Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3138392e302f32342d3332203d3e203531313637.roa
File:                     34352e38382e3138392e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          C436zqlE+D55loMpFR6AZHKTuHJyFZTMnw56Pazf9yY=
Subject key identifier:   BA:BB:58:05:FD:B3:B4:D2:0D:6B:F4:D6:A5:5C:F0:80:B3:4E:AC:61
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       70C7CBBF98953207F80C6CCF1F1A7DDF2E91E5C4
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3138392e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:48 +0000
ROA not before:           Mon 26 Feb 2024 08:47:48 +0000
ROA not after:            Mon 24 Feb 2025 08:52:48 +0000
asID:                     51167
IP address blocks:        45.88.189.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c7:cb:bf:98:95:32:07:f8:0c:6c:cf:1f:1a:7d:df:2e:91:e5:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:48 2024 GMT
            Not After : Feb 24 08:52:48 2025 GMT
        Subject: CN=BABB5805FDB3B4D20D6BF4D6A55CF080B34EAC61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e4:7b:16:04:66:5b:ee:79:39:4d:be:85:40:
                    d6:fe:34:15:b4:61:64:10:20:7d:44:63:50:9c:23:
                    c7:5d:64:a7:8b:d8:4c:7e:f0:6a:eb:0f:9a:00:94:
                    42:8a:73:6e:cd:76:10:79:4b:a0:9c:51:24:c6:46:
                    8a:e3:d7:55:c4:12:cf:a3:e0:fa:87:94:36:d1:8f:
                    7c:bf:76:d0:19:02:8f:92:9f:c5:63:e5:e8:f8:6d:
                    84:1a:72:9c:0c:66:3b:3d:77:82:3c:f4:f1:68:02:
                    60:e8:91:c3:1d:56:42:21:fc:9b:59:7a:19:20:14:
                    65:71:1b:c2:54:e1:be:09:5f:ea:29:0f:72:2b:d6:
                    29:d9:b1:67:57:4b:88:17:3c:f7:d5:bb:af:b9:3d:
                    f4:df:3e:e6:f7:6b:0c:17:63:10:0b:81:33:79:1c:
                    a9:b9:84:5b:2a:91:e4:d3:7f:c3:af:71:99:d5:54:
                    a9:37:96:e9:ec:4f:b1:5b:5b:8b:0c:02:15:86:b3:
                    2b:33:c5:bb:df:84:47:71:ef:48:50:75:80:75:73:
                    b2:de:e1:cf:55:7c:3e:3e:2a:c7:ad:f6:7f:d8:0f:
                    72:6d:23:36:a9:60:2a:8b:86:9b:32:b9:c3:54:44:
                    cd:70:59:26:23:cf:7f:f0:28:d7:33:87:6c:31:0d:
                    19:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:BB:58:05:FD:B3:B4:D2:0D:6B:F4:D6:A5:5C:F0:80:B3:4E:AC:61
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3138392e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:2a:83:b0:24:0e:91:bc:69:3c:77:f9:6e:74:4c:41:08:f0:
         6a:14:e9:1b:34:ef:cb:ad:c3:4c:71:78:9b:f1:e3:ee:bf:09:
         35:6b:2f:a5:12:a8:cc:9c:53:00:06:6d:97:bd:8f:67:92:5c:
         6c:e1:75:3f:34:a5:34:66:58:78:94:e9:eb:17:97:9e:8d:ee:
         25:3f:96:72:3f:48:71:80:9c:8f:5b:37:4b:ac:8c:59:90:09:
         7d:ec:7f:8c:bb:d0:f9:0c:84:9d:e8:6f:f6:89:f7:c2:93:5d:
         55:65:80:df:86:1e:f3:3c:f6:50:9f:a8:77:b6:05:ce:07:4c:
         53:24:30:b2:3f:58:9d:58:f8:b2:ac:29:c5:8e:c9:55:50:29:
         53:ee:1d:0a:de:4c:c5:36:d7:61:0c:56:c2:70:0e:68:0f:7c:
         b2:fe:7e:f6:b8:07:74:b4:63:54:0f:3d:ca:8c:f6:28:c7:d0:
         75:a4:e0:99:4f:1e:6f:46:5c:48:60:c3:fe:d5:ea:8f:e6:ec:
         db:d9:14:a7:f1:55:5d:cb:36:c3:8d:e7:95:09:e3:b1:8d:be:
         07:51:e8:07:a7:60:59:66:eb:de:cd:2b:84:50:4e:70:98:98:
         89:e5:35:f7:b6:ec:e4:8c:17:d4:5d:ed:8e:4b:43:21:cf:f0:
         2a:7e:9b:b6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcMfLv5iVMgf4DGzPHxp93y6R5cQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDhaFw0yNTAyMjQwODUyNDhaMDMxMTAvBgNV
BAMTKEJBQkI1ODA1RkRCM0I0RDIwRDZCRjRENkE1NUNGMDgwQjM0RUFDNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP5HsWBGZb7nk5Tb6FQNb+NBW0
YWQQIH1EY1CcI8ddZKeL2Ex+8GrrD5oAlEKKc27NdhB5S6CcUSTGRorj11XEEs+j
4PqHlDbRj3y/dtAZAo+Sn8Vj5ej4bYQacpwMZjs9d4I89PFoAmDokcMdVkIh/JtZ
ehkgFGVxG8JU4b4JX+opD3Ir1inZsWdXS4gXPPfVu6+5PfTfPub3awwXYxALgTN5
HKm5hFsqkeTTf8OvcZnVVKk3lunsT7FbW4sMAhWGsyszxbvfhEdx70hQdYB1c7Le
4c9VfD4+Kset9n/YD3JtIzapYCqLhpsyucNURM1wWSYjz3/wKNczh2wxDRmBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUurtYBf2ztNINa/TWpVzwgLNOrGEwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzODJlMzEzODM5
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
vTANBgkqhkiG9w0BAQsFAAOCAQEAKiqDsCQOkbxpPHf5bnRMQQjwahTpGzTvy63D
THF4m/Hj7r8JNWsvpRKozJxTAAZtl72PZ5JcbOF1PzSlNGZYeJTp6xeXno3uJT+W
cj9IcYCcj1s3S6yMWZAJfex/jLvQ+QyEnehv9on3wpNdVWWA34Ye8zz2UJ+od7YF
zgdMUyQwsj9YnVj4sqwpxY7JVVApU+4dCt5MxTbXYQxWwnAOaA98sv5+9rgHdLRj
VA89yoz2KMfQdaTgmU8eb0ZcSGDD/tXqj+bs29kUp/FVXcs2w43nlQnjsY2+B1Ho
B6dgWWbr3s0rhFBOcJiYieU197bs5IwX1F3tjktDIc/wKn6btg==
-----END CERTIFICATE-----