Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35382e302f32342d3234203d3e20333937343233.roa
File:                     34352e31332e35382e302f32342d3234203d3e20333937343233.roa (raw, json)
Hash identifier:          oQKV5wV/qmMtbadpqSm0aWAfXjtsbWt8+kSpQfmEros=
Subject key identifier:   58:71:28:C1:68:90:55:48:C3:4A:03:C3:F8:E5:2E:45:29:04:C8:E6
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       3935646936E4A52418BC785B74ADC25D2B9F99EC
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35382e302f32342d3234203d3e20333937343233.roa
Signing time:             Mon 26 Feb 2024 08:52:50 +0000
ROA not before:           Mon 26 Feb 2024 08:47:50 +0000
ROA not after:            Mon 24 Feb 2025 08:52:50 +0000
asID:                     397423
IP address blocks:        45.13.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:35:64:69:36:e4:a5:24:18:bc:78:5b:74:ad:c2:5d:2b:9f:99:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:50 2024 GMT
            Not After : Feb 24 08:52:50 2025 GMT
        Subject: CN=587128C168905548C34A03C3F8E52E452904C8E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:46:00:4f:c0:46:cb:8c:a9:59:31:0f:83:56:
                    28:54:e8:b2:b9:0e:31:9a:32:34:fa:3b:fc:b2:f1:
                    6a:80:84:4a:b0:c0:cf:2a:4d:cc:a0:53:69:fa:af:
                    fe:50:d7:65:df:8a:c1:20:28:ea:9c:69:43:0a:28:
                    21:ec:3d:0b:b1:2b:6a:83:66:22:a9:e3:fb:dc:d4:
                    08:bc:86:71:cf:ae:d8:5a:50:61:2c:28:7c:4e:31:
                    f9:58:1f:01:a1:58:b1:83:c4:26:f1:94:5a:cf:32:
                    c2:b5:d8:06:00:ff:79:45:a3:c8:40:bc:de:70:e5:
                    3b:ab:35:5d:88:6d:1f:eb:96:be:14:f4:e5:66:7d:
                    08:fd:d5:ea:44:50:48:d5:6d:46:94:1b:9c:59:dd:
                    12:c1:a6:11:5e:42:eb:fb:c4:6b:9b:8f:57:73:c5:
                    b4:3c:eb:6c:20:93:16:46:b7:3a:44:61:e7:79:c9:
                    91:9b:29:9d:3b:8a:cc:89:79:58:12:2a:09:18:5c:
                    24:b1:6c:47:ba:4c:6f:99:da:54:2b:1d:db:24:58:
                    d6:b5:99:12:fc:45:9f:a8:f9:b7:d8:1f:ae:c4:95:
                    f9:fd:13:8d:5f:0e:74:3c:cd:47:61:ab:29:e9:54:
                    2d:de:3a:28:7b:27:64:a2:01:ea:8a:82:33:d1:76:
                    fa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:71:28:C1:68:90:55:48:C3:4A:03:C3:F8:E5:2E:45:29:04:C8:E6
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35382e302f32342d3234203d3e20333937343233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f1:5e:16:83:ce:7a:1b:8c:50:6b:c3:2a:3a:c3:f0:2a:f7:
         ba:b1:bc:17:0a:72:55:67:f8:a8:c0:b9:1c:e2:21:6b:c1:7a:
         30:db:70:6c:be:97:09:46:c4:fa:0e:d1:fe:c0:97:80:c0:29:
         2c:bc:cc:3f:ef:54:67:01:b0:b4:b3:a3:45:b7:68:3d:11:6c:
         58:08:3c:8b:0f:90:95:09:55:93:2e:f0:a0:c0:37:ce:b7:fb:
         23:fc:ac:cd:e1:83:41:5e:e2:b9:8a:86:79:07:6b:16:15:da:
         f6:4a:6a:3a:7d:d1:93:e7:61:90:92:60:c7:4a:0a:e0:49:a6:
         9e:22:7c:e5:36:98:6d:66:5a:c8:79:23:29:7a:67:4c:9c:9e:
         95:f8:ca:4b:8e:8b:20:c4:3c:a5:16:52:a0:e9:d7:e3:6f:1e:
         e4:6e:ce:75:9f:2f:d9:fb:bd:5e:83:4f:49:a8:91:8c:0f:46:
         4e:a6:9d:e8:e7:39:74:66:b3:4e:76:e1:56:8f:22:a1:b1:8b:
         eb:b6:10:26:69:7c:5b:e1:a6:05:df:59:21:ed:c7:44:ab:e3:
         71:b8:29:73:8a:da:a4:1b:5d:a9:33:fc:e1:5c:d2:f9:13:72:
         aa:29:93:92:7f:e5:29:b8:70:71:c0:4a:d8:82:1b:c6:90:17:
         91:ec:ea:40
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOTVkaTbkpSQYvHhbdK3CXSufmewwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTBaFw0yNTAyMjQwODUyNTBaMDMxMTAvBgNV
BAMTKDU4NzEyOEMxNjg5MDU1NDhDMzRBMDNDM0Y4RTUyRTQ1MjkwNEM4RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9RgBPwEbLjKlZMQ+DVihU6LK5
DjGaMjT6O/yy8WqAhEqwwM8qTcygU2n6r/5Q12XfisEgKOqcaUMKKCHsPQuxK2qD
ZiKp4/vc1Ai8hnHPrthaUGEsKHxOMflYHwGhWLGDxCbxlFrPMsK12AYA/3lFo8hA
vN5w5TurNV2IbR/rlr4U9OVmfQj91epEUEjVbUaUG5xZ3RLBphFeQuv7xGubj1dz
xbQ862wgkxZGtzpEYed5yZGbKZ07isyJeVgSKgkYXCSxbEe6TG+Z2lQrHdskWNa1
mRL8RZ+o+bfYH67Elfn9E41fDnQ8zUdhqynpVC3eOih7J2SiAeqKgjPRdvqLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWHEowWiQVUjDSgPD+OUuRSkEyOYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMzJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNzM0MzIzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0N
OjANBgkqhkiG9w0BAQsFAAOCAQEAkPFeFoPOehuMUGvDKjrD8Cr3urG8FwpyVWf4
qMC5HOIha8F6MNtwbL6XCUbE+g7R/sCXgMApLLzMP+9UZwGwtLOjRbdoPRFsWAg8
iw+QlQlVky7woMA3zrf7I/yszeGDQV7iuYqGeQdrFhXa9kpqOn3Rk+dhkJJgx0oK
4EmmniJ85TaYbWZayHkjKXpnTJyelfjKS46LIMQ8pRZSoOnX428e5G7OdZ8v2fu9
XoNPSaiRjA9GTqad6Oc5dGazTnbhVo8iobGL67YQJml8W+GmBd9ZIe3HRKvjcbgp
c4rapBtdqTP84VzS+RNyqimTkn/lKbhwccBK2IIbxpAXkezqQA==
-----END CERTIFICATE-----