Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232322e302f32342d3234203d3e203631333137.roa
File:                     34352e36372e3232322e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          QG8w60VmiasbS6sx2bqYhHYARlgAckzyO30WxVK7IYQ=
Subject key identifier:   CE:0A:B7:9B:2C:5B:93:D3:81:4C:62:34:DE:84:DB:DC:25:DB:F7:6F
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       5105CDC11C88CB453DB9D3B0759362C2EC7635AA
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232322e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:55 +0000
ROA not before:           Mon 26 Feb 2024 08:47:55 +0000
ROA not after:            Mon 24 Feb 2025 08:52:55 +0000
asID:                     61317
IP address blocks:        45.67.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:05:cd:c1:1c:88:cb:45:3d:b9:d3:b0:75:93:62:c2:ec:76:35:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:55 2024 GMT
            Not After : Feb 24 08:52:55 2025 GMT
        Subject: CN=CE0AB79B2C5B93D3814C6234DE84DBDC25DBF76F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:85:29:d1:be:fd:8a:11:3c:0e:f7:71:36:94:
                    f4:e6:52:10:91:02:30:ec:f2:b1:3d:57:49:a6:c6:
                    94:17:e5:ad:da:78:8e:21:35:f7:71:e7:26:cb:43:
                    fe:de:bc:ba:05:15:21:14:90:f4:73:76:68:5e:ad:
                    64:4c:58:9e:73:2e:a8:ff:3d:18:16:48:a1:8a:ad:
                    86:07:15:8a:06:e9:f9:47:a2:74:bc:25:2f:b4:e8:
                    b9:69:0c:58:4f:3d:d8:74:e0:c6:60:8d:7d:55:e6:
                    79:8b:32:b0:b6:91:f0:e6:6e:09:22:be:ab:52:35:
                    5c:7e:5d:ad:84:72:21:4a:7f:91:51:99:45:87:18:
                    9e:b7:be:98:d3:3d:3e:18:5f:1e:62:7b:54:70:00:
                    f6:fc:a6:58:a5:4f:9d:43:68:81:b9:24:0f:e6:83:
                    3b:dc:be:5f:66:eb:5a:b1:71:55:9b:c7:0d:a4:4d:
                    ae:3b:5d:d7:5a:4f:61:8f:78:be:a8:15:65:ce:eb:
                    ef:1c:d4:a9:46:80:a1:c6:44:62:4b:37:e2:20:8e:
                    b6:0b:36:0d:97:53:78:70:c0:fb:ca:b2:10:18:2d:
                    24:b5:fc:1e:fc:b5:4e:1b:20:ba:40:a7:16:10:73:
                    50:8d:b8:61:d0:f5:96:44:43:61:5d:f8:ae:63:82:
                    20:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0A:B7:9B:2C:5B:93:D3:81:4C:62:34:DE:84:DB:DC:25:DB:F7:6F
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e36372e3232322e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:a8:ad:2d:df:0f:b0:d7:6c:78:48:a2:f5:a8:fb:cd:57:98:
         4b:a1:2d:81:ae:68:54:1d:56:12:0b:72:16:bf:5d:11:8e:21:
         6d:4c:bc:2e:06:71:ec:ff:dd:27:a4:45:79:22:44:d8:bc:81:
         b3:f6:0c:f4:9b:e5:9d:4a:bb:8a:47:f8:bc:74:35:46:b6:c9:
         b2:04:76:ec:54:b4:6b:c2:54:0d:b8:1b:a8:49:ed:b1:f4:3c:
         a6:02:01:69:b0:f6:86:c5:9a:c5:5e:85:de:7d:d3:63:de:85:
         6f:60:80:7d:4b:4e:38:2a:2e:8e:67:1c:9a:cc:ce:cb:73:d5:
         a5:c9:c7:c4:89:dd:e9:51:20:8b:df:35:10:f0:e1:6c:5f:8b:
         c7:db:5d:0e:e4:59:9d:d9:e8:7a:7c:ab:4b:af:3b:30:53:2c:
         3e:d4:af:35:50:b5:72:2f:45:53:da:29:fe:5d:b0:24:db:ea:
         4c:44:17:be:3f:7f:15:b1:a0:d1:16:ab:f0:4b:e3:42:82:dd:
         ae:9b:50:33:de:1c:f5:17:0c:86:9b:b0:37:42:a2:e9:28:c9:
         7e:43:d0:3a:f0:10:d6:ba:5e:7b:3a:35:c7:fb:b8:3f:9b:6d:
         41:00:14:06:42:96:d1:fe:7c:a6:d9:f6:7f:bd:95:64:a7:99:
         e8:6b:a6:d0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUQXNwRyIy0U9udOwdZNiwux2NaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTVaFw0yNTAyMjQwODUyNTVaMDMxMTAvBgNV
BAMTKENFMEFCNzlCMkM1QjkzRDM4MTRDNjIzNERFODREQkRDMjVEQkY3NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hSnRvv2KETwO93E2lPTmUhCR
AjDs8rE9V0mmxpQX5a3aeI4hNfdx5ybLQ/7evLoFFSEUkPRzdmherWRMWJ5zLqj/
PRgWSKGKrYYHFYoG6flHonS8JS+06LlpDFhPPdh04MZgjX1V5nmLMrC2kfDmbgki
vqtSNVx+Xa2EciFKf5FRmUWHGJ63vpjTPT4YXx5ie1RwAPb8plilT51DaIG5JA/m
gzvcvl9m61qxcVWbxw2kTa47XddaT2GPeL6oFWXO6+8c1KlGgKHGRGJLN+IgjrYL
Ng2XU3hwwPvKshAYLSS1/B78tU4bILpApxYQc1CNuGHQ9ZZEQ2Fd+K5jgiBfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUzgq3myxbk9OBTGI03oTb3CXb928wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzYzNzJlMzIzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1D
3jANBgkqhkiG9w0BAQsFAAOCAQEAF6itLd8PsNdseEii9aj7zVeYS6Etga5oVB1W
EgtyFr9dEY4hbUy8LgZx7P/dJ6RFeSJE2LyBs/YM9JvlnUq7ikf4vHQ1RrbJsgR2
7FS0a8JUDbgbqEntsfQ8pgIBabD2hsWaxV6F3n3TY96Fb2CAfUtOOCoujmccmszO
y3PVpcnHxInd6VEgi981EPDhbF+Lx9tdDuRZndnoenyrS687MFMsPtSvNVC1ci9F
U9op/l2wJNvqTEQXvj9/FbGg0Rar8EvjQoLdrptQM94c9RcMhpuwN0Ki6SjJfkPQ
OvAQ1rpeezo1x/u4P5ttQQAUBkKW0f58ptn2f72VZKeZ6Gum0A==
-----END CERTIFICATE-----