Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35382e302f32342d3234203d3e203430363736.roa
File:                     34352e31332e35382e302f32342d3234203d3e203430363736.roa (raw, json)
Hash identifier:          NGGYgj/mP+ZrL/kaqIVyzoX1TTQMkjqJu/C56c2LRcg=
Subject key identifier:   C0:CB:43:C0:73:F1:64:19:9F:FB:F0:D2:C4:C3:EF:48:BC:F4:C8:37
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       41F8E4D90146DBC0C2DEB0BAE2C80EC19FA36614
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35382e302f32342d3234203d3e203430363736.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     40676
IP address blocks:        45.13.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:f8:e4:d9:01:46:db:c0:c2:de:b0:ba:e2:c8:0e:c1:9f:a3:66:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=C0CB43C073F164199FFBF0D2C4C3EF48BCF4C837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:24:8a:01:71:74:9c:39:a0:7f:8d:e2:db:37:
                    ad:82:36:07:99:c6:68:67:5a:d6:cd:e2:cd:43:38:
                    5b:05:87:72:6e:0d:7d:d4:e0:43:26:21:f8:ea:cf:
                    7e:08:2d:29:95:78:35:91:16:2c:b1:14:ec:ca:1f:
                    70:f8:56:18:e9:56:a8:64:f8:1a:3f:b4:b0:ed:0e:
                    1f:fc:35:a0:80:21:68:8c:4a:7f:19:22:0d:0d:d8:
                    bb:fe:d1:9e:44:84:15:e4:d4:71:f4:36:53:3b:b7:
                    d5:46:31:88:bb:54:74:d5:7f:22:2b:52:1e:60:f3:
                    91:60:87:4b:c0:d6:db:e6:ae:8d:63:f4:bf:19:2a:
                    4d:67:00:aa:b8:49:fd:af:0b:e8:9f:33:bf:38:45:
                    96:e3:d0:b0:e7:82:17:62:9f:58:2d:11:b3:28:3e:
                    bc:d2:1d:35:59:48:c6:c6:75:16:a9:c2:fc:c4:63:
                    b9:35:ad:3b:23:ec:6b:eb:3d:b4:2e:77:84:3f:55:
                    fa:c7:a8:66:23:f7:d9:26:a0:b6:fa:f9:de:68:fc:
                    89:e2:08:b6:de:4d:30:8f:d3:1b:a6:41:44:8d:39:
                    7c:3d:fb:4c:65:af:91:b9:a3:c5:03:f0:9f:8d:cb:
                    02:8f:5d:c4:8d:82:09:9a:83:4d:06:9c:9a:f0:d6:
                    7c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:CB:43:C0:73:F1:64:19:9F:FB:F0:D2:C4:C3:EF:48:BC:F4:C8:37
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31332e35382e302f32342d3234203d3e203430363736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:33:55:aa:68:7f:b4:94:11:41:be:ec:c0:a1:06:af:8e:92:
         a2:f7:02:ee:0d:57:01:d2:b2:95:14:5f:28:55:40:8a:35:93:
         5e:84:f8:4a:0d:c6:b0:67:86:9f:ee:b3:f7:23:67:e0:51:86:
         ff:50:1a:46:ce:fb:af:20:69:9a:47:43:bd:5a:a6:6a:8a:24:
         f1:a9:7d:97:67:1b:79:43:96:2d:e0:e8:0c:0e:31:82:b8:a8:
         02:b8:32:cf:00:38:30:02:59:59:95:38:3b:c7:7a:dd:c7:93:
         4b:b4:b7:c4:79:39:d4:e4:d5:e3:8c:7d:09:8e:c6:d1:23:92:
         82:27:08:64:df:9b:d5:c9:8f:88:71:3b:53:77:67:9f:38:5c:
         70:72:88:1f:9a:18:0c:5b:76:01:e0:b9:29:af:6d:4d:ad:35:
         6a:f8:09:ba:d6:20:ab:e7:b9:30:e2:77:f2:be:ee:2c:a6:ca:
         a7:53:e4:84:77:d7:40:3a:5c:26:04:14:e2:d3:05:cb:be:bf:
         c9:1a:f3:da:09:4c:d0:ec:81:80:e0:6d:8c:df:df:c6:cd:af:
         cc:8d:f6:28:9b:59:81:b1:32:e4:f8:8d:f8:1e:5f:7a:cd:7b:
         c9:21:50:94:47:8f:fc:dd:3e:ee:d2:69:1f:a5:99:87:d1:bc:
         74:35:a0:7c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQfjk2QFG28DC3rC64sgOwZ+jZhQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKEMwQ0I0M0MwNzNGMTY0MTk5RkZCRjBEMkM0QzNFRjQ4QkNGNEM4MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtJIoBcXScOaB/jeLbN62CNgeZ
xmhnWtbN4s1DOFsFh3JuDX3U4EMmIfjqz34ILSmVeDWRFiyxFOzKH3D4VhjpVqhk
+Bo/tLDtDh/8NaCAIWiMSn8ZIg0N2Lv+0Z5EhBXk1HH0NlM7t9VGMYi7VHTVfyIr
Uh5g85Fgh0vA1tvmro1j9L8ZKk1nAKq4Sf2vC+ifM784RZbj0LDnghdin1gtEbMo
PrzSHTVZSMbGdRapwvzEY7k1rTsj7GvrPbQud4Q/VfrHqGYj99kmoLb6+d5o/Ini
CLbeTTCP0xumQUSNOXw9+0xlr5G5o8UD8J+NywKPXcSNggmag00GnJrw1nzzAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUwMtDwHPxZBmf+/DSxMPvSLz0yDcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMzJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzNjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDTow
DQYJKoZIhvcNAQELBQADggEBAAozVapof7SUEUG+7MChBq+OkqL3Au4NVwHSspUU
XyhVQIo1k16E+EoNxrBnhp/us/cjZ+BRhv9QGkbO+68gaZpHQ71apmqKJPGpfZdn
G3lDli3g6AwOMYK4qAK4Ms8AODACWVmVODvHet3Hk0u0t8R5OdTk1eOMfQmOxtEj
koInCGTfm9XJj4hxO1N3Z584XHByiB+aGAxbdgHguSmvbU2tNWr4CbrWIKvnuTDi
d/K+7iymyqdT5IR310A6XCYEFOLTBcu+v8ka89oJTNDsgYDgbYzf38bNr8yN9iib
WYGxMuT4jfgeX3rNe8khUJRHj/zdPu7SaR+lmYfRvHQ1oHw=
-----END CERTIFICATE-----