Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231362e302f32332d3332203d3e203531313637.roa
File:                     34352e36372e3231362e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          A9kYxOU/ecTJ7mTFnG5HsCrKfIECNGi02k/VEOMefwM=
Subject key identifier:   81:B4:86:C4:DD:E1:DF:3F:16:74:81:E6:31:44:72:23:48:E3:7D:4B
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4F6E126CDAEE25FE9080F1B2DEE000F0F24FD2CC
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231362e302f32332d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:52:45 +0000
ROA not before:           Mon 26 Feb 2024 08:47:45 +0000
ROA not after:            Mon 24 Feb 2025 08:52:45 +0000
asID:                     51167
IP address blocks:        45.67.216.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:6e:12:6c:da:ee:25:fe:90:80:f1:b2:de:e0:00:f0:f2:4f:d2:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:45 2024 GMT
            Not After : Feb 24 08:52:45 2025 GMT
        Subject: CN=81B486C4DDE1DF3F167481E63144722348E37D4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fb:e5:a0:a9:57:7d:e9:cc:bd:17:56:54:87:
                    ab:47:ed:11:69:93:7d:9d:7a:74:9b:f9:94:93:90:
                    74:d2:cc:e9:73:22:5d:9d:9d:c9:77:52:f3:b2:c5:
                    b8:97:6c:56:dd:af:47:28:03:9a:68:f3:04:40:9d:
                    a6:de:87:29:10:59:17:77:bd:c1:dd:b3:f4:3f:31:
                    88:9d:e2:79:8d:bd:28:74:46:57:8e:bd:cf:1f:31:
                    dc:19:b7:10:f1:65:b0:13:d2:b7:24:53:3b:39:65:
                    0c:c3:9d:99:68:85:22:fd:35:48:37:00:31:67:4f:
                    1f:b6:62:0b:35:27:73:e7:f9:5b:9c:1e:a1:ff:50:
                    1b:0b:72:58:84:07:59:89:70:a8:e4:78:58:c7:00:
                    02:1a:ee:f0:e4:52:5b:0c:fc:e8:fa:3e:a5:a5:9a:
                    23:1f:77:63:4f:43:a8:01:1b:39:b8:36:85:ee:36:
                    58:55:e6:66:71:e7:d7:34:9b:71:fd:da:16:99:68:
                    5d:95:83:04:a3:48:8f:34:c9:ba:2c:1c:c5:8b:a7:
                    25:a8:4d:ff:bd:d0:6d:98:c0:72:64:bb:71:7d:99:
                    23:77:aa:bf:8e:ea:7e:19:7b:df:be:b9:6d:e0:b3:
                    48:e9:52:d6:9d:a8:d3:cf:a6:87:16:21:80:ff:80:
                    43:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B4:86:C4:DD:E1:DF:3F:16:74:81:E6:31:44:72:23:48:E3:7D:4B
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231362e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:02:79:50:5b:7a:d6:cb:1d:0c:be:b7:70:6d:69:dd:ed:ac:
         d2:62:2c:77:1a:50:0c:c9:5b:bc:9d:c9:c2:28:9d:21:16:83:
         72:95:97:b9:fe:e7:ca:cf:f9:9e:58:9c:b6:dc:39:2a:a0:f0:
         dd:cb:32:b8:a2:1d:32:57:af:66:f4:66:a9:ad:91:5b:19:e5:
         85:61:09:e0:f1:2b:58:af:b2:01:7f:90:ac:78:5d:0b:91:68:
         20:57:bd:82:d4:25:06:a1:be:62:b5:4a:00:08:3f:cd:44:69:
         74:37:21:54:9e:50:ce:f6:49:17:f1:4a:b4:5a:00:92:c8:84:
         4a:b8:41:03:55:03:fb:91:30:28:9a:cd:8e:1a:66:16:27:4d:
         d8:4b:56:ff:04:6f:31:c9:0e:cb:b4:ce:df:82:59:05:9c:09:
         42:9b:17:1e:3d:e3:e0:76:2c:b0:e5:68:f5:35:2c:cc:39:e7:
         bc:d9:e7:71:89:2d:af:14:f6:e9:3e:5d:69:9f:1c:8f:5a:9b:
         f2:ef:a6:42:4e:a7:f2:f1:3a:4e:4a:c1:aa:b5:68:7d:ee:9f:
         bc:96:96:31:98:e6:47:0f:b9:41:14:22:6b:ba:97:ea:81:b9:
         f8:19:bc:7f:43:6e:51:0b:58:4a:f0:2f:5a:09:0d:ff:a6:2f:
         15:d8:f4:11
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUT24SbNruJf6QgPGy3uAA8PJP0swwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDVaFw0yNTAyMjQwODUyNDVaMDMxMTAvBgNV
BAMTKDgxQjQ4NkM0RERFMURGM0YxNjc0ODFFNjMxNDQ3MjIzNDhFMzdENEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb++WgqVd96cy9F1ZUh6tH7RFp
k32denSb+ZSTkHTSzOlzIl2dncl3UvOyxbiXbFbdr0coA5po8wRAnabehykQWRd3
vcHds/Q/MYid4nmNvSh0RleOvc8fMdwZtxDxZbAT0rckUzs5ZQzDnZlohSL9NUg3
ADFnTx+2Ygs1J3Pn+VucHqH/UBsLcliEB1mJcKjkeFjHAAIa7vDkUlsM/Oj6PqWl
miMfd2NPQ6gBGzm4NoXuNlhV5mZx59c0m3H92haZaF2VgwSjSI80ybosHMWLpyWo
Tf+90G2YwHJku3F9mSN3qr+O6n4Ze9++uW3gs0jpUtadqNPPpocWIYD/gEOfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgbSGxN3h3z8WdIHmMURyI0jjfUswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzYzNzJlMzIzMTM2
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1D
2DANBgkqhkiG9w0BAQsFAAOCAQEAOwJ5UFt61ssdDL63cG1p3e2s0mIsdxpQDMlb
vJ3JwiidIRaDcpWXuf7nys/5nlicttw5KqDw3csyuKIdMlevZvRmqa2RWxnlhWEJ
4PErWK+yAX+QrHhdC5FoIFe9gtQlBqG+YrVKAAg/zURpdDchVJ5QzvZJF/FKtFoA
ksiESrhBA1UD+5EwKJrNjhpmFidN2EtW/wRvMckOy7TO34JZBZwJQpsXHj3j4HYs
sOVo9TUszDnnvNnncYktrxT26T5daZ8cj1qb8u+mQk6n8vE6TkrBqrVofe6fvJaW
MZjmRw+5QRQia7qX6oG5+Bm8f0NuUQtYSvAvWgkN/6YvFdj0EQ==
-----END CERTIFICATE-----