Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3139312e302f32342d3332203d3e203531313637.roa
File:                     34352e38382e3139312e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          5uprc3pBxEEUZhCCEza3giHzaU/iZI2IrmSwvcWfBq0=
Subject key identifier:   F8:BF:4D:25:2F:97:6E:90:63:61:D0:F0:98:93:6D:D3:75:34:9E:6E
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6B7311AF30D2B0D95C33172E8267590B53DC27A7
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3139312e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:57 +0000
ROA not before:           Mon 26 Feb 2024 08:47:57 +0000
ROA not after:            Mon 24 Feb 2025 08:52:57 +0000
asID:                     51167
IP address blocks:        45.88.191.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:73:11:af:30:d2:b0:d9:5c:33:17:2e:82:67:59:0b:53:dc:27:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:57 2024 GMT
            Not After : Feb 24 08:52:57 2025 GMT
        Subject: CN=F8BF4D252F976E906361D0F098936DD375349E6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:23:05:6e:18:44:f0:67:cc:1b:d7:69:86:06:
                    13:07:fe:00:c2:4f:64:23:da:fa:16:67:a3:d4:6e:
                    c5:49:da:84:6a:dd:0a:30:af:0d:23:e1:c5:2b:99:
                    5a:8a:9e:40:fb:b4:ba:0d:e7:46:0d:d1:5d:30:d8:
                    f1:47:ac:3e:26:d5:60:60:39:7c:d6:a8:f2:ea:87:
                    38:5f:d5:f0:f9:59:15:c3:df:4f:00:d5:5b:29:46:
                    83:0d:ed:29:40:66:2a:af:08:7a:ab:f2:73:3c:7f:
                    cb:c9:53:6b:f9:a9:d1:cc:2a:4d:3f:e3:c6:15:5d:
                    9f:82:4d:25:32:2e:33:04:fb:d9:30:30:da:22:02:
                    53:9b:03:90:a2:65:8e:7b:c0:91:38:2f:ec:45:00:
                    75:7e:cd:f1:0f:2c:f0:e7:7b:52:c1:92:00:e9:97:
                    5d:3f:01:cc:b5:b3:a5:26:16:c1:8d:bd:d1:9d:c0:
                    c5:12:14:66:9e:14:a7:22:3a:71:56:17:7c:de:10:
                    d3:06:63:29:d3:52:8c:9a:83:48:15:a6:10:c5:d7:
                    bc:0b:49:2b:43:84:e9:b2:f3:e6:c3:06:cc:68:45:
                    ad:a2:62:1f:ca:12:b6:a9:88:fa:e9:04:bf:86:3d:
                    4f:09:65:20:32:28:38:cd:e3:f4:d4:d5:1e:2f:cd:
                    54:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BF:4D:25:2F:97:6E:90:63:61:D0:F0:98:93:6D:D3:75:34:9E:6E
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e38382e3139312e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:5e:7c:21:37:45:25:b3:54:01:73:16:d2:6a:c8:28:ba:19:
         d7:ad:a7:ca:61:d3:85:9c:80:96:cf:6d:41:c7:a2:50:6a:b3:
         a8:c3:38:7e:2a:e7:8b:d9:2b:09:c8:8f:01:98:2a:ce:9d:03:
         df:89:52:52:5b:03:c7:f5:e0:a7:eb:3d:ce:d9:3b:f9:40:2e:
         cb:27:52:4a:d1:29:ee:3e:f4:90:0f:dc:28:34:03:46:2c:15:
         d3:34:66:30:15:25:aa:57:0a:5a:b7:6a:4a:3d:87:42:0e:c1:
         06:31:64:41:04:4d:c1:dd:20:03:13:f9:0c:95:f8:16:2d:45:
         7f:3b:02:bb:b0:f1:b8:74:93:e7:e5:de:c9:63:79:e6:78:1d:
         73:f6:49:25:c0:89:f3:0d:35:5e:77:08:61:82:4f:70:9e:8a:
         d8:71:bd:dc:a7:e3:cc:99:f6:d9:39:6f:08:64:72:a6:95:5f:
         05:db:a2:70:f8:82:62:e6:65:a4:59:13:a8:eb:8a:7f:ac:49:
         0c:6b:af:ff:8f:9e:23:2e:71:6f:8d:75:ed:75:8f:95:3a:10:
         68:3b:1d:36:96:0e:46:ee:94:f9:a1:da:f0:d9:57:e9:24:04:
         12:b6:fe:7a:76:25:5e:28:e1:49:42:90:71:d9:96:0a:97:84:
         dd:40:b7:48
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUa3MRrzDSsNlcMxcugmdZC1PcJ6cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTdaFw0yNTAyMjQwODUyNTdaMDMxMTAvBgNV
BAMTKEY4QkY0RDI1MkY5NzZFOTA2MzYxRDBGMDk4OTM2REQzNzUzNDlFNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkIwVuGETwZ8wb12mGBhMH/gDC
T2Qj2voWZ6PUbsVJ2oRq3Qowrw0j4cUrmVqKnkD7tLoN50YN0V0w2PFHrD4m1WBg
OXzWqPLqhzhf1fD5WRXD308A1VspRoMN7SlAZiqvCHqr8nM8f8vJU2v5qdHMKk0/
48YVXZ+CTSUyLjME+9kwMNoiAlObA5CiZY57wJE4L+xFAHV+zfEPLPDne1LBkgDp
l10/Acy1s6UmFsGNvdGdwMUSFGaeFKciOnFWF3zeENMGYynTUoyag0gVphDF17wL
SStDhOmy8+bDBsxoRa2iYh/KErapiPrpBL+GPU8JZSAyKDjN4/TU1R4vzVTVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+L9NJS+XbpBjYdDwmJNt03U0nm4wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgzODJlMzEzOTMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
vzANBgkqhkiG9w0BAQsFAAOCAQEAl158ITdFJbNUAXMW0mrIKLoZ162nymHThZyA
ls9tQceiUGqzqMM4firni9krCciPAZgqzp0D34lSUlsDx/Xgp+s9ztk7+UAuyydS
StEp7j70kA/cKDQDRiwV0zRmMBUlqlcKWrdqSj2HQg7BBjFkQQRNwd0gAxP5DJX4
Fi1FfzsCu7DxuHST5+XeyWN55ngdc/ZJJcCJ8w01XncIYYJPcJ6K2HG93KfjzJn2
2TlvCGRyppVfBduicPiCYuZlpFkTqOuKf6xJDGuv/4+eIy5xb4117XWPlToQaDsd
NpYORu6U+aHa8NlX6SQEErb+enYlXijhSUKQcdmWCpeE3UC3SA==
-----END CERTIFICATE-----