Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39332e302e302f32322d3234203d3e20323033303631.roa
File:                     34352e39332e302e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          vJpX6aUErDLnYJvs2+5Pz+toFq72fvvFtfbTlvIr87s=
Subject key identifier:   2E:DB:7F:47:19:C0:34:70:7D:9A:0E:B8:A3:53:CE:7D:6C:AC:44:66
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       4385E7C35732F37D11E45BC40205EEE15B753BF1
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39332e302e302f32322d3234203d3e20323033303631.roa
Signing time:             Mon 26 Feb 2024 08:52:55 +0000
ROA not before:           Mon 26 Feb 2024 08:47:55 +0000
ROA not after:            Mon 24 Feb 2025 08:52:55 +0000
asID:                     203061
IP address blocks:        45.93.0.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:85:e7:c3:57:32:f3:7d:11:e4:5b:c4:02:05:ee:e1:5b:75:3b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:55 2024 GMT
            Not After : Feb 24 08:52:55 2025 GMT
        Subject: CN=2EDB7F4719C034707D9A0EB8A353CE7D6CAC4466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:00:f9:ab:eb:2f:b9:ea:ab:9a:09:51:ff:08:
                    fe:df:d7:c5:65:d5:24:c0:4e:87:be:31:45:cb:e4:
                    fa:36:a3:42:03:63:e0:89:56:d0:29:cc:f2:4f:30:
                    6b:e9:57:34:21:1b:1c:d3:d4:eb:60:4e:50:48:c5:
                    6d:63:37:fa:4e:47:43:b7:71:b3:f7:6f:49:d3:95:
                    8a:bd:1e:80:a9:f4:d4:0e:fd:7a:f6:94:d1:c1:99:
                    ce:10:93:82:08:2d:d5:ce:b8:84:15:3c:88:67:45:
                    86:46:26:db:a3:52:53:d0:a0:54:62:f9:0c:0f:45:
                    32:58:fa:8b:0e:7c:a0:c1:79:5d:19:79:2f:b6:ed:
                    83:ce:dc:2e:ca:32:36:0f:10:07:06:de:4a:f2:54:
                    09:77:a2:2c:6c:57:18:5b:12:85:9c:62:45:77:05:
                    25:5d:4d:0f:fe:f6:19:f0:7c:32:8a:37:14:2a:f0:
                    13:a0:c2:07:d0:54:28:e9:9b:d8:7f:84:a1:f0:fa:
                    4f:90:c2:45:df:42:f6:65:dd:58:b3:10:68:09:e9:
                    42:ed:55:cf:ee:3b:7b:67:2b:6d:c1:c9:fd:b8:ba:
                    8b:6e:e6:98:cc:92:f1:88:78:cf:e9:bb:7d:b6:ba:
                    b7:f3:1d:bb:4d:77:2c:1a:57:7d:32:dd:64:4b:be:
                    67:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DB:7F:47:19:C0:34:70:7D:9A:0E:B8:A3:53:CE:7D:6C:AC:44:66
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e39332e302e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:01:ee:c3:54:d5:a2:b9:cc:e8:a1:12:c5:76:ac:27:58:35:
         f3:fb:f9:67:ba:f6:db:cb:e4:0d:58:fa:ef:91:ce:4e:6a:eb:
         26:30:b4:27:5c:f1:a3:9b:67:e2:e7:6b:9e:72:ff:1e:26:e6:
         3a:3d:e4:0a:ed:4f:af:fa:b8:87:b3:9a:ca:71:2d:7a:00:da:
         32:e0:70:e4:aa:4f:0e:d0:72:0e:39:13:c6:3f:3f:2e:d4:b3:
         b5:a5:28:bd:c7:c1:fb:70:ac:09:d5:e3:d9:dc:ee:5c:30:b0:
         78:0d:b5:f2:a8:de:ec:a6:4c:ab:a6:b0:f5:93:2a:19:bd:3f:
         19:96:0a:eb:02:96:bf:15:2b:41:94:46:7b:aa:7b:9c:e0:af:
         1b:11:7c:df:04:a9:86:fb:af:65:6f:bd:76:ce:aa:17:91:68:
         f2:e6:da:f9:de:72:8c:ae:b5:96:0e:99:1f:9f:af:c5:0b:5d:
         22:79:66:7a:02:60:19:44:54:2d:1c:f7:93:f4:91:60:e5:2b:
         f5:cf:94:1d:1e:e7:10:c0:05:df:83:c6:f9:f9:8e:25:d4:f0:
         bb:7b:9e:a7:a1:18:67:c7:ed:bf:79:c9:e7:b5:ed:88:16:34:
         19:47:a2:de:aa:8a:6f:e2:8a:3e:1a:0f:ae:b3:34:b6:8f:38:
         ae:04:93:c6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQ4Xnw1cy830R5FvEAgXu4Vt1O/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTVaFw0yNTAyMjQwODUyNTVaMDMxMTAvBgNV
BAMTKDJFREI3RjQ3MTlDMDM0NzA3RDlBMEVCOEEzNTNDRTdENkNBQzQ0NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIAPmr6y+56quaCVH/CP7f18Vl
1STAToe+MUXL5Po2o0IDY+CJVtApzPJPMGvpVzQhGxzT1OtgTlBIxW1jN/pOR0O3
cbP3b0nTlYq9HoCp9NQO/Xr2lNHBmc4Qk4IILdXOuIQVPIhnRYZGJtujUlPQoFRi
+QwPRTJY+osOfKDBeV0ZeS+27YPO3C7KMjYPEAcG3kryVAl3oixsVxhbEoWcYkV3
BSVdTQ/+9hnwfDKKNxQq8BOgwgfQVCjpm9h/hKHw+k+QwkXfQvZl3VizEGgJ6ULt
Vc/uO3tnK23Byf24uotu5pjMkvGIeM/pu322urfzHbtNdywaV30y3WRLvmeFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQULtt/RxnANHB9mg64o1POfWysRGYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzkzMzJlMzAyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMjMwMzMzMDM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItXQAw
DQYJKoZIhvcNAQELBQADggEBAGAB7sNU1aK5zOihEsV2rCdYNfP7+We69tvL5A1Y
+u+Rzk5q6yYwtCdc8aObZ+Lna55y/x4m5jo95ArtT6/6uIezmspxLXoA2jLgcOSq
Tw7Qcg45E8Y/Py7Us7WlKL3HwftwrAnV49nc7lwwsHgNtfKo3uymTKumsPWTKhm9
PxmWCusClr8VK0GURnuqe5zgrxsRfN8EqYb7r2VvvXbOqheRaPLm2vnecoyutZYO
mR+fr8ULXSJ5ZnoCYBlEVC0c95P0kWDlK/XPlB0e5xDABd+Dxvn5jiXU8Lt7nqeh
GGfH7b95yee17YgWNBlHot6qim/iij4aD66zNLaPOK4Ek8Y=
-----END CERTIFICATE-----