Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e342e302f32342d3234203d3e20313336373837.roa
File:                     34352e38312e342e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          xdHg8rbFcqyWvQUuVh5q3dntn0J4Ac7/dFmwQczjU2A=
Subject key identifier:   2A:14:2F:AD:D5:38:A0:81:33:D2:41:1D:01:79:06:4B:4B:54:50:76
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       52FD0C34BA07C4AC3F3AFA76973B67ACFECF81BD
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e342e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:40 +0000
ROA not before:           Wed 07 Feb 2024 12:28:40 +0000
ROA not after:            Wed 05 Feb 2025 12:33:40 +0000
asID:                     136787
IP address blocks:        45.81.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:fd:0c:34:ba:07:c4:ac:3f:3a:fa:76:97:3b:67:ac:fe:cf:81:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:40 2024 GMT
            Not After : Feb  5 12:33:40 2025 GMT
        Subject: CN=2A142FADD538A08133D2411D0179064B4B545076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:20:23:bf:e6:59:21:ff:94:bc:40:ba:bd:a1:
                    7a:a3:bc:b5:c2:63:ea:f0:1c:25:8b:81:cf:82:0b:
                    62:87:88:b7:36:b0:ad:27:fc:e7:15:81:a4:03:7d:
                    c6:cb:44:89:19:1e:66:f4:35:6d:36:85:2c:09:be:
                    8c:d4:8a:4d:d4:12:c8:53:a5:c9:03:03:77:af:ea:
                    0e:36:e2:cb:9a:ec:e7:c7:aa:39:9d:46:7f:51:d3:
                    96:e1:e8:d4:23:ca:32:b3:65:37:9b:6b:e5:ff:c2:
                    ed:3d:34:bf:90:33:a3:6e:ce:03:05:99:cd:dc:1f:
                    3e:e3:4a:19:6e:18:00:a3:58:1e:92:3f:03:85:5e:
                    c0:f3:5f:f7:05:f9:87:92:fc:b7:13:2e:d7:3e:d5:
                    1e:06:d6:48:a8:ac:e6:e4:40:0d:19:d9:b3:b8:f2:
                    e1:77:44:da:06:89:f0:4c:9b:17:b7:56:9a:0c:8f:
                    50:6f:b3:51:d5:0d:0d:d1:c2:5a:2e:a9:cb:f3:ec:
                    1b:66:f3:3f:ec:af:f5:92:7a:44:9b:4b:79:59:0a:
                    66:94:28:0e:2d:96:53:38:ca:7d:f3:c8:f4:66:96:
                    e8:c1:30:cd:26:39:33:ce:ce:32:ad:65:63:a6:d9:
                    3c:55:e6:c2:61:a8:05:a9:55:db:56:3f:57:b7:6e:
                    7b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:14:2F:AD:D5:38:A0:81:33:D2:41:1D:01:79:06:4B:4B:54:50:76
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e342e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:cd:d5:c6:8c:e8:dc:63:5f:50:b8:83:51:ea:ba:6f:9d:88:
         f7:b7:41:bf:d4:60:be:d4:d8:9a:8f:19:7b:9a:32:81:65:51:
         12:3a:fd:c9:97:43:bc:b3:6b:20:35:77:9e:a1:68:f6:31:8b:
         ab:51:5b:12:34:dc:e5:97:1e:50:24:ad:14:95:97:3d:2d:6f:
         c8:98:0e:af:74:d4:87:61:3f:2b:03:c5:a1:3f:82:24:ee:dc:
         7b:e0:6b:72:55:f3:c4:7e:4f:69:09:7c:10:34:21:8f:d2:da:
         bf:eb:51:90:4a:c4:4f:cb:d3:f7:a9:1d:18:fc:6f:69:92:4d:
         4a:ea:fa:34:bb:dd:05:76:54:d2:07:93:81:58:79:05:16:18:
         67:a7:fd:ef:7a:d5:39:d5:80:36:02:03:c2:71:5d:9b:ba:78:
         5e:d2:44:a6:42:f1:01:13:22:1f:f0:10:de:2c:21:c2:bf:5f:
         26:1a:4d:1a:7e:39:50:39:51:28:03:a0:7a:36:68:a2:d0:f6:
         5e:44:3a:03:fb:12:5f:a4:73:fc:36:49:1a:57:36:35:36:2d:
         25:bd:4f:60:78:9d:04:08:54:61:07:8e:0d:d8:ea:9e:ee:a5:
         0b:88:81:55:d1:82:84:ed:0c:28:b1:08:9c:f0:90:0c:43:7d:
         d4:8b:e2:18
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUv0MNLoHxKw/Ovp2lztnrP7Pgb0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NDBaFw0yNTAyMDUxMjMzNDBaMDMxMTAvBgNV
BAMTKDJBMTQyRkFERDUzOEEwODEzM0QyNDExRDAxNzkwNjRCNEI1NDUwNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkICO/5lkh/5S8QLq9oXqjvLXC
Y+rwHCWLgc+CC2KHiLc2sK0n/OcVgaQDfcbLRIkZHmb0NW02hSwJvozUik3UEshT
pckDA3ev6g424sua7OfHqjmdRn9R05bh6NQjyjKzZTeba+X/wu09NL+QM6NuzgMF
mc3cHz7jShluGACjWB6SPwOFXsDzX/cF+YeS/LcTLtc+1R4G1kiorObkQA0Z2bO4
8uF3RNoGifBMmxe3VpoMj1Bvs1HVDQ3Rwlouqcvz7Btm8z/sr/WSekSbS3lZCmaU
KA4tllM4yn3zyPRmlujBMM0mOTPOzjKtZWOm2TxV5sJhqAWpVdtWP1e3bnsJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUKhQvrdU4oIEz0kEdAXkGS0tUUHYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzMTJlMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUQQw
DQYJKoZIhvcNAQELBQADggEBAADN1caM6NxjX1C4g1Hqum+diPe3Qb/UYL7U2JqP
GXuaMoFlURI6/cmXQ7yzayA1d56haPYxi6tRWxI03OWXHlAkrRSVlz0tb8iYDq90
1IdhPysDxaE/giTu3Hvga3JV88R+T2kJfBA0IY/S2r/rUZBKxE/L0/epHRj8b2mS
TUrq+jS73QV2VNIHk4FYeQUWGGen/e961TnVgDYCA8JxXZu6eF7SRKZC8QETIh/w
EN4sIcK/XyYaTRp+OVA5USgDoHo2aKLQ9l5EOgP7El+kc/w2SRpXNjU2LSW9T2B4
nQQIVGEHjg3Y6p7upQuIgVXRgoTtDCixCJzwkAxDfdSL4hg=
-----END CERTIFICATE-----