     34352e31332e35362e302f32332d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          Zq9ALzBuTwMc01NKF+RblQT7zh9ewDAKwbkw/C5X7GQ=
Subject key identifier:   AF:F3:F9:38:20:40:2B:5B:69:F0:5B:C9:97:DC:21:F8:74:A5:D4:12
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       2CBCEDB6242A9FE2691A621B96DFB875F24E645A
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35362e302f32332d3234203d3e20323034313730.roa
Signing time:             Mon 26 Feb 2024 08:52:51 +0000
ROA not before:           Mon 26 Feb 2024 08:47:51 +0000
ROA not after:            Mon 24 Feb 2025 08:52:51 +0000
asID:                     204170
IP address blocks:        45.13.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:bc:ed:b6:24:2a:9f:e2:69:1a:62:1b:96:df:b8:75:f2:4e:64:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:51 2024 GMT
            Not After : Feb 24 08:52:51 2025 GMT
        Subject: CN=AFF3F93820402B5B69F05BC997DC21F874A5D412
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:18:2e:c2:4f:5d:45:4f:bb:2b:58:77:a7:e5:
                    3e:c8:ca:eb:0b:2c:8d:a1:c5:d6:22:92:56:75:23:
                    95:5a:59:22:dd:c5:70:02:89:1e:e7:26:da:51:c3:
                    ac:f7:85:97:a6:30:cd:4d:ab:03:16:e8:65:68:55:
                    de:e6:ae:5a:27:a3:e3:fc:c4:a0:bf:de:8d:bd:c2:
                    78:d0:4c:7a:04:dd:75:d7:17:f0:a1:9c:09:27:9e:
                    05:7f:c7:74:2b:df:aa:50:f4:d7:60:4b:4e:06:cf:
                    c0:78:6c:d7:02:85:34:66:4b:af:88:44:71:d8:61:
                    3d:5e:e2:fd:8a:cb:40:e9:e0:ff:21:85:b0:5c:2f:
                    a6:9e:19:36:12:28:e4:32:d5:73:15:c9:9f:a7:58:
                    fe:f0:b1:9e:07:ac:c5:28:6f:ad:04:be:fa:25:25:
                    e0:13:cb:96:0d:55:57:ee:41:15:f7:cf:25:69:9b:
                    1a:f7:fa:38:f7:19:d7:a7:91:6f:b7:a2:a8:40:98:
                    be:09:fb:6e:fa:50:45:a2:7b:db:8f:30:fe:e7:0e:
                    9d:71:a3:4f:b7:2f:9c:3a:11:3c:5e:66:58:93:c3:
                    79:a8:7b:7a:22:93:45:63:0f:08:2e:09:79:fe:42:
                    08:8e:6c:c8:0b:df:3d:89:e2:71:5f:bb:a5:bd:c5:
                    79:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F3:F9:38:20:40:2B:5B:69:F0:5B:C9:97:DC:21:F8:74:A5:D4:12
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35362e302f32332d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:d1:3f:c1:d9:c2:9e:aa:00:36:89:ee:66:54:8e:1c:f0:f3:
         d5:6f:33:4c:6c:26:70:b7:63:93:4a:18:b9:4b:e3:da:05:fc:
         89:53:e4:1c:7d:f8:e4:b4:23:25:de:c2:5b:9c:60:01:6f:db:
         ca:0b:f1:8d:08:a4:63:97:b6:6b:a7:22:7d:57:20:a8:0d:5d:
         74:5c:66:79:b2:1e:8b:cd:7e:a9:84:ae:10:c5:de:e8:a0:fd:
         82:c4:e8:70:d3:67:6b:c0:7c:1d:7b:85:26:41:7d:3b:5b:2d:
         b9:25:a1:91:44:87:72:c5:55:06:5b:1f:39:c6:7e:52:3a:7e:
         bc:9a:06:9e:9f:a7:e1:3e:ff:31:10:1a:2f:48:af:d2:9e:21:
         47:66:02:8a:81:2c:1d:68:0f:0d:9c:63:9b:f1:75:6e:7f:53:
         76:58:c0:7a:75:9b:44:22:ad:b2:02:00:f4:32:15:3a:85:3b:
         12:07:17:b4:62:05:45:b3:c8:6a:c4:97:7b:2c:a7:3b:b1:d3:
         d1:f8:75:fd:49:b4:4c:fc:95:07:33:39:e3:f4:0b:ed:9c:82:
         f8:81:b4:b1:b7:ee:30:bf:bf:8c:ca:b8:0b:19:58:42:98:87:
         78:db:c5:42:d2:ce:53:55:b9:08:57:69:93:2e:1a:68:8b:84:
         b7:c1:e6:40
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULLzttiQqn+JpGmIblt+4dfJOZFowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTFaFw0yNTAyMjQwODUyNTFaMDMxMTAvBgNV
BAMTKEFGRjNGOTM4MjA0MDJCNUI2OUYwNUJDOTk3REMyMUY4NzRBNUQ0MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaGC7CT11FT7srWHen5T7IyusL
LI2hxdYiklZ1I5VaWSLdxXACiR7nJtpRw6z3hZemMM1NqwMW6GVoVd7mrlono+P8
xKC/3o29wnjQTHoE3XXXF/ChnAknngV/x3Qr36pQ9NdgS04Gz8B4bNcChTRmS6+I
RHHYYT1e4v2Ky0Dp4P8hhbBcL6aeGTYSKOQy1XMVyZ+nWP7wsZ4HrMUob60Evvol
JeATy5YNVVfuQRX3zyVpmxr3+jj3GdenkW+3oqhAmL4J+276UEWie9uPMP7nDp1x
o0+3L5w6ETxeZliTw3moe3oik0VjDwguCXn+QgiObMgL3z2J4nFfu6W9xXm7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUr/P5OCBAK1tp8FvJl9wh+HSl1BIwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMzJlMzUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0N
ODANBgkqhkiG9w0BAQsFAAOCAQEAVdE/wdnCnqoANonuZlSOHPDz1W8zTGwmcLdj
k0oYuUvj2gX8iVPkHH345LQjJd7CW5xgAW/bygvxjQikY5e2a6cifVcgqA1ddFxm
ebIei81+qYSuEMXe6KD9gsTocNNna8B8HXuFJkF9O1stuSWhkUSHcsVVBlsfOcZ+
Ujp+vJoGnp+n4T7/MRAaL0iv0p4hR2YCioEsHWgPDZxjm/F1bn9TdljAenWbRCKt
sgIA9DIVOoU7EgcXtGIFRbPIasSXeyynO7HT0fh1/Um0TPyVBzM54/QL7ZyC+IG0
sbfuML+/jMq4CxlYQpiHeNvFQtLOU1W5CFdpky4aaIuEt8HmQA==
-----END CERTIFICATE-----