Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232312e302f32342d3332203d3e203531313637.roa
File:                     34352e36372e3232312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          ds/CZO3T6+1zBP+Ve1Ga+HT5ilNgXn9mMLvYQ1AuPzg=
Subject key identifier:   A3:95:68:20:05:C9:62:F4:73:AB:0A:6A:26:BE:E1:47:C4:5D:6A:B2
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       1B091564964D5AE8B7D0284F6EE4F0BBB5CA1092
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232312e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     51167
IP address blocks:        45.67.221.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:09:15:64:96:4d:5a:e8:b7:d0:28:4f:6e:e4:f0:bb:b5:ca:10:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=A395682005C962F473AB0A6A26BEE147C45D6AB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4d:f3:d1:5b:30:5b:7e:cf:bf:83:a2:df:81:
                    67:ba:da:b8:eb:be:f1:92:96:a9:ed:17:7f:8d:4f:
                    d1:1e:2f:fe:8c:5f:66:b6:80:ea:b5:38:1c:db:6a:
                    5e:8e:3e:78:b0:99:d4:73:80:04:33:46:9c:53:25:
                    d7:11:ad:81:8e:e8:19:92:b6:d9:63:69:05:97:34:
                    84:a3:1f:34:d0:c2:1d:ea:43:d2:ff:9a:47:17:2b:
                    57:38:53:54:2f:9b:13:1a:eb:a1:c7:8c:3a:1f:f1:
                    d9:3a:13:0d:66:1a:b0:3b:d3:ec:c6:f3:4d:cf:82:
                    e8:80:6a:43:43:ff:60:c9:0b:17:10:8c:10:e3:f5:
                    a7:b2:f6:9e:68:28:b7:a9:90:a7:04:fd:40:ff:e5:
                    4a:a1:30:e2:29:3e:c3:7e:f2:70:24:80:bd:76:fc:
                    31:1e:c8:ba:02:1b:c5:2b:f5:8c:4c:d3:f3:b3:a3:
                    62:82:d9:d2:b1:09:2d:44:1d:d5:c7:fc:7e:bf:aa:
                    21:ff:a4:9c:94:46:98:fa:40:3b:bf:01:71:d2:52:
                    f4:dd:2c:09:17:db:2d:16:83:f2:34:26:3f:c3:1e:
                    f2:38:78:7f:35:8a:f1:34:09:b8:9a:9f:4c:61:cd:
                    6f:54:b2:22:f5:e9:69:86:62:e9:c3:8f:29:95:19:
                    a7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:95:68:20:05:C9:62:F4:73:AB:0A:6A:26:BE:E1:47:C4:5D:6A:B2
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a1:56:04:0e:cd:26:da:d5:f8:79:2a:0b:6d:dc:17:83:9a:
         d8:97:92:38:89:f7:fd:a7:d9:e5:37:9c:04:ad:1c:2c:ed:54:
         98:1c:af:00:b0:50:f3:4c:cd:ef:33:6a:e4:b5:d2:96:a9:04:
         8b:bf:25:84:e9:0e:e7:31:b6:bd:63:2d:4a:ac:0a:09:6e:8d:
         9e:5e:59:10:83:b4:87:46:e6:4d:3d:58:6f:d9:7f:2c:38:b1:
         55:cd:88:50:b7:8d:26:5e:b9:4b:ba:0d:11:da:d6:c8:21:68:
         36:d0:63:98:f2:ad:36:4c:9a:d1:f2:9a:05:d2:2d:e0:4b:bb:
         b3:38:4b:46:b9:32:a4:33:00:f9:6d:71:1d:32:bf:69:1d:89:
         f3:4d:ea:3f:32:fb:0b:c2:36:28:84:ee:a4:71:f2:6e:7c:70:
         10:2f:7c:84:26:4e:8c:08:3a:9e:74:5e:8e:ae:a7:f6:08:78:
         2b:c8:25:7e:11:c7:ab:63:e0:29:57:8b:84:48:3e:81:12:72:
         93:92:74:0a:e0:50:d1:ea:c5:12:13:99:49:b3:a1:47:82:db:
         4e:a5:b9:db:32:ba:d9:83:f0:f7:03:5d:aa:f2:dd:dc:95:d0:
         c4:53:aa:70:cf:38:b0:ab:6c:b0:a6:5f:10:af:ad:bf:b1:0d:
         82:54:c4:5d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGwkVZJZNWui30ChPbuTwu7XKEJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKEEzOTU2ODIwMDVDOTYyRjQ3M0FCMEE2QTI2QkVFMTQ3QzQ1RDZBQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9TfPRWzBbfs+/g6LfgWe62rjr
vvGSlqntF3+NT9EeL/6MX2a2gOq1OBzbal6OPniwmdRzgAQzRpxTJdcRrYGO6BmS
ttljaQWXNISjHzTQwh3qQ9L/mkcXK1c4U1QvmxMa66HHjDof8dk6Ew1mGrA70+zG
803PguiAakND/2DJCxcQjBDj9aey9p5oKLepkKcE/UD/5UqhMOIpPsN+8nAkgL12
/DEeyLoCG8Ur9YxM0/Ozo2KC2dKxCS1EHdXH/H6/qiH/pJyURpj6QDu/AXHSUvTd
LAkX2y0Wg/I0Jj/DHvI4eH81ivE0Cbian0xhzW9UsiL16WmGYunDjymVGaehAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUo5VoIAXJYvRzqwpqJr7hR8RdarIwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzYzNzJlMzIzMjMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1D
3TANBgkqhkiG9w0BAQsFAAOCAQEAUKFWBA7NJtrV+HkqC23cF4Oa2JeSOIn3/afZ
5TecBK0cLO1UmByvALBQ80zN7zNq5LXSlqkEi78lhOkO5zG2vWMtSqwKCW6Nnl5Z
EIO0h0bmTT1Yb9l/LDixVc2IULeNJl65S7oNEdrWyCFoNtBjmPKtNkya0fKaBdIt
4Eu7szhLRrkypDMA+W1xHTK/aR2J803qPzL7C8I2KITupHHybnxwEC98hCZOjAg6
nnRejq6n9gh4K8glfhHHq2PgKVeLhEg+gRJyk5J0CuBQ0erFEhOZSbOhR4LbTqW5
2zK62YPw9wNdqvLd3JXQxFOqcM84sKtssKZfEK+tv7ENglTEXQ==
-----END CERTIFICATE-----