Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3138382e302f32342d3332203d3e203531313637.roa
File:                     34352e38382e3138382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          GZ/RWDuvr68Fh1JssIO+8qA9jruXfx60dz0x12kCJbA=
Subject key identifier:   28:ED:2D:58:7D:E9:2B:4B:07:DC:B6:9A:63:87:38:19:90:3C:6D:01
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       3CCEA24719EFB6C99D3A60ACFBBBB33B5E2FD364
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3138382e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:52 +0000
ROA not before:           Mon 26 Feb 2024 08:47:52 +0000
ROA not after:            Mon 24 Feb 2025 08:52:52 +0000
asID:                     51167
IP address blocks:        45.88.188.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ce:a2:47:19:ef:b6:c9:9d:3a:60:ac:fb:bb:b3:3b:5e:2f:d3:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:52 2024 GMT
            Not After : Feb 24 08:52:52 2025 GMT
        Subject: CN=28ED2D587DE92B4B07DCB69A63873819903C6D01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:fa:7d:88:ca:66:4a:ec:35:41:8b:73:1f:2b:
                    02:b7:7c:6c:45:eb:2e:f8:a3:c3:64:1c:26:8e:69:
                    a4:9d:21:ec:e8:ef:7f:97:d7:d9:19:1c:4a:1f:56:
                    f9:b9:27:78:08:95:e4:a7:37:79:c8:9a:11:7e:e9:
                    ab:50:82:35:cc:fd:f2:cb:54:50:01:75:46:e2:f6:
                    ea:1b:36:3a:b8:c4:c7:d4:60:db:31:a5:e9:86:55:
                    f1:80:12:c9:ba:c7:d7:4c:7e:d0:45:7c:e7:fe:25:
                    01:8f:a3:73:1f:3f:33:6b:d8:49:3d:96:ea:7e:59:
                    89:47:59:df:86:d9:15:02:7e:9d:a4:9e:cb:6d:ae:
                    b1:0a:48:c8:08:50:ba:2e:44:31:92:3c:0f:9e:38:
                    87:ec:8a:f4:5f:ef:31:8b:27:36:64:bd:fa:a9:69:
                    18:8d:18:09:d6:ee:14:5d:d7:cc:d1:00:ff:ff:65:
                    fb:6b:a8:de:10:87:82:05:66:a6:0d:26:e5:08:ee:
                    2c:db:74:e7:30:01:68:cc:7a:86:70:46:5e:57:3a:
                    dd:bb:13:39:09:89:51:74:b9:b7:46:15:a9:77:95:
                    49:c7:3f:7b:ba:07:3c:c7:36:9b:2a:8f:a7:69:11:
                    47:98:8b:e8:f0:af:6e:6d:4e:d0:aa:bf:14:b9:7a:
                    67:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:ED:2D:58:7D:E9:2B:4B:07:DC:B6:9A:63:87:38:19:90:3C:6D:01
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3138382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:ca:5d:12:18:51:9a:e6:62:1c:b1:70:6c:70:b1:23:f3:58:
         f2:9e:e4:fd:7b:39:2f:43:01:9b:2d:70:e6:f2:f5:72:a1:65:
         65:ec:cb:ea:47:97:fb:62:e9:fd:a5:f0:38:0b:00:1b:32:18:
         a5:8e:59:fb:d9:6c:b6:e3:35:b9:85:a4:4a:9d:1d:73:ae:48:
         33:9e:9f:45:ef:0c:78:e3:37:5b:4e:07:39:a2:09:ae:ed:9d:
         56:ec:02:73:7a:3c:6e:4b:18:67:03:10:b6:51:9c:f6:dd:8d:
         8f:93:1d:11:d3:59:4c:95:ed:23:fc:3b:2e:01:c2:07:23:c4:
         d1:9c:b5:31:55:4f:60:17:33:21:45:97:0a:f6:8d:34:ac:ba:
         49:c0:8e:f0:17:fb:b9:53:aa:22:78:b4:36:f1:53:0b:04:b6:
         ad:76:c5:98:91:ed:f9:2f:1a:92:dd:6c:8b:74:1c:33:24:f9:
         33:5b:1e:db:fd:ef:16:ed:3c:84:c5:c5:32:97:0f:3f:f7:a6:
         a1:41:44:cf:cb:2d:ee:ff:5c:c5:0f:db:0c:f3:d8:24:25:8b:
         5e:e4:3c:c5:26:2a:bc:12:e8:db:7b:f7:f6:43:80:d4:19:dc:
         ce:a7:8e:ad:c4:27:38:07:03:b8:52:82:40:92:3e:f5:b2:a1:
         ca:d3:c1:5e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPM6iRxnvtsmdOmCs+7uzO14v02QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTJaFw0yNTAyMjQwODUyNTJaMDMxMTAvBgNV
BAMTKDI4RUQyRDU4N0RFOTJCNEIwN0RDQjY5QTYzODczODE5OTAzQzZEMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDt+n2IymZK7DVBi3MfKwK3fGxF
6y74o8NkHCaOaaSdIezo73+X19kZHEofVvm5J3gIleSnN3nImhF+6atQgjXM/fLL
VFABdUbi9uobNjq4xMfUYNsxpemGVfGAEsm6x9dMftBFfOf+JQGPo3MfPzNr2Ek9
lup+WYlHWd+G2RUCfp2knsttrrEKSMgIULouRDGSPA+eOIfsivRf7zGLJzZkvfqp
aRiNGAnW7hRd18zRAP//ZftrqN4Qh4IFZqYNJuUI7izbdOcwAWjMeoZwRl5XOt27
EzkJiVF0ubdGFal3lUnHP3u6BzzHNpsqj6dpEUeYi+jwr25tTtCqvxS5emfRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKO0tWH3pK0sH3LaaY4c4GZA8bQEwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzODJlMzEzODM4
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
vDANBgkqhkiG9w0BAQsFAAOCAQEADcpdEhhRmuZiHLFwbHCxI/NY8p7k/Xs5L0MB
my1w5vL1cqFlZezL6keX+2Lp/aXwOAsAGzIYpY5Z+9lstuM1uYWkSp0dc65IM56f
Re8MeOM3W04HOaIJru2dVuwCc3o8bksYZwMQtlGc9t2Nj5MdEdNZTJXtI/w7LgHC
ByPE0Zy1MVVPYBczIUWXCvaNNKy6ScCO8Bf7uVOqIni0NvFTCwS2rXbFmJHt+S8a
kt1si3QcMyT5M1se2/3vFu08hMXFMpcPP/emoUFEz8st7v9cxQ/bDPPYJCWLXuQ8
xSYqvBLo23v39kOA1BnczqeOrcQnOAcDuFKCQJI+9bKhytPBXg==
-----END CERTIFICATE-----