Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231382e302f32342d3234203d3e203633343733.roa
File:                     34352e36372e3231382e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          AS2I6nPPUIpq309zgqoM8nW9YzOuY++e5UbBOX/VMF0=
Subject key identifier:   92:A7:8A:EC:60:35:B2:76:F4:89:33:47:A7:95:CB:1D:D8:24:F3:99
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       5B9620D6D83B35F53A29C2955773799CB42E24E1
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231382e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 04 Nov 2024 10:05:25 +0000
ROA not before:           Mon 04 Nov 2024 10:00:25 +0000
ROA not after:            Mon 03 Nov 2025 10:05:25 +0000
asID:                     63473
IP address blocks:        45.67.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:96:20:d6:d8:3b:35:f5:3a:29:c2:95:57:73:79:9c:b4:2e:24:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Nov  4 10:00:25 2024 GMT
            Not After : Nov  3 10:05:25 2025 GMT
        Subject: CN=92A78AEC6035B276F4893347A795CB1DD824F399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a6:79:7a:b1:ca:f0:e6:f2:ce:6b:f1:bc:3e:
                    12:f4:01:99:4a:6c:41:40:1e:9d:28:8d:79:35:57:
                    d1:7f:f5:6e:79:63:6a:ac:04:c9:17:60:20:0f:a7:
                    43:8b:5f:5e:4a:9e:db:fc:b7:a9:c2:58:dc:e3:18:
                    2d:1b:d2:c6:a2:84:61:d9:79:c8:bb:21:a7:36:fd:
                    b7:af:a7:62:64:85:b3:97:e1:bb:34:28:0a:59:50:
                    b6:f8:f9:75:9f:62:7a:24:79:48:5a:56:93:98:0c:
                    3e:66:bb:2b:8a:ea:d9:48:8a:3e:d0:1f:96:d0:70:
                    b7:d4:fb:37:d1:1b:5e:e1:3f:df:9a:c4:13:dd:2f:
                    8b:93:5c:9b:90:f4:ef:46:97:cd:9b:0f:e1:67:93:
                    b0:42:cd:11:09:a0:10:f4:f7:95:99:9f:e1:c8:97:
                    35:9f:38:33:c7:e0:61:36:1d:02:07:56:60:0c:95:
                    e1:13:eb:e0:81:26:2f:10:c1:59:37:ff:b7:2a:98:
                    8c:3b:11:47:0b:a5:c7:57:1a:5c:dd:6c:2a:22:47:
                    d4:7d:5b:72:80:51:fb:74:17:6d:45:8f:58:1a:1b:
                    67:ec:ea:76:ad:5b:b6:be:51:e6:f0:c9:1f:3b:18:
                    2c:6c:72:d2:7e:94:c3:23:eb:8f:66:58:8b:4b:81:
                    63:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A7:8A:EC:60:35:B2:76:F4:89:33:47:A7:95:CB:1D:D8:24:F3:99
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231382e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:b2:13:e8:d1:8b:dd:f9:c8:53:b9:33:3a:03:a9:19:0f:fe:
         65:5b:44:82:7e:a7:dd:23:b1:e8:fb:54:4c:8e:b5:85:05:24:
         0a:b3:f3:8a:61:35:3c:6c:35:d8:78:07:c8:0e:1b:74:3b:12:
         89:14:97:68:3f:3f:49:ef:43:2d:ae:0e:08:6e:9f:00:82:fc:
         ec:e6:51:b3:68:f1:c0:0a:af:31:e5:f7:6e:7c:45:1c:b4:3a:
         8e:62:bc:84:36:4e:22:2c:74:db:57:cc:c5:ac:64:73:78:04:
         e0:f9:eb:78:0d:3a:82:18:bb:36:a6:53:88:39:94:13:ff:6f:
         cf:c6:3f:16:c7:93:76:fe:47:f3:7f:dc:d6:1d:44:f9:9d:3f:
         cd:74:5a:f1:a5:fd:fa:78:e6:cd:73:f1:8c:9a:14:66:2e:70:
         67:21:15:cb:cd:e7:6a:6c:74:e3:e4:54:c8:e0:a9:43:7b:62:
         36:5c:51:1a:f5:10:b2:28:e1:48:01:78:f8:42:69:ad:7a:75:
         cb:2f:7c:d4:82:44:7a:82:ee:a9:4e:7f:a3:e0:77:02:45:20:
         3e:09:de:f6:5d:56:03:0e:0a:ae:05:f9:cf:b0:97:78:e4:53:
         67:64:d0:61:b6:72:73:e3:08:04:da:27:02:85:3e:82:d3:7b:
         4a:77:77:49
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUW5Yg1tg7NfU6KcKVV3N5nLQuJOEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDExMDQxMDAwMjVaFw0yNTExMDMxMDA1MjVaMDMxMTAvBgNV
BAMTKDkyQTc4QUVDNjAzNUIyNzZGNDg5MzM0N0E3OTVDQjFERDgyNEYzOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2pnl6scrw5vLOa/G8PhL0AZlK
bEFAHp0ojXk1V9F/9W55Y2qsBMkXYCAPp0OLX15Kntv8t6nCWNzjGC0b0saihGHZ
eci7Iac2/bevp2JkhbOX4bs0KApZULb4+XWfYnokeUhaVpOYDD5muyuK6tlIij7Q
H5bQcLfU+zfRG17hP9+axBPdL4uTXJuQ9O9Gl82bD+Fnk7BCzREJoBD095WZn+HI
lzWfODPH4GE2HQIHVmAMleET6+CBJi8QwVk3/7cqmIw7EUcLpcdXGlzdbCoiR9R9
W3KAUft0F21Fj1gaG2fs6natW7a+UebwyR87GCxsctJ+lMMj649mWItLgWPhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkqeK7GA1snb0iTNHp5XLHdgk85kwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzYzNzJlMzIzMTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1D
2jANBgkqhkiG9w0BAQsFAAOCAQEANbIT6NGL3fnIU7kzOgOpGQ/+ZVtEgn6n3SOx
6PtUTI61hQUkCrPzimE1PGw12HgHyA4bdDsSiRSXaD8/Se9DLa4OCG6fAIL87OZR
s2jxwAqvMeX3bnxFHLQ6jmK8hDZOIix021fMxaxkc3gE4PnreA06ghi7NqZTiDmU
E/9vz8Y/FseTdv5H83/c1h1E+Z0/zXRa8aX9+njmzXPxjJoUZi5wZyEVy83namx0
4+RUyOCpQ3tiNlxRGvUQsijhSAF4+EJprXp1yy981IJEeoLuqU5/o+B3AkUgPgne
9l1WAw4KrgX5z7CXeORTZ2TQYbZyc+MIBNonAoU+gtN7Snd3SQ==
-----END CERTIFICATE-----