Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20323037373837.roa
File:                     34352e382e3133342e302f32342d3234203d3e20323037373837.roa (raw, json)
Hash identifier:          L/jC2Bzabc2YK1OPuD6OPflOsaZH+zeCLOIm+e9tou0=
Subject key identifier:   F5:43:87:1E:27:46:52:A9:B1:92:F2:CB:D5:D6:6D:E4:0B:25:A8:FF
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       049EE347105BFAFA22411407A6187F68F2D181E3
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20323037373837.roa
Signing time:             Mon 26 Feb 2024 08:52:45 +0000
ROA not before:           Mon 26 Feb 2024 08:47:45 +0000
ROA not after:            Mon 24 Feb 2025 08:52:45 +0000
asID:                     207787
IP address blocks:        45.8.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:9e:e3:47:10:5b:fa:fa:22:41:14:07:a6:18:7f:68:f2:d1:81:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:45 2024 GMT
            Not After : Feb 24 08:52:45 2025 GMT
        Subject: CN=F543871E274652A9B192F2CBD5D66DE40B25A8FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c3:24:56:fb:85:38:55:1a:d0:1e:87:7c:24:
                    91:ce:1b:b0:26:b1:44:64:21:1e:38:74:de:c4:99:
                    7b:e6:47:92:25:61:55:03:03:5d:a1:fd:b6:c5:7b:
                    f3:9c:e9:fe:8a:b0:08:1f:9d:0d:e6:2d:15:2e:8c:
                    1f:ac:21:6c:65:d6:2d:ce:62:7a:92:e9:be:21:78:
                    d6:30:dd:52:56:06:bc:de:c9:25:c2:de:87:33:b5:
                    1a:8d:18:48:99:ff:ec:64:1e:6e:9f:4a:18:07:d8:
                    ab:1c:51:81:ef:2d:aa:cb:be:36:e6:71:1c:8d:3a:
                    d3:73:81:e6:a7:d3:07:a5:0f:4a:19:28:49:03:cc:
                    b2:d9:16:e7:5a:e1:db:14:0c:9a:c1:0d:75:bd:fc:
                    ab:86:e3:6c:6b:c1:4d:b6:f5:b8:75:fe:e9:4e:f8:
                    d3:5d:3d:23:51:f4:5a:1d:d2:7b:e5:8a:87:d3:e1:
                    d2:27:02:f0:39:15:30:7e:6a:d9:24:f8:da:7f:62:
                    7d:90:3a:41:83:d0:c7:f3:82:7c:10:3d:3a:33:b5:
                    d7:4b:d8:35:0c:75:29:a0:35:0e:43:a8:14:c5:ef:
                    dd:23:4a:d8:8e:d7:38:76:48:1b:fa:66:67:81:1e:
                    aa:9a:93:cc:61:94:72:72:04:22:4c:fe:24:d4:f4:
                    a4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:43:87:1E:27:46:52:A9:B1:92:F2:CB:D5:D6:6D:E4:0B:25:A8:FF
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20323037373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:e1:10:7f:b0:95:1d:ec:e6:a3:bb:13:28:c3:0a:2d:9d:bb:
         3b:a4:76:e6:8c:ee:14:48:98:a7:67:43:79:c2:b3:4e:53:d4:
         c2:63:57:57:a4:8a:f2:ff:f7:8e:1a:8a:d4:68:e3:35:ac:6f:
         a6:84:1f:1e:eb:36:41:c9:e1:d5:50:c9:10:69:dd:9c:41:a6:
         c9:c5:b4:50:70:07:a4:29:12:59:e7:ba:52:f9:e3:2e:ab:2f:
         d2:7e:ff:1b:fb:ee:c1:7e:9a:18:82:02:50:e4:45:23:15:02:
         0a:52:d1:b3:25:76:62:2a:b1:61:aa:27:34:a9:c1:a7:51:99:
         f4:dc:7c:9e:ea:84:34:ec:56:4e:e4:38:2b:fa:38:55:e3:6c:
         e8:48:d3:79:d3:ee:08:b5:3c:c6:a0:1b:a1:d4:57:b9:fb:e4:
         d4:67:6f:26:a9:a9:60:fb:50:0e:53:db:01:e2:7b:3d:36:78:
         0d:ba:d4:c3:ba:23:8b:f4:19:6a:72:11:79:34:fc:63:97:c3:
         e6:aa:2d:9b:70:bc:6d:96:78:2f:47:15:a6:5b:6f:08:c3:31:
         19:a2:dc:d6:0d:03:54:f0:ed:42:68:5a:fc:bf:ba:74:78:bf:
         81:90:67:77:42:b2:80:a1:e9:0b:d9:4f:2b:a0:cd:99:cf:34:
         43:f6:ff:2b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBJ7jRxBb+voiQRQHphh/aPLRgeMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDVaFw0yNTAyMjQwODUyNDVaMDMxMTAvBgNV
BAMTKEY1NDM4NzFFMjc0NjUyQTlCMTkyRjJDQkQ1RDY2REU0MEIyNUE4RkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2wyRW+4U4VRrQHod8JJHOG7Am
sURkIR44dN7EmXvmR5IlYVUDA12h/bbFe/Oc6f6KsAgfnQ3mLRUujB+sIWxl1i3O
YnqS6b4heNYw3VJWBrzeySXC3ocztRqNGEiZ/+xkHm6fShgH2KscUYHvLarLvjbm
cRyNOtNzgean0welD0oZKEkDzLLZFuda4dsUDJrBDXW9/KuG42xrwU229bh1/ulO
+NNdPSNR9Fod0nvliofT4dInAvA5FTB+atkk+Np/Yn2QOkGD0MfzgnwQPToztddL
2DUMdSmgNQ5DqBTF790jStiO1zh2SBv6ZmeBHqqak8xhlHJyBCJM/iTU9KQLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9UOHHidGUqmxkvLL1dZt5AslqP8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNzM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
hjANBgkqhkiG9w0BAQsFAAOCAQEAhuEQf7CVHezmo7sTKMMKLZ27O6R25ozuFEiY
p2dDecKzTlPUwmNXV6SK8v/3jhqK1GjjNaxvpoQfHus2Qcnh1VDJEGndnEGmycW0
UHAHpCkSWee6UvnjLqsv0n7/G/vuwX6aGIICUORFIxUCClLRsyV2YiqxYaonNKnB
p1GZ9Nx8nuqENOxWTuQ4K/o4VeNs6EjTedPuCLU8xqAbodRXufvk1GdvJqmpYPtQ
DlPbAeJ7PTZ4DbrUw7oji/QZanIReTT8Y5fD5qotm3C8bZZ4L0cVpltvCMMxGaLc
1g0DVPDtQmha/L+6dHi/gZBnd0KygKHpC9lPK6DNmc80Q/b/Kw==
-----END CERTIFICATE-----