Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e2039333034.roa
File:                     34352e382e3133342e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          KcxKT2Yf0xjFQODxNKZJYq/ToOBXFyqpdq0s1lfPKSk=
Subject key identifier:   0C:B9:62:EA:0C:5E:E1:2F:28:63:1D:6B:D7:B0:C4:9C:EA:11:02:4B
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       458254495B56D577946D9C6E25E12C9C76DA5E66
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 02 Jun 2025 18:50:05 +0000
ROA not before:           Mon 02 Jun 2025 18:45:05 +0000
ROA not after:            Mon 01 Jun 2026 18:50:05 +0000
asID:                     9304
IP address blocks:        45.8.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:82:54:49:5b:56:d5:77:94:6d:9c:6e:25:e1:2c:9c:76:da:5e:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jun  2 18:45:05 2025 GMT
            Not After : Jun  1 18:50:05 2026 GMT
        Subject: CN=0CB962EA0C5EE12F28631D6BD7B0C49CEA11024B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:81:46:67:08:40:5f:00:a1:0d:ad:c4:93:47:
                    7a:81:48:80:bf:0a:74:54:0b:42:15:7a:a6:53:a9:
                    56:83:56:1a:87:6f:2d:a3:3f:a3:97:98:e3:d2:e1:
                    e3:ee:ee:8d:1f:f1:82:5b:2c:be:3c:98:03:37:ef:
                    83:0b:27:2a:d9:86:e2:65:1d:f9:be:50:4d:6c:b8:
                    64:8e:b8:73:5b:e6:9c:2d:ae:b2:ad:96:39:35:ea:
                    7a:cd:0a:2c:85:77:23:1f:87:be:59:a4:6d:c2:ca:
                    f8:81:07:7b:d4:35:11:76:3d:cb:72:cd:54:a1:12:
                    ec:dc:ee:02:bf:bf:50:81:33:f4:1c:3f:a2:db:dd:
                    28:ec:f5:a2:a8:1d:c5:a8:2a:f0:0e:cb:14:31:82:
                    63:96:31:c2:19:5e:06:7b:cf:87:82:8a:41:d2:10:
                    e5:52:1e:48:3f:3d:6b:74:4e:9a:3c:bf:e9:d2:a2:
                    14:b6:03:38:28:ad:bd:2e:8b:c4:a5:4f:07:39:7e:
                    05:71:c3:fe:49:2f:9b:dd:b3:5d:32:9f:4c:79:00:
                    30:e3:94:91:b3:d3:60:1f:69:5d:bb:a2:93:a0:7d:
                    26:75:41:f0:91:06:89:f6:47:d4:41:c5:fe:32:84:
                    7e:8b:9d:f8:0d:e4:cd:88:66:bf:ee:af:48:b5:aa:
                    37:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B9:62:EA:0C:5E:E1:2F:28:63:1D:6B:D7:B0:C4:9C:EA:11:02:4B
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:d4:ab:02:56:1b:6c:2e:98:86:0b:ab:57:83:d4:bc:04:38:
         2f:5f:9f:03:b3:55:46:8b:fd:61:ba:0c:8f:34:87:88:10:5a:
         b4:e4:45:8d:a0:f2:0d:65:40:7d:70:2e:9d:25:25:9d:a4:1f:
         e7:b5:cd:5c:83:19:ed:a6:13:0d:62:72:20:80:c3:99:7d:f8:
         c2:f9:18:ad:da:7f:59:a9:e3:03:00:88:91:7f:1a:3f:2b:22:
         ef:65:53:a3:7f:88:78:4f:22:72:4c:2c:b5:de:57:c5:5c:c0:
         89:25:b1:81:5f:cd:2f:08:e6:41:0d:8e:69:93:46:7a:26:e5:
         c7:df:d1:ac:f2:6b:2a:b0:01:0a:8f:e0:39:9c:c7:dd:10:5c:
         76:a0:cb:e1:aa:c8:b3:39:c1:34:8d:8a:dc:f1:bf:df:eb:af:
         e5:c0:54:48:da:3f:30:ee:68:1d:d5:59:9a:fd:cf:02:05:c3:
         f4:f7:3b:75:d7:be:02:35:11:53:ce:e2:9d:84:7b:2b:88:5e:
         9c:32:38:a4:1e:83:af:55:12:c2:f9:6f:b3:fe:eb:7e:c4:3b:
         fa:df:50:18:7a:ea:d6:26:94:67:53:86:de:b7:11:37:7c:c1:
         9d:95:3d:bf:47:94:6b:07:29:67:af:02:40:1f:7a:b5:60:81:
         1a:e9:53:2f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURYJUSVtW1XeUbZxuJeEsnHbaXmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA2MDIxODQ1MDVaFw0yNjA2MDExODUwMDVaMDMxMTAvBgNV
BAMTKDBDQjk2MkVBMEM1RUUxMkYyODYzMUQ2QkQ3QjBDNDlDRUExMTAyNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzgUZnCEBfAKENrcSTR3qBSIC/
CnRUC0IVeqZTqVaDVhqHby2jP6OXmOPS4ePu7o0f8YJbLL48mAM374MLJyrZhuJl
Hfm+UE1suGSOuHNb5pwtrrKtljk16nrNCiyFdyMfh75ZpG3CyviBB3vUNRF2Pcty
zVShEuzc7gK/v1CBM/QcP6Lb3Sjs9aKoHcWoKvAOyxQxgmOWMcIZXgZ7z4eCikHS
EOVSHkg/PWt0Tpo8v+nSohS2Azgorb0ui8SlTwc5fgVxw/5JL5vds10yn0x5ADDj
lJGz02AfaV27opOgfSZ1QfCRBon2R9RBxf4yhH6LnfgN5M2IZr/ur0i1qjcJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUDLli6gxe4S8oYx1r17DEnOoRAkswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzMzMDM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQiGMA0G
CSqGSIb3DQEBCwUAA4IBAQAR1KsCVhtsLpiGC6tXg9S8BDgvX58Ds1VGi/1hugyP
NIeIEFq05EWNoPINZUB9cC6dJSWdpB/ntc1cgxntphMNYnIggMOZffjC+Rit2n9Z
qeMDAIiRfxo/KyLvZVOjf4h4TyJyTCy13lfFXMCJJbGBX80vCOZBDY5pk0Z6JuXH
39Gs8msqsAEKj+A5nMfdEFx2oMvhqsizOcE0jYrc8b/f66/lwFRI2j8w7mgd1Vma
/c8CBcP09zt1174CNRFTzuKdhHsriF6cMjikHoOvVRLC+W+z/ut+xDv631AYeurW
JpRnU4betxE3fMGdlT2/R5RrBylnrwJAH3q1YIEa6VMv
-----END CERTIFICATE-----