Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39302e3232332e302f32342d3234203d3e203437353833.roa
File:                     34352e39302e3232332e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          3dFU3QMl0ZkKs9F6Q1t5naBoG/dtlEiEtSK6gw9Rq5w=
Subject key identifier:   0E:4B:6B:13:A7:A3:73:0F:54:47:FA:E8:31:4C:6F:9D:2B:19:CD:C7
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       0CBB649BB980D0BDF28D8C5D22A32BBCDFC276B0
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39302e3232332e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:53 +0000
ROA not before:           Mon 26 Feb 2024 08:47:53 +0000
ROA not after:            Mon 24 Feb 2025 08:52:53 +0000
asID:                     47583
IP address blocks:        45.90.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:bb:64:9b:b9:80:d0:bd:f2:8d:8c:5d:22:a3:2b:bc:df:c2:76:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:53 2024 GMT
            Not After : Feb 24 08:52:53 2025 GMT
        Subject: CN=0E4B6B13A7A3730F5447FAE8314C6F9D2B19CDC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e5:f0:9d:65:98:52:65:39:18:2d:07:10:a4:
                    92:46:25:66:db:98:18:8f:28:1a:88:94:62:ae:77:
                    f8:73:f9:a4:87:84:ca:05:58:a4:6c:20:2a:57:67:
                    2b:98:10:9a:3f:21:4a:df:7c:82:f9:22:f8:85:06:
                    4c:1a:95:0e:ac:43:e9:8f:79:96:51:27:17:d5:6e:
                    1d:4c:1d:0a:c8:95:ea:08:e5:e8:9e:be:c5:4f:fb:
                    69:ff:90:80:7d:e4:1b:34:b4:a5:83:d6:5f:a6:04:
                    66:3c:1d:e1:0b:02:35:e5:21:b8:1f:f3:14:e3:51:
                    29:67:7e:25:d5:f5:03:9c:99:af:7b:90:a4:83:f9:
                    fe:7b:7a:14:8e:c3:47:f6:7d:68:dc:66:0d:c0:fa:
                    e7:da:66:e2:6f:7b:7a:43:aa:72:fa:1b:e0:0f:2b:
                    75:05:8c:36:65:a6:41:5a:6a:18:9b:e4:cc:1c:ca:
                    c3:cd:d7:96:b7:b5:87:e4:9a:2f:d8:6f:5b:4e:d0:
                    d4:56:5f:89:a5:6b:e8:7b:c4:f0:53:a4:b4:a8:c9:
                    0f:9f:af:76:8b:84:16:7d:7c:b5:98:3d:f3:d6:a5:
                    ed:be:51:09:d4:4f:2b:6c:0c:1f:19:e9:d3:a4:02:
                    51:c4:88:e5:05:6f:b5:27:fc:04:21:98:ed:aa:ab:
                    44:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:4B:6B:13:A7:A3:73:0F:54:47:FA:E8:31:4C:6F:9D:2B:19:CD:C7
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39302e3232332e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:0c:2c:45:d7:a5:f8:38:b6:84:09:90:d4:57:4f:9e:48:bf:
         de:d2:40:b2:1c:38:7b:d7:b2:53:a9:a3:cc:81:1c:d2:90:89:
         e7:cd:28:8c:b1:46:b8:cf:15:0b:33:25:93:52:ff:db:2a:55:
         21:4c:da:a5:e6:af:56:ff:72:51:c2:7e:09:f2:0e:cf:91:2f:
         93:61:b6:ce:49:32:85:3c:41:75:53:f0:88:4f:65:0a:f1:25:
         fb:c7:e2:bf:94:03:f2:96:64:05:69:dc:22:1a:76:05:3d:66:
         25:4e:84:81:50:f5:6d:0d:3e:d1:57:51:60:93:b9:c2:bc:3b:
         9a:44:b2:50:2c:54:78:72:9d:c3:a3:4b:e5:9d:88:72:b6:e0:
         3c:29:a8:18:8d:4a:bf:85:f8:04:12:e2:da:15:87:26:af:67:
         57:fd:4e:40:ca:dd:78:74:6b:b5:ab:6d:6a:54:a8:9c:43:53:
         9e:2b:4e:66:1a:66:33:99:e6:97:64:f4:87:f2:bd:45:89:35:
         f7:68:64:b3:67:b4:c4:f2:79:ed:94:f2:53:9a:5c:c8:77:97:
         3c:95:1c:88:1a:fa:18:af:4f:68:4e:e1:11:6d:82:98:95:8a:
         e2:36:d0:03:05:9f:59:25:f3:bc:c3:66:ae:3f:26:21:fb:ca:
         fb:81:f2:12
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDLtkm7mA0L3yjYxdIqMrvN/CdrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTNaFw0yNTAyMjQwODUyNTNaMDMxMTAvBgNV
BAMTKDBFNEI2QjEzQTdBMzczMEY1NDQ3RkFFODMxNEM2RjlEMkIxOUNEQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN5fCdZZhSZTkYLQcQpJJGJWbb
mBiPKBqIlGKud/hz+aSHhMoFWKRsICpXZyuYEJo/IUrffIL5IviFBkwalQ6sQ+mP
eZZRJxfVbh1MHQrIleoI5eievsVP+2n/kIB95Bs0tKWD1l+mBGY8HeELAjXlIbgf
8xTjUSlnfiXV9QOcma97kKSD+f57ehSOw0f2fWjcZg3A+ufaZuJve3pDqnL6G+AP
K3UFjDZlpkFaahib5MwcysPN15a3tYfkmi/Yb1tO0NRWX4mla+h7xPBTpLSoyQ+f
r3aLhBZ9fLWYPfPWpe2+UQnUTytsDB8Z6dOkAlHEiOUFb7Un/AQhmO2qq0SpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDktrE6ejcw9UR/roMUxvnSsZzccwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzkzMDJlMzIzMjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1a
3zANBgkqhkiG9w0BAQsFAAOCAQEAeAwsRdel+Di2hAmQ1FdPnki/3tJAshw4e9ey
U6mjzIEc0pCJ580ojLFGuM8VCzMlk1L/2ypVIUzapeavVv9yUcJ+CfIOz5Evk2G2
zkkyhTxBdVPwiE9lCvEl+8fiv5QD8pZkBWncIhp2BT1mJU6EgVD1bQ0+0VdRYJO5
wrw7mkSyUCxUeHKdw6NL5Z2IcrbgPCmoGI1Kv4X4BBLi2hWHJq9nV/1OQMrdeHRr
tattalSonENTnitOZhpmM5nml2T0h/K9RYk192hks2e0xPJ57ZTyU5pcyHeXPJUc
iBr6GK9PaE7hEW2CmJWK4jbQAwWfWSXzvMNmrj8mIfvK+4HyEg==
-----END CERTIFICATE-----