Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39302e3232302e302f32342d3234203d3e203437353833.roa
File:                     34352e39302e3232302e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          yq26NhOI5WQ2MpI7t4emUwnA1kpEjGjaAclAZa6IdAw=
Subject key identifier:   CE:59:07:14:9B:57:82:D8:6D:F4:DA:6B:A1:B9:E8:0B:1F:66:32:67
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       67BDA54601456C1CD565D3F58C44C219BBC32B59
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39302e3232302e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:49 +0000
ROA not before:           Mon 26 Feb 2024 08:47:49 +0000
ROA not after:            Mon 24 Feb 2025 08:52:49 +0000
asID:                     47583
IP address blocks:        45.90.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:bd:a5:46:01:45:6c:1c:d5:65:d3:f5:8c:44:c2:19:bb:c3:2b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:49 2024 GMT
            Not After : Feb 24 08:52:49 2025 GMT
        Subject: CN=CE5907149B5782D86DF4DA6BA1B9E80B1F663267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:10:62:1d:82:32:c0:98:fd:21:52:72:1f:a8:
                    10:d4:18:b8:06:a1:07:c2:74:75:02:dd:7e:37:e8:
                    23:58:c2:85:1e:6c:42:ad:66:8e:ab:bf:bb:df:eb:
                    cb:31:31:91:56:ab:74:1a:80:fe:6c:f6:41:f1:ae:
                    a3:a4:b4:fa:aa:41:42:2c:91:28:80:c5:4c:54:75:
                    f9:25:ad:e2:81:f1:61:11:16:b2:88:f2:3b:b8:a3:
                    c8:62:29:8f:3b:34:4a:f1:05:a2:4a:d3:be:b4:44:
                    a0:71:b8:af:d0:fe:54:a3:62:16:1a:93:8e:b5:33:
                    56:01:39:d3:b2:f8:63:91:d6:d6:dc:b7:6a:d3:ce:
                    b0:41:02:4f:67:5f:b7:9b:c9:d7:a1:fa:07:90:9e:
                    07:fa:ab:4c:c0:b6:6a:4a:a4:07:d3:8c:a0:06:fb:
                    bd:1e:37:a4:79:89:d7:24:8b:1d:e3:d1:2c:04:16:
                    28:e0:31:39:ed:4a:99:e4:ee:d4:5a:d7:cb:0e:0f:
                    c5:3b:cf:be:db:5c:2a:6a:3b:35:d3:b3:48:0a:85:
                    c5:9e:56:46:b0:07:56:e9:91:5e:59:d8:84:e6:49:
                    48:6b:a9:99:ac:e3:5d:8d:d9:51:7f:61:d9:e8:f6:
                    7a:2d:71:09:69:f1:3e:2f:73:d2:d2:05:34:af:69:
                    f1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:59:07:14:9B:57:82:D8:6D:F4:DA:6B:A1:B9:E8:0B:1F:66:32:67
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39302e3232302e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:7e:a5:9a:b4:73:e2:f0:8f:72:df:f3:91:e0:d9:d9:70:63:
         b3:76:82:8c:c2:7a:30:ba:8c:3e:a3:d7:24:d1:b4:ee:5f:a3:
         83:c6:ac:5d:d0:62:6b:7d:46:e5:f6:eb:33:6d:c5:8f:d2:b1:
         44:4d:b7:3c:67:4f:12:8b:5f:01:c8:b9:0e:ad:d0:ca:1d:ff:
         e5:fe:f3:73:dd:22:0e:6a:f6:02:5a:c5:1d:27:72:e1:f6:77:
         e1:01:2e:22:cc:01:59:3a:22:26:2f:36:27:5f:03:65:0d:aa:
         ec:17:85:12:9c:99:7e:3c:9c:f1:d3:a4:d1:4c:ab:6a:88:d4:
         21:b5:1e:11:1c:8c:2b:e3:51:b9:d1:7a:97:5c:90:3c:06:7e:
         4d:7c:8d:fa:b7:72:de:1b:69:8f:90:91:83:8d:27:0e:f0:3e:
         0f:2b:8d:0b:65:15:75:4e:ba:e9:c6:87:1c:26:4c:94:94:d7:
         7f:35:67:71:ad:17:7b:0a:ef:43:74:ef:41:5c:62:6a:07:66:
         61:50:9c:ec:8c:c4:f5:e9:c8:04:35:6a:bb:1d:4b:b4:17:6f:
         71:64:56:d8:be:60:85:5b:17:a3:b4:cb:93:0a:a3:c7:e3:4f:
         99:36:d0:72:72:80:90:37:7c:43:24:9f:df:26:bb:e2:2b:ff:
         4b:16:69:bf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZ72lRgFFbBzVZdP1jETCGbvDK1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDlaFw0yNTAyMjQwODUyNDlaMDMxMTAvBgNV
BAMTKENFNTkwNzE0OUI1NzgyRDg2REY0REE2QkExQjlFODBCMUY2NjMyNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnEGIdgjLAmP0hUnIfqBDUGLgG
oQfCdHUC3X436CNYwoUebEKtZo6rv7vf68sxMZFWq3QagP5s9kHxrqOktPqqQUIs
kSiAxUxUdfklreKB8WERFrKI8ju4o8hiKY87NErxBaJK0760RKBxuK/Q/lSjYhYa
k461M1YBOdOy+GOR1tbct2rTzrBBAk9nX7ebydeh+geQngf6q0zAtmpKpAfTjKAG
+70eN6R5idckix3j0SwEFijgMTntSpnk7tRa18sOD8U7z77bXCpqOzXTs0gKhcWe
VkawB1bpkV5Z2ITmSUhrqZms412N2VF/Ydno9notcQlp8T4vc9LSBTSvafGTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUzlkHFJtXgtht9NprobnoCx9mMmcwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzkzMDJlMzIzMjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1a
3DANBgkqhkiG9w0BAQsFAAOCAQEAcX6lmrRz4vCPct/zkeDZ2XBjs3aCjMJ6MLqM
PqPXJNG07l+jg8asXdBia31G5fbrM23Fj9KxRE23PGdPEotfAci5Dq3Qyh3/5f7z
c90iDmr2AlrFHSdy4fZ34QEuIswBWToiJi82J18DZQ2q7BeFEpyZfjyc8dOk0Uyr
aojUIbUeERyMK+NRudF6l1yQPAZ+TXyN+rdy3htpj5CRg40nDvA+DyuNC2UVdU66
6caHHCZMlJTXfzVnca0XewrvQ3TvQVxiagdmYVCc7IzE9enIBDVqux1LtBdvcWRW
2L5ghVsXo7TLkwqjx+NPmTbQcnKAkDd8QySf3ya74iv/SxZpvw==
-----END CERTIFICATE-----