Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e352e302f32342d3234203d3e20313336373837.roa
File:                     34352e38312e352e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          gBg1YPmPTWZYCObAoprFa8k1X1P+jpTr3Vjdj9r2OZ0=
Subject key identifier:   4B:8D:40:F1:F2:DA:74:31:DB:47:E4:66:2F:1D:BE:30:B5:5E:18:9B
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       582F00D13BA06B4CC2E29738EE2BCC4ADCB36A4B
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e352e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 07 Feb 2024 12:33:41 +0000
ROA not before:           Wed 07 Feb 2024 12:28:41 +0000
ROA not after:            Wed 05 Feb 2025 12:33:41 +0000
asID:                     136787
IP address blocks:        45.81.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:2f:00:d1:3b:a0:6b:4c:c2:e2:97:38:ee:2b:cc:4a:dc:b3:6a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb  7 12:28:41 2024 GMT
            Not After : Feb  5 12:33:41 2025 GMT
        Subject: CN=4B8D40F1F2DA7431DB47E4662F1DBE30B55E189B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5b:2a:3f:4a:e7:2a:09:ba:60:ae:40:d9:5c:
                    59:96:89:8a:14:db:14:2a:2c:95:8c:3f:16:a4:04:
                    c1:70:d9:c8:17:4d:7d:6d:bb:ad:95:ff:94:81:e3:
                    bf:4b:2a:59:76:56:95:02:f4:28:fe:ba:f8:80:3f:
                    db:32:02:71:0d:54:10:69:82:3f:36:50:b8:2f:54:
                    40:23:ae:c7:49:80:f5:4c:98:ee:c6:d9:6b:f6:77:
                    c1:d3:a7:91:7e:01:41:14:18:c7:f3:e5:d2:d8:75:
                    d9:5a:67:ba:19:54:39:69:38:07:2a:f4:da:a2:d1:
                    33:77:1c:93:41:a4:ae:94:ee:5f:1a:fe:a5:b5:ad:
                    27:0d:f1:4d:22:50:1a:c0:3b:47:10:c6:6b:20:22:
                    12:04:5e:01:88:a0:fa:75:0b:11:1f:68:36:25:8e:
                    9c:42:44:78:56:96:4b:3d:30:5d:b3:c7:f5:30:94:
                    79:64:d8:1c:53:b4:dc:5f:45:34:0d:69:94:28:e7:
                    01:a7:2d:b0:79:2d:8f:7b:ed:14:16:8c:11:1c:ea:
                    dd:7c:00:cf:34:5b:fc:1e:0d:a3:5d:da:b8:52:8f:
                    9d:df:c7:ee:4a:52:0f:84:dc:c8:a3:45:73:c2:b9:
                    73:90:08:e3:e6:1f:cc:3b:cc:e3:a6:79:f4:ee:aa:
                    75:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8D:40:F1:F2:DA:74:31:DB:47:E4:66:2F:1D:BE:30:B5:5E:18:9B
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38312e352e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:43:61:35:08:a5:57:85:43:2c:e3:99:f5:45:23:88:04:8a:
         77:d3:dc:99:5a:d0:df:94:7f:bd:a8:60:98:94:4c:02:fe:2a:
         67:a4:62:19:10:b4:3e:8c:91:c1:76:80:1a:0d:7c:41:c3:b8:
         5c:09:ea:9c:d2:b3:85:b8:54:8a:77:99:f4:84:36:23:23:6c:
         06:13:ca:43:8a:6c:67:b6:bf:b1:a3:c3:ac:6f:9a:dc:af:55:
         6d:12:ab:e5:63:11:3b:50:ed:9c:d6:02:17:94:7d:a4:8d:f8:
         e9:c8:d8:86:87:6e:a6:e5:c3:fe:5c:cd:5a:7c:74:e3:77:26:
         43:36:f0:d4:e8:c1:e1:ef:4e:50:31:a6:33:5a:de:23:8a:0b:
         b6:b3:c5:7e:31:73:5c:86:a4:0a:27:ea:f7:3f:9f:36:f0:a3:
         27:10:a3:62:41:41:23:9c:ca:5f:cb:c9:bd:70:92:c2:fe:dd:
         24:b2:7b:32:a9:b1:1d:bb:a4:a3:ac:f6:57:22:94:f0:f6:43:
         46:41:09:72:37:ce:0d:ae:07:fc:fc:97:f8:d7:98:9c:d1:ec:
         c9:2d:24:dd:ac:c2:9f:50:42:8c:2b:39:4d:26:8a:b6:02:43:
         b7:28:02:0e:a6:2e:0b:eb:01:37:fa:19:48:0c:48:0f:2c:bd:
         5b:3a:2d:d4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWC8A0Tuga0zC4pc47ivMStyzakswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMDcxMjI4NDFaFw0yNTAyMDUxMjMzNDFaMDMxMTAvBgNV
BAMTKDRCOEQ0MEYxRjJEQTc0MzFEQjQ3RTQ2NjJGMURCRTMwQjU1RTE4OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoWyo/SucqCbpgrkDZXFmWiYoU
2xQqLJWMPxakBMFw2cgXTX1tu62V/5SB479LKll2VpUC9Cj+uviAP9syAnENVBBp
gj82ULgvVEAjrsdJgPVMmO7G2Wv2d8HTp5F+AUEUGMfz5dLYddlaZ7oZVDlpOAcq
9Nqi0TN3HJNBpK6U7l8a/qW1rScN8U0iUBrAO0cQxmsgIhIEXgGIoPp1CxEfaDYl
jpxCRHhWlks9MF2zx/UwlHlk2BxTtNxfRTQNaZQo5wGnLbB5LY977RQWjBEc6t18
AM80W/weDaNd2rhSj53fx+5KUg+E3MijRXPCuXOQCOPmH8w7zOOmefTuqnXjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUS41A8fLadDHbR+RmLx2+MLVeGJswHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzMTJlMzUyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzYzNzM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUQUw
DQYJKoZIhvcNAQELBQADggEBAEpDYTUIpVeFQyzjmfVFI4gEinfT3Jla0N+Uf72o
YJiUTAL+KmekYhkQtD6MkcF2gBoNfEHDuFwJ6pzSs4W4VIp3mfSENiMjbAYTykOK
bGe2v7Gjw6xvmtyvVW0Sq+VjETtQ7ZzWAheUfaSN+OnI2IaHbqblw/5czVp8dON3
JkM28NToweHvTlAxpjNa3iOKC7azxX4xc1yGpAon6vc/nzbwoycQo2JBQSOcyl/L
yb1wksL+3SSyezKpsR27pKOs9lcilPD2Q0ZBCXI3zg2uB/z8l/jXmJzR7MktJN2s
wp9QQowrOU0mirYCQ7coAg6mLgvrATf6GUgMSA8svVs6LdQ=
-----END CERTIFICATE-----