Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231362e302f32332d3332203d3e203531313637.roa
File:                     34352e36372e3231362e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          q2BXYwkupGoJ46pdhNG+EZph8KQK74Ttzb12RLtzyLM=
Subject key identifier:   8A:B1:61:E2:82:0D:C3:45:E5:A0:B8:6D:EA:02:26:BB:07:9D:B0:55
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       66986D5A6FE15E5F9D2CC602AF5DB770EE6ADCAB
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231362e302f32332d3332203d3e203531313637.roa
Signing time:             Mon 27 Jan 2025 09:44:47 +0000
ROA not before:           Mon 27 Jan 2025 09:39:47 +0000
ROA not after:            Mon 26 Jan 2026 09:44:47 +0000
asID:                     51167
IP address blocks:        45.67.216.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 16:15:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:98:6d:5a:6f:e1:5e:5f:9d:2c:c6:02:af:5d:b7:70:ee:6a:dc:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:47 2025 GMT
            Not After : Jan 26 09:44:47 2026 GMT
        Subject: CN=8AB161E2820DC345E5A0B86DEA0226BB079DB055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:95:00:a0:fc:5b:15:66:a4:65:76:d4:83:23:
                    ae:8f:06:2d:2d:80:1c:14:d0:05:87:16:24:00:ab:
                    30:06:86:83:68:9f:11:ad:eb:63:1b:5e:4d:d5:39:
                    99:0f:ce:d9:45:1e:cf:b8:4e:40:4a:14:4a:1a:d7:
                    6a:a9:92:da:74:31:fd:a9:82:2a:3c:7d:c7:f2:bf:
                    af:3f:c5:82:3e:3a:01:30:6a:41:50:17:7d:b4:ef:
                    dc:fb:d4:e7:32:b1:93:4c:6a:2b:ad:7d:ee:73:d9:
                    bb:1b:8a:6e:c2:cc:04:c1:fd:67:64:70:07:5d:25:
                    5b:c1:cc:a1:65:d8:93:a7:70:30:88:d7:b7:63:03:
                    57:be:ac:74:56:dc:38:53:16:66:c4:ea:e4:60:6a:
                    eb:4e:9e:f6:d9:41:8d:4b:b0:ee:f5:73:e5:1e:12:
                    90:fc:2e:ec:97:65:e4:5f:fe:01:85:f6:4b:86:9e:
                    e5:e2:4e:aa:2d:5f:0a:74:3f:a9:f6:1f:ff:5b:33:
                    f3:45:63:b2:5b:f1:e1:18:02:b1:e4:3b:36:b2:0c:
                    c6:e6:19:79:8a:20:c8:46:09:56:cf:2a:0a:ee:fb:
                    12:8c:a4:f9:fb:d4:4d:15:84:63:b8:bc:a6:27:e1:
                    90:f4:f0:0d:e9:0e:61:11:60:ab:9c:98:87:3e:ea:
                    4c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:B1:61:E2:82:0D:C3:45:E5:A0:B8:6D:EA:02:26:BB:07:9D:B0:55
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231362e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:63:40:89:5c:4a:6e:ec:a6:19:67:c0:4c:4d:54:01:46:d9:
         fd:85:30:7d:d8:6b:c9:78:13:24:2f:52:58:e1:3e:8f:32:0c:
         cd:8d:18:6a:fe:4d:a9:f4:6a:04:4e:6c:31:c0:fa:5f:17:5e:
         3a:6b:85:88:55:a0:9f:b3:34:41:00:67:8b:5e:cd:28:66:bd:
         24:70:71:50:9d:4c:fc:64:bf:e7:28:33:53:ba:99:da:e8:79:
         da:a5:cf:c7:22:5d:17:22:18:b3:77:b7:c2:d4:aa:ce:e1:3a:
         ac:3a:73:a9:a2:45:01:34:eb:41:20:03:4d:3f:7c:16:0c:cf:
         26:9f:e1:a5:83:d9:96:9c:f6:61:01:60:9f:be:d3:cf:2f:11:
         51:2b:c6:f4:e8:1c:72:17:54:7d:d8:5e:ba:89:6d:6c:1e:05:
         3c:b3:f3:64:5d:0b:dc:3c:be:8e:ca:c9:7d:1f:9f:8c:eb:49:
         17:e1:c3:7f:aa:be:47:07:64:25:4a:65:33:ff:88:79:4b:82:
         ce:dc:e9:09:a3:d1:64:06:0f:2f:80:e9:e1:54:e9:77:af:2c:
         0d:a7:5a:be:f2:0e:44:29:37:45:74:55:5e:0b:c2:02:a3:cf:
         82:a9:c8:d5:ae:8a:f0:99:44:82:c0:29:76:81:98:3c:b2:7f:
         c7:68:c5:2d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZphtWm/hXl+dLMYCr123cO5q3KswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDdaFw0yNjAxMjYwOTQ0NDdaMDMxMTAvBgNV
BAMTKDhBQjE2MUUyODIwREMzNDVFNUEwQjg2REVBMDIyNkJCMDc5REIwNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCclQCg/FsVZqRldtSDI66PBi0t
gBwU0AWHFiQAqzAGhoNonxGt62MbXk3VOZkPztlFHs+4TkBKFEoa12qpktp0Mf2p
gio8fcfyv68/xYI+OgEwakFQF32079z71OcysZNMaiutfe5z2bsbim7CzATB/Wdk
cAddJVvBzKFl2JOncDCI17djA1e+rHRW3DhTFmbE6uRgautOnvbZQY1LsO71c+Ue
EpD8LuyXZeRf/gGF9kuGnuXiTqotXwp0P6n2H/9bM/NFY7Jb8eEYArHkOzayDMbm
GXmKIMhGCVbPKgru+xKMpPn71E0VhGO4vKYn4ZD08A3pDmERYKucmIc+6kw/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUirFh4oINw0XloLht6gImuwedsFUwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzYzNzJlMzIzMTM2
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1D
2DANBgkqhkiG9w0BAQsFAAOCAQEAomNAiVxKbuymGWfATE1UAUbZ/YUwfdhryXgT
JC9SWOE+jzIMzY0Yav5NqfRqBE5sMcD6XxdeOmuFiFWgn7M0QQBni17NKGa9JHBx
UJ1M/GS/5ygzU7qZ2uh52qXPxyJdFyIYs3e3wtSqzuE6rDpzqaJFATTrQSADTT98
FgzPJp/hpYPZlpz2YQFgn77Tzy8RUSvG9OgcchdUfdheuoltbB4FPLPzZF0L3Dy+
jsrJfR+fjOtJF+HDf6q+RwdkJUplM/+IeUuCztzpCaPRZAYPL4Dp4VTpd68sDada
vvIORCk3RXRVXgvCAqPPgqnI1a6K8JlEgsApdoGYPLJ/x2jFLQ==
-----END CERTIFICATE-----