Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32332d3234203d3e203631333137.roa
File:                     34352e382e3133342e302f32332d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Jq2MWhCGV7HBNoZp5j/YG01iKlVJj/EkSLVv6wZIg50=
Subject key identifier:   27:6D:8E:E6:BA:F0:43:65:3C:71:CA:9C:52:44:08:87:46:C3:BE:42
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       27E97C3AB6EB45F87FB1D641512CA907A4A771F6
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32332d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:44 +0000
ROA not before:           Mon 26 Feb 2024 08:47:44 +0000
ROA not after:            Mon 24 Feb 2025 08:52:44 +0000
asID:                     61317
IP address blocks:        45.8.134.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:e9:7c:3a:b6:eb:45:f8:7f:b1:d6:41:51:2c:a9:07:a4:a7:71:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:44 2024 GMT
            Not After : Feb 24 08:52:44 2025 GMT
        Subject: CN=276D8EE6BAF043653C71CA9C5244088746C3BE42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fc:88:be:82:df:54:a5:e0:a5:4d:af:ab:a0:
                    c6:09:76:f3:77:10:7b:c6:36:05:a5:13:94:ea:69:
                    25:40:13:4c:d3:17:8f:8f:ca:8a:4d:84:46:05:1e:
                    67:ab:69:a8:93:8a:c7:3b:b4:d4:77:a6:c6:83:c9:
                    08:47:7a:7e:24:a5:b9:12:2c:89:66:a3:3d:ce:b0:
                    df:b1:5a:33:87:34:75:2b:58:e3:3a:cc:8d:6c:bf:
                    86:94:ac:9e:f4:18:fc:6f:fb:40:c7:43:d0:d1:da:
                    40:3f:e5:c2:5e:db:e0:97:26:d8:16:a9:be:15:ed:
                    2a:c0:0c:de:4d:ed:1f:97:2c:7f:56:21:b4:75:8a:
                    3d:85:e9:23:5c:54:57:9d:fe:f1:9e:58:a9:5e:8e:
                    93:f5:54:51:ad:ef:c1:bc:d7:f6:8e:88:55:e7:b1:
                    ca:ef:75:8e:12:6a:f9:45:af:5b:a8:6f:02:c2:65:
                    07:4c:ba:f7:f5:72:54:1e:bf:ee:34:c2:3b:2e:89:
                    61:24:5e:39:27:a5:dc:31:6d:6a:14:2b:29:0a:e6:
                    3b:cd:5a:98:5b:40:2c:b0:17:ee:da:4b:54:2d:72:
                    4e:27:59:aa:e4:d9:22:f6:96:cf:40:8c:71:9c:01:
                    98:2e:dc:88:e0:34:92:b4:33:05:f3:82:bc:63:bd:
                    d7:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6D:8E:E6:BA:F0:43:65:3C:71:CA:9C:52:44:08:87:46:C3:BE:42
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32332d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:19:f6:05:68:ec:04:7a:cc:53:77:8e:ac:32:4c:f5:0a:bd:
         75:dd:23:b7:16:64:f0:09:dd:ea:06:c5:af:a6:05:81:bb:fc:
         ce:06:49:6b:c5:f5:12:69:0a:4e:6b:7d:94:6a:9d:31:ac:a9:
         96:dc:a2:db:92:7a:e5:48:01:b8:b5:9f:9b:df:58:c5:3e:8e:
         bf:11:48:79:78:68:e0:29:a3:1f:70:9a:e8:5e:78:f7:85:48:
         dc:87:da:7f:0a:c3:11:d3:eb:7a:79:07:51:6b:2d:41:33:03:
         cd:34:22:85:9e:5d:a0:92:22:f9:29:47:31:e3:e1:55:01:42:
         32:64:03:f8:7a:01:ed:bd:13:18:89:7d:97:4e:12:0b:68:c7:
         0f:27:61:aa:d1:2f:6d:20:65:7a:db:85:d8:3f:94:f6:4c:d5:
         a6:89:70:24:99:75:97:d1:76:1e:30:1a:6f:85:1b:cd:df:73:
         b4:d7:99:b3:a3:85:5a:44:84:06:03:52:6d:d1:76:82:3b:a4:
         e9:c3:93:ad:e1:00:85:57:dc:f1:57:e9:de:db:dc:92:5a:ba:
         2c:11:e8:52:74:20:63:c2:17:bf:21:88:24:2a:fb:55:55:e3:
         ad:d2:0c:4c:a4:1b:c1:37:e7:d5:9c:c7:0d:ed:ee:26:fb:ce:
         36:9c:69:14
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJ+l8OrbrRfh/sdZBUSypB6SncfYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDRaFw0yNTAyMjQwODUyNDRaMDMxMTAvBgNV
BAMTKDI3NkQ4RUU2QkFGMDQzNjUzQzcxQ0E5QzUyNDQwODg3NDZDM0JFNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG/Ii+gt9UpeClTa+roMYJdvN3
EHvGNgWlE5TqaSVAE0zTF4+PyopNhEYFHmeraaiTisc7tNR3psaDyQhHen4kpbkS
LIlmoz3OsN+xWjOHNHUrWOM6zI1sv4aUrJ70GPxv+0DHQ9DR2kA/5cJe2+CXJtgW
qb4V7SrADN5N7R+XLH9WIbR1ij2F6SNcVFed/vGeWKlejpP1VFGt78G81/aOiFXn
scrvdY4SavlFr1uobwLCZQdMuvf1clQev+40wjsuiWEkXjknpdwxbWoUKykK5jvN
WphbQCywF+7aS1Qtck4nWark2SL2ls9AjHGcAZgu3IjgNJK0MwXzgrxjvdftAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJ22O5rrwQ2U8ccqcUkQIh0bDvkIwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtCIYw
DQYJKoZIhvcNAQELBQADggEBAFEZ9gVo7AR6zFN3jqwyTPUKvXXdI7cWZPAJ3eoG
xa+mBYG7/M4GSWvF9RJpCk5rfZRqnTGsqZbcotuSeuVIAbi1n5vfWMU+jr8RSHl4
aOApox9wmuheePeFSNyH2n8KwxHT63p5B1FrLUEzA800IoWeXaCSIvkpRzHj4VUB
QjJkA/h6Ae29ExiJfZdOEgtoxw8nYarRL20gZXrbhdg/lPZM1aaJcCSZdZfRdh4w
Gm+FG83fc7TXmbOjhVpEhAYDUm3RdoI7pOnDk63hAIVX3PFX6d7b3JJauiwR6FJ0
IGPCF78hiCQq+1VV463SDEykG8E359Wcxw3t7ib7zjacaRQ=
-----END CERTIFICATE-----