Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3133372e3139332e302f32342d3234203d3e20383334.roa
File:                     34352e3133372e3139332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          BppVA1ZnVbUCo/hPBFFdNBVQCD0LLvN66WziB0a8b1w=
Subject key identifier:   5F:7B:CD:50:5D:55:BC:BC:97:0F:CE:5C:99:C5:66:92:52:40:77:EE
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       17342DC9DC597EB5935E7ECA0CE8814C944761CB
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3133372e3139332e302f32342d3234203d3e20383334.roa
Signing time:             Fri 19 Apr 2024 07:03:30 +0000
ROA not before:           Fri 19 Apr 2024 06:58:30 +0000
ROA not after:            Fri 18 Apr 2025 07:03:30 +0000
asID:                     834
IP address blocks:        45.137.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:34:2d:c9:dc:59:7e:b5:93:5e:7e:ca:0c:e8:81:4c:94:47:61:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Apr 19 06:58:30 2024 GMT
            Not After : Apr 18 07:03:30 2025 GMT
        Subject: CN=5F7BCD505D55BCBC970FCE5C99C56692524077EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:2b:f6:6b:4d:01:d4:9d:2e:9d:7c:19:16:64:
                    83:d5:37:0d:2c:05:9e:a3:b7:70:fc:db:28:50:91:
                    9e:32:a7:ab:6a:09:02:12:d6:73:e3:fc:1c:7f:b2:
                    e1:26:6f:fb:d7:37:a4:0d:31:56:f9:19:59:33:a3:
                    3a:f2:67:a0:fe:39:c1:44:1a:49:bf:cc:82:20:25:
                    4d:21:5c:8a:35:d0:ea:65:6f:67:61:28:b1:7b:29:
                    c9:27:95:f8:b7:63:aa:5d:3b:15:66:1f:c6:a4:e2:
                    7a:f6:7c:97:fa:70:d6:d8:6c:41:04:69:88:66:d0:
                    92:74:62:cd:6d:fc:8b:d1:0a:df:5b:26:99:f1:e5:
                    41:db:d1:1a:b8:14:01:c9:ac:ff:7f:ac:c3:71:08:
                    0a:73:dc:46:fd:5f:28:b0:e1:b4:09:f7:3b:ff:e1:
                    d8:00:62:c3:8c:2a:00:32:ee:38:bb:c7:9b:c2:e3:
                    77:e9:22:eb:28:51:05:0d:00:74:b7:16:e5:15:16:
                    4c:bf:98:32:5a:02:14:8a:3f:e4:f4:27:f8:0c:7e:
                    eb:71:f5:78:6a:be:08:5e:58:af:20:cc:39:ae:cd:
                    d6:92:8d:15:24:1e:d7:48:eb:39:b4:10:72:d2:3d:
                    86:89:cb:02:97:fa:2e:cf:64:a8:93:96:d7:09:0e:
                    8e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:7B:CD:50:5D:55:BC:BC:97:0F:CE:5C:99:C5:66:92:52:40:77:EE
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e3133372e3139332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:b3:35:ef:45:f2:d1:39:34:35:93:69:ed:40:a5:97:da:c6:
         20:f2:94:1d:a4:d6:ce:bf:e4:d0:7b:e7:90:22:70:c1:d1:37:
         e0:29:5f:04:75:b2:8f:fb:d7:10:51:0b:17:b2:14:6b:5a:17:
         dc:ef:2f:3b:97:00:49:46:ae:ad:d1:b6:ca:5e:61:6a:0e:a8:
         68:f1:47:89:28:fd:bc:18:86:e6:bf:86:1c:6f:ea:ac:4d:00:
         63:2e:6b:93:8a:ab:d9:99:35:30:ca:e2:42:7c:a0:61:a6:76:
         e2:7f:db:4b:70:df:d6:62:81:72:80:e4:24:22:52:1f:81:c6:
         a9:dd:8b:fd:5c:44:4b:9b:e1:9f:8a:a9:4a:2c:7f:79:1b:ef:
         94:97:43:6f:1c:11:2e:25:87:b5:70:69:a7:65:4b:ce:49:41:
         d4:20:89:3a:39:0c:8c:ff:d9:1f:f2:19:95:93:4d:90:99:33:
         9b:eb:7d:72:66:c3:06:da:a2:cb:7c:a3:da:a0:f7:f9:76:5c:
         9a:19:7c:39:e9:8b:55:49:d6:7a:2b:9e:f9:93:4e:16:56:af:
         e4:8b:26:46:08:ee:36:42:36:c0:41:3f:75:69:48:58:76:96:
         70:fd:fd:47:68:50:e7:41:bb:e3:43:ee:3d:82:ca:b2:fd:1b:
         f7:2b:c4:b0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFzQtydxZfrWTXn7KDOiBTJRHYcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA0MTkwNjU4MzBaFw0yNTA0MTgwNzAzMzBaMDMxMTAvBgNV
BAMTKDVGN0JDRDUwNUQ1NUJDQkM5NzBGQ0U1Qzk5QzU2NjkyNTI0MDc3RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpK/ZrTQHUnS6dfBkWZIPVNw0s
BZ6jt3D82yhQkZ4yp6tqCQIS1nPj/Bx/suEmb/vXN6QNMVb5GVkzozryZ6D+OcFE
Gkm/zIIgJU0hXIo10Oplb2dhKLF7Kcknlfi3Y6pdOxVmH8ak4nr2fJf6cNbYbEEE
aYhm0JJ0Ys1t/IvRCt9bJpnx5UHb0Rq4FAHJrP9/rMNxCApz3Eb9Xyiw4bQJ9zv/
4dgAYsOMKgAy7ji7x5vC43fpIusoUQUNAHS3FuUVFky/mDJaAhSKP+T0J/gMfutx
9XhqvgheWK8gzDmuzdaSjRUkHtdI6zm0EHLSPYaJywKX+i7PZKiTltcJDo5BAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUX3vNUF1VvLyXD85cmcVmklJAd+4wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMzM3MmUzMTM5
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAticEw
DQYJKoZIhvcNAQELBQADggEBABKzNe9F8tE5NDWTae1ApZfaxiDylB2k1s6/5NB7
55AicMHRN+ApXwR1so/71xBRCxeyFGtaF9zvLzuXAElGrq3RtspeYWoOqGjxR4ko
/bwYhua/hhxv6qxNAGMua5OKq9mZNTDK4kJ8oGGmduJ/20tw39ZigXKA5CQiUh+B
xqndi/1cREub4Z+KqUosf3kb75SXQ28cES4lh7VwaadlS85JQdQgiTo5DIz/2R/y
GZWTTZCZM5vrfXJmwwbaost8o9qg9/l2XJoZfDnpi1VJ1nornvmTThZWr+SLJkYI
7jZCNsBBP3VpSFh2lnD9/UdoUOdBu+ND7j2CyrL9G/crxLA=
-----END CERTIFICATE-----