Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3133342e3232372e302f32342d3234203d3e20383334.roa
File:                     34352e3133342e3232372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cfZ6mRGoTsleTtDhP56G2hATceR78IWZN7lZNwADcOo=
Subject key identifier:   14:A0:1A:8F:96:67:88:D0:93:CF:F7:CC:F3:4C:FB:8C:28:CB:B6:03
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       44371EA52BEF25861ED64FF6531044E27F4A2138
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3133342e3232372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 25 Jun 2024 18:04:04 +0000
ROA not before:           Tue 25 Jun 2024 17:59:04 +0000
ROA not after:            Tue 24 Jun 2025 18:04:04 +0000
asID:                     834
IP address blocks:        45.134.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:37:1e:a5:2b:ef:25:86:1e:d6:4f:f6:53:10:44:e2:7f:4a:21:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Jun 25 17:59:04 2024 GMT
            Not After : Jun 24 18:04:04 2025 GMT
        Subject: CN=14A01A8F966788D093CFF7CCF34CFB8C28CBB603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f3:8b:4c:2d:aa:eb:b6:18:cc:91:3e:8a:55:
                    88:46:40:f3:e0:7f:44:65:45:51:f4:f7:f4:36:ca:
                    4d:44:f1:64:a4:02:58:59:1a:a5:21:4b:1b:75:87:
                    0b:b9:55:79:78:7d:97:68:43:e9:49:83:f7:e5:02:
                    28:85:9e:66:5a:3b:6c:e3:ef:d8:1f:f2:51:fe:91:
                    5d:cc:50:62:94:b4:e0:f7:b1:62:32:27:27:a3:5e:
                    ef:7e:78:d3:b6:43:44:e7:ae:02:84:1d:d6:1d:33:
                    b0:43:bc:e8:c6:11:59:07:0a:a7:ab:34:ab:57:50:
                    a9:c2:b8:e8:73:6f:22:35:c6:20:5f:42:b4:36:17:
                    f4:6c:24:c3:0c:32:24:5c:9f:4b:9a:da:1e:b6:6a:
                    98:df:dc:b7:10:0f:ca:4f:5c:66:45:e0:26:f0:3c:
                    bb:bc:3d:d0:c9:c4:6a:e9:2e:80:4d:5e:88:e8:df:
                    a5:70:2f:ac:27:98:02:f0:80:3e:66:c1:40:32:ac:
                    22:aa:c9:5e:26:67:7c:87:d9:a1:be:92:34:13:57:
                    34:3e:94:d6:54:02:82:9b:6c:58:3a:73:61:5c:bd:
                    35:05:75:fa:23:c5:31:a8:5d:ec:68:d7:63:fc:63:
                    02:4c:bc:26:0c:47:28:a1:5b:77:52:d0:ac:8c:a8:
                    f3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:A0:1A:8F:96:67:88:D0:93:CF:F7:CC:F3:4C:FB:8C:28:CB:B6:03
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3133342e3232372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:df:fd:e1:25:4e:f4:37:e6:71:70:51:f9:99:ca:92:7b:16:
         85:ec:29:6f:09:3f:05:f5:8a:e0:bd:c6:45:ad:4a:eb:82:77:
         2a:cb:97:01:50:0a:ef:e2:43:16:e0:56:c8:e3:1d:95:1c:97:
         e1:5d:83:83:20:15:c0:9e:d9:b6:85:81:da:fa:43:3f:7e:1d:
         38:f4:a0:1b:d9:39:bc:61:3f:13:55:95:4e:32:2a:36:3d:87:
         63:45:76:48:17:97:2c:d5:22:89:38:7c:83:19:dc:a7:fb:3a:
         03:d7:f2:09:f6:d9:22:47:65:88:90:c9:b6:8d:4c:3e:6e:ad:
         e6:1f:eb:32:b8:e2:0d:79:90:eb:3a:d2:ed:54:69:70:db:cf:
         88:bc:eb:35:29:5e:3d:9c:96:23:2b:d0:ce:6d:52:19:20:9d:
         a7:a3:fa:d2:5a:bb:07:26:6a:2a:16:d6:67:41:c5:56:0f:84:
         69:e4:34:4d:ab:8a:c0:93:ce:b6:bf:a7:c3:17:fd:1c:db:70:
         24:95:a7:3f:9d:ba:38:76:29:16:61:15:82:54:3c:4f:79:53:
         5c:f1:cf:82:32:f9:58:6d:85:f2:e8:67:13:39:70:d3:bd:1a:
         da:a0:58:d6:fd:5c:be:62:22:6a:25:a3:40:d9:64:a2:87:e8:
         04:65:3d:61
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURDcepSvvJYYe1k/2UxBE4n9KITgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA2MjUxNzU5MDRaFw0yNTA2MjQxODA0MDRaMDMxMTAvBgNV
BAMTKDE0QTAxQThGOTY2Nzg4RDA5M0NGRjdDQ0YzNENGQjhDMjhDQkI2MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi84tMLarrthjMkT6KVYhGQPPg
f0RlRVH09/Q2yk1E8WSkAlhZGqUhSxt1hwu5VXl4fZdoQ+lJg/flAiiFnmZaO2zj
79gf8lH+kV3MUGKUtOD3sWIyJyejXu9+eNO2Q0TnrgKEHdYdM7BDvOjGEVkHCqer
NKtXUKnCuOhzbyI1xiBfQrQ2F/RsJMMMMiRcn0ua2h62apjf3LcQD8pPXGZF4Cbw
PLu8PdDJxGrpLoBNXojo36VwL6wnmALwgD5mwUAyrCKqyV4mZ3yH2aG+kjQTVzQ+
lNZUAoKbbFg6c2FcvTUFdfojxTGoXexo12P8YwJMvCYMRyihW3dS0KyMqPNvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFKAaj5ZniNCTz/fM80z7jCjLtgMwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMzM0MmUzMjMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAthuMw
DQYJKoZIhvcNAQELBQADggEBAEHf/eElTvQ35nFwUfmZypJ7FoXsKW8JPwX1iuC9
xkWtSuuCdyrLlwFQCu/iQxbgVsjjHZUcl+Fdg4MgFcCe2baFgdr6Qz9+HTj0oBvZ
ObxhPxNVlU4yKjY9h2NFdkgXlyzVIok4fIMZ3Kf7OgPX8gn22SJHZYiQybaNTD5u
reYf6zK44g15kOs60u1UaXDbz4i86zUpXj2cliMr0M5tUhkgnaej+tJauwcmaioW
1mdBxVYPhGnkNE2risCTzra/p8MX/RzbcCSVpz+dujh2KRZhFYJUPE95U1zxz4Iy
+VhthfLoZxM5cNO9GtqgWNb9XL5iImolo0DZZKKH6ARlPWE=
-----END CERTIFICATE-----