Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa
File:                     34352e31302e3136302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          zXy5ShTFwho9QfcHtzH7mhdnHsbAiFXvCTuMe/bvMV4=
Subject key identifier:   0F:0B:48:F1:E6:27:D0:2B:22:23:7D:04:8E:5D:6A:36:3D:B5:FC:CF
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       25E5A0CF16B586BC7B833DEC4DA8B6416596A435
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:52:15 +0000
ROA not before:           Wed 22 May 2024 12:47:15 +0000
ROA not after:            Wed 21 May 2025 12:52:15 +0000
asID:                     51167
IP address blocks:        45.10.160.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:e5:a0:cf:16:b5:86:bc:7b:83:3d:ec:4d:a8:b6:41:65:96:a4:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:47:15 2024 GMT
            Not After : May 21 12:52:15 2025 GMT
        Subject: CN=0F0B48F1E627D02B22237D048E5D6A363DB5FCCF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:01:2a:20:20:73:e6:9e:3c:0d:0b:75:59:43:
                    50:b9:1e:7f:09:cc:95:d4:10:13:14:f1:c2:dd:b7:
                    c6:31:d8:6d:15:72:98:59:3e:52:f9:82:b5:79:9e:
                    4d:7a:62:e9:4c:6d:0a:5a:22:3b:f2:8e:e9:67:80:
                    8a:c8:19:a6:b3:ab:07:d4:a5:b6:9b:4d:77:83:d4:
                    8e:3a:b0:4d:25:f1:6f:9c:56:3c:9d:a4:b7:fc:56:
                    33:4c:59:94:44:e5:0c:f7:4b:17:e2:c6:24:e3:f2:
                    5d:ae:3b:72:d5:2b:ba:d3:0c:5f:9c:c0:5f:97:24:
                    00:3a:32:f7:a4:72:ca:ab:a7:55:30:6b:78:9c:d9:
                    a7:14:d2:80:05:12:9e:86:a1:2f:77:83:9e:54:29:
                    0f:50:57:d0:7e:fb:75:d8:26:06:48:48:d4:84:f9:
                    48:5e:51:91:ef:6f:3e:6c:98:6b:73:66:c6:b3:f3:
                    15:75:89:2a:2d:f3:be:cd:c4:80:e8:f7:5a:6a:bf:
                    e4:a5:de:9b:4d:b8:c0:f1:ad:b5:66:e0:75:e4:38:
                    cd:bf:6e:4e:97:6b:4d:1e:10:d6:e4:7e:32:23:af:
                    ca:0f:2e:86:6f:7c:d9:b3:f8:9b:b2:ae:d8:09:91:
                    e6:b7:c0:dc:f0:e4:c8:2a:12:40:53:ea:3a:93:82:
                    bb:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:0B:48:F1:E6:27:D0:2B:22:23:7D:04:8E:5D:6A:36:3D:B5:FC:CF
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:e0:dc:2b:1b:50:3f:54:48:dd:4e:90:39:2f:c8:f9:f1:c3:
         55:1e:10:00:9a:c4:fd:7c:a5:91:77:05:b3:38:e4:e1:21:bb:
         b5:36:61:75:ba:30:4d:2d:d1:f8:0e:75:d7:c0:a4:5f:dc:5b:
         21:31:b3:c7:96:7f:7d:09:5e:bb:82:9d:16:ce:c4:ac:87:11:
         19:04:59:5a:8a:96:43:d6:b2:fb:8a:71:ec:f1:2d:25:64:48:
         0f:db:b7:be:49:7a:94:74:f9:ab:6d:7f:53:ef:30:31:b9:c6:
         9c:61:a6:28:12:39:31:5f:de:6e:67:ee:e9:b1:80:3d:d7:5b:
         39:bd:17:fd:ce:da:f1:99:30:00:a8:98:2d:7a:91:fc:9c:bb:
         c1:ef:69:ad:07:a2:cf:ea:75:f8:64:2c:5b:8c:6f:87:d9:67:
         5b:24:16:d5:e4:29:26:b9:64:e2:3a:9d:81:e2:4d:7e:c4:fc:
         c7:34:60:04:75:af:0f:26:13:5e:e9:1b:fe:50:55:70:64:29:
         96:6d:9c:f4:62:4b:6f:d1:32:ce:3d:ce:96:9f:33:95:6b:f6:
         7a:e0:4c:ba:a6:03:bb:7b:20:83:44:ac:28:ff:13:9b:3b:dd:
         c9:c1:28:90:f1:e6:4a:57:db:ee:65:d1:af:1b:58:9f:fe:47:
         9a:cc:d8:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJeWgzxa1hrx7gz3sTai2QWWWpDUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ3MTVaFw0yNTA1MjExMjUyMTVaMDMxMTAvBgNV
BAMTKDBGMEI0OEYxRTYyN0QwMkIyMjIzN0QwNDhFNUQ2QTM2M0RCNUZDQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLASogIHPmnjwNC3VZQ1C5Hn8J
zJXUEBMU8cLdt8Yx2G0VcphZPlL5grV5nk16YulMbQpaIjvyjulngIrIGaazqwfU
pbabTXeD1I46sE0l8W+cVjydpLf8VjNMWZRE5Qz3SxfixiTj8l2uO3LVK7rTDF+c
wF+XJAA6Mvekcsqrp1Uwa3ic2acU0oAFEp6GoS93g55UKQ9QV9B++3XYJgZISNSE
+UheUZHvbz5smGtzZsaz8xV1iSot877NxIDo91pqv+Sl3ptNuMDxrbVm4HXkOM2/
bk6Xa00eENbkfjIjr8oPLoZvfNmz+JuyrtgJkea3wNzw5MgqEkBT6jqTgrspAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDwtI8eYn0CsiI30Ejl1qNj21/M8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzMDJlMzEzNjMw
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
oDANBgkqhkiG9w0BAQsFAAOCAQEAW+DcKxtQP1RI3U6QOS/I+fHDVR4QAJrE/Xyl
kXcFszjk4SG7tTZhdbowTS3R+A5118CkX9xbITGzx5Z/fQleu4KdFs7ErIcRGQRZ
WoqWQ9ay+4px7PEtJWRID9u3vkl6lHT5q21/U+8wMbnGnGGmKBI5MV/ebmfu6bGA
PddbOb0X/c7a8ZkwAKiYLXqR/Jy7we9prQeiz+p1+GQsW4xvh9lnWyQW1eQpJrlk
4jqdgeJNfsT8xzRgBHWvDyYTXukb/lBVcGQplm2c9GJLb9Eyzj3Olp8zlWv2euBM
uqYDu3sgg0SsKP8TmzvdycEokPHmSlfb7mXRrxtYn/5HmszYbQ==
-----END CERTIFICATE-----