Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232322e302f32342d3234203d3e203630373831.roa
File:                     34352e36372e3232322e302f32342d3234203d3e203630373831.roa (raw, json)
Hash identifier:          1XPg1XALZyg2e+rQX6iZ3VBETMDWBoqeR2mkFwdK1Do=
Subject key identifier:   40:14:B8:65:DF:94:F0:36:BA:73:AD:8C:0C:BF:44:10:2D:8D:1A:33
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       117FCC9E8EBED765C12299FBBBE8574B5DA3B526
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232322e302f32342d3234203d3e203630373831.roa
Signing time:             Mon 26 Feb 2024 08:52:47 +0000
ROA not before:           Mon 26 Feb 2024 08:47:47 +0000
ROA not after:            Mon 24 Feb 2025 08:52:47 +0000
asID:                     60781
IP address blocks:        45.67.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:7f:cc:9e:8e:be:d7:65:c1:22:99:fb:bb:e8:57:4b:5d:a3:b5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:47 2024 GMT
            Not After : Feb 24 08:52:47 2025 GMT
        Subject: CN=4014B865DF94F036BA73AD8C0CBF44102D8D1A33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:79:9b:7a:2c:51:4c:74:06:23:a7:1c:08:9b:
                    75:06:ff:0b:7b:59:44:9d:99:6e:34:9f:9b:7a:eb:
                    c0:fc:ad:17:66:dd:17:15:a7:93:01:17:b3:46:b1:
                    d4:37:9b:ee:52:e2:e6:e3:0b:56:ce:18:80:dc:ae:
                    1e:3c:77:f6:f3:68:21:51:b3:72:14:73:a0:6d:3b:
                    73:71:7c:40:c0:40:4a:20:60:64:fc:61:17:2d:80:
                    2c:a0:19:60:b7:0d:a1:61:dc:56:39:61:8e:d8:f9:
                    2c:97:67:e2:43:f1:c5:9e:0f:0c:56:ca:eb:e2:42:
                    43:67:72:83:2e:f2:e7:3c:23:22:57:21:56:f7:85:
                    60:e8:e5:5d:2b:0e:a9:ec:b4:43:ef:17:1f:42:c7:
                    c8:01:fa:32:47:d3:5f:f2:e0:4d:09:e5:38:af:02:
                    2a:25:bc:b6:83:d2:c7:83:83:bd:72:96:12:20:ef:
                    e8:0b:9b:23:a8:53:65:8d:a3:de:94:a8:57:af:07:
                    9d:50:86:ad:e4:f2:84:b3:92:a2:05:66:f1:59:ca:
                    e7:d7:ba:66:21:1d:0e:9f:4c:36:f0:0e:dd:e6:db:
                    42:ae:66:17:1f:cc:e0:ba:bc:69:cf:94:c2:ad:e4:
                    b9:85:e6:65:4c:ec:ab:36:56:1f:fe:9d:4a:5c:5b:
                    58:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:14:B8:65:DF:94:F0:36:BA:73:AD:8C:0C:BF:44:10:2D:8D:1A:33
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232322e302f32342d3234203d3e203630373831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:cf:48:fa:25:6e:08:f4:7f:8a:9e:df:50:26:2c:72:d3:31:
         28:dc:5d:94:68:02:03:16:6a:e6:c9:8b:6d:7b:88:6e:29:2f:
         a7:ae:40:d8:22:a9:aa:ef:be:81:2b:f8:90:15:fc:20:6d:99:
         f5:dd:03:2b:c1:69:bb:e8:6f:ce:bb:8d:a9:79:ad:10:d5:c2:
         8b:75:21:09:45:03:2f:be:32:27:1b:20:28:af:99:49:c5:55:
         32:32:a2:5e:fd:00:f8:15:b7:f9:56:f6:f1:bd:8b:52:15:42:
         be:0f:42:7f:98:39:7d:d6:c2:fc:07:80:c5:bc:84:3e:6a:fd:
         c5:fb:10:6f:0d:07:e6:2c:55:bc:56:15:b7:3c:49:75:c6:6b:
         f3:83:6a:6c:be:40:e1:c1:44:da:77:8a:24:83:a7:2c:e8:c7:
         6b:24:34:55:35:11:9d:e4:c3:e8:00:90:7c:a0:46:6f:43:bf:
         c8:0e:8e:1c:d6:47:36:26:54:64:bd:ba:45:83:01:bd:3d:c3:
         f5:a7:8e:9c:d9:14:ff:e4:28:bd:b1:31:0d:43:e1:a1:ad:6c:
         d0:a4:ab:69:78:dc:45:cd:7c:55:fa:98:a7:60:7d:0f:3c:a2:
         80:f8:0c:a4:ae:f2:80:e6:0d:83:c9:5e:80:e9:3b:82:59:3c:
         84:97:93:35
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEX/Mno6+12XBIpn7u+hXS12jtSYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDdaFw0yNTAyMjQwODUyNDdaMDMxMTAvBgNV
BAMTKDQwMTRCODY1REY5NEYwMzZCQTczQUQ4QzBDQkY0NDEwMkQ4RDFBMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkeZt6LFFMdAYjpxwIm3UG/wt7
WUSdmW40n5t668D8rRdm3RcVp5MBF7NGsdQ3m+5S4ubjC1bOGIDcrh48d/bzaCFR
s3IUc6BtO3NxfEDAQEogYGT8YRctgCygGWC3DaFh3FY5YY7Y+SyXZ+JD8cWeDwxW
yuviQkNncoMu8uc8IyJXIVb3hWDo5V0rDqnstEPvFx9Cx8gB+jJH01/y4E0J5Tiv
AiolvLaD0seDg71ylhIg7+gLmyOoU2WNo96UqFevB51Qhq3k8oSzkqIFZvFZyufX
umYhHQ6fTDbwDt3m20KuZhcfzOC6vGnPlMKt5LmF5mVM7Ks2Vh/+nUpcW1j/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQBS4Zd+U8Da6c62MDL9EEC2NGjMwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzYzNzJlMzIzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1D
3jANBgkqhkiG9w0BAQsFAAOCAQEAJM9I+iVuCPR/ip7fUCYsctMxKNxdlGgCAxZq
5smLbXuIbikvp65A2CKpqu++gSv4kBX8IG2Z9d0DK8Fpu+hvzruNqXmtENXCi3Uh
CUUDL74yJxsgKK+ZScVVMjKiXv0A+BW3+Vb28b2LUhVCvg9Cf5g5fdbC/AeAxbyE
Pmr9xfsQbw0H5ixVvFYVtzxJdcZr84NqbL5A4cFE2neKJIOnLOjHayQ0VTURneTD
6ACQfKBGb0O/yA6OHNZHNiZUZL26RYMBvT3D9aeOnNkU/+QovbExDUPhoa1s0KSr
aXjcRc18VfqYp2B9DzyigPgMpK7ygOYNg8legOk7glk8hJeTNQ==
-----END CERTIFICATE-----