Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136322e302f32332d3332203d3e203531313637.roa
File:                     34352e31302e3136322e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          aFduUfBNwClt3YKv6b5aN0q7UuIP7ghw3jzorsSSrBo=
Subject key identifier:   D3:AC:31:93:A9:A0:85:AF:3C:77:92:F2:B5:86:55:67:25:96:8E:B4
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       5A62848804801F3070750FA3F9B87C9B9A68747E
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136322e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:52:27 +0000
ROA not before:           Wed 22 May 2024 12:47:27 +0000
ROA not after:            Wed 21 May 2025 12:52:27 +0000
asID:                     51167
IP address blocks:        45.10.162.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:62:84:88:04:80:1f:30:70:75:0f:a3:f9:b8:7c:9b:9a:68:74:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:47:27 2024 GMT
            Not After : May 21 12:52:27 2025 GMT
        Subject: CN=D3AC3193A9A085AF3C7792F2B586556725968EB4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:79:76:0c:a1:c9:d8:6b:c7:83:da:18:54:
                    83:ae:4a:4e:63:5f:82:ce:31:df:5a:49:7b:b5:c6:
                    60:4c:b5:16:09:93:1b:a5:cd:a6:6d:df:0f:e0:07:
                    40:91:3c:94:71:93:29:ea:e5:0b:e2:d6:23:cb:12:
                    4a:e3:d8:e7:9a:f4:ff:26:dc:79:5a:33:53:ac:fc:
                    4f:56:8d:c2:6c:7b:d1:a4:bb:3d:63:66:63:07:48:
                    a1:ee:c0:e2:cd:fa:4d:2e:65:d9:ff:65:1c:25:77:
                    c8:6f:91:90:8d:57:37:56:2c:04:4b:f4:ee:25:a0:
                    61:7b:a8:cc:3e:9d:20:0f:a2:16:d4:aa:94:c8:73:
                    98:ef:a9:0b:32:0b:bf:60:bb:ef:5c:c9:37:7f:c9:
                    a6:1e:a4:1a:9c:d1:88:2b:a1:c8:e8:70:ac:b2:7d:
                    c1:e5:bc:ae:b1:99:66:3c:70:b2:39:95:cb:71:38:
                    c2:b0:b8:51:3c:37:95:b5:f4:a8:69:29:4b:57:f0:
                    e3:0d:3a:51:47:20:7d:75:88:f5:95:f6:3a:72:25:
                    ec:4d:14:dc:1c:17:2e:60:8a:83:3f:9b:ef:65:44:
                    48:f2:bc:f1:ad:a8:b4:96:99:0d:6e:8e:40:e8:b9:
                    30:d3:46:08:92:fe:1f:d5:de:63:53:f4:c7:c8:c0:
                    09:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:AC:31:93:A9:A0:85:AF:3C:77:92:F2:B5:86:55:67:25:96:8E:B4
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136322e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:1c:99:12:b6:53:ed:e3:88:7a:78:59:de:32:f6:57:e4:32:
         d4:57:39:a2:06:29:2c:a1:44:bb:1a:1d:4b:1b:f8:eb:9f:69:
         34:31:ab:73:f2:0e:bf:1c:08:19:8e:2f:cf:08:a7:c2:61:2b:
         39:0a:90:2e:e7:23:87:c5:bb:5b:ea:70:fa:0e:0e:35:76:89:
         eb:72:ce:c1:31:b3:25:21:78:aa:e6:bf:b6:d4:47:10:0a:11:
         d1:b8:31:a4:2b:fc:ff:19:e0:66:49:bc:22:fa:2c:9d:08:08:
         33:58:66:0d:59:bf:e2:e1:c6:04:03:3b:17:d4:45:e7:85:1a:
         60:70:49:2d:7b:3f:04:76:ff:f1:dd:bc:87:2a:96:ae:86:c7:
         23:3e:28:b7:ee:60:4d:90:b1:96:6d:d4:f6:38:78:a3:d2:ef:
         23:6a:fc:c8:68:53:92:81:99:bc:61:10:43:2c:04:0a:fb:6a:
         a4:04:9b:c0:85:69:fd:3f:99:0a:e8:72:28:ee:66:93:9b:33:
         b2:f9:3f:e7:79:94:69:e4:0c:7c:8e:34:0f:00:90:db:0a:ba:
         45:90:c9:fe:43:63:46:93:5a:12:53:e5:50:14:66:80:cc:1d:
         94:b5:62:e8:7b:21:79:21:f8:c3:5e:b1:99:ee:00:f6:3e:9b:
         b1:c2:3f:f3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWmKEiASAHzBwdQ+j+bh8m5podH4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ3MjdaFw0yNTA1MjExMjUyMjdaMDMxMTAvBgNV
BAMTKEQzQUMzMTkzQTlBMDg1QUYzQzc3OTJGMkI1ODY1NTY3MjU5NjhFQjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKwHl2DKHJ2GvHg9oYVIOuSk5j
X4LOMd9aSXu1xmBMtRYJkxulzaZt3w/gB0CRPJRxkynq5Qvi1iPLEkrj2Oea9P8m
3HlaM1Os/E9WjcJse9Gkuz1jZmMHSKHuwOLN+k0uZdn/ZRwld8hvkZCNVzdWLARL
9O4loGF7qMw+nSAPohbUqpTIc5jvqQsyC79gu+9cyTd/yaYepBqc0YgrocjocKyy
fcHlvK6xmWY8cLI5lctxOMKwuFE8N5W19KhpKUtX8OMNOlFHIH11iPWV9jpyJexN
FNwcFy5gioM/m+9lREjyvPGtqLSWmQ1ujkDouTDTRgiS/h/V3mNT9MfIwAl5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU06wxk6mgha88d5LytYZVZyWWjrQwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzMDJlMzEzNjMy
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
ojANBgkqhkiG9w0BAQsFAAOCAQEAZRyZErZT7eOIenhZ3jL2V+Qy1Fc5ogYpLKFE
uxodSxv4659pNDGrc/IOvxwIGY4vzwinwmErOQqQLucjh8W7W+pw+g4ONXaJ63LO
wTGzJSF4qua/ttRHEAoR0bgxpCv8/xngZkm8IvosnQgIM1hmDVm/4uHGBAM7F9RF
54UaYHBJLXs/BHb/8d28hyqWrobHIz4ot+5gTZCxlm3U9jh4o9LvI2r8yGhTkoGZ
vGEQQywECvtqpASbwIVp/T+ZCuhyKO5mk5szsvk/53mUaeQMfI40DwCQ2wq6RZDJ
/kNjRpNaElPlUBRmgMwdlLVi6HsheSH4w16xme4A9j6bscI/8w==
-----END CERTIFICATE-----