Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e2035303635.roa
File:                     34352e382e3133352e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          hACAu5asQ0RzItnKBScCgHbJu45qQhDUR0RLEtU4HXw=
Subject key identifier:   21:EB:6D:2B:A0:C8:61:79:48:9A:95:41:05:10:BA:45:5E:AC:07:A0
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       650F2DC835162BC3CE6183CCC06C53854B0A1698
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e2035303635.roa
Signing time:             Thu 08 May 2025 07:15:59 +0000
ROA not before:           Thu 08 May 2025 07:10:59 +0000
ROA not after:            Thu 07 May 2026 07:15:59 +0000
asID:                     5065
IP address blocks:        45.8.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:0f:2d:c8:35:16:2b:c3:ce:61:83:cc:c0:6c:53:85:4b:0a:16:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May  8 07:10:59 2025 GMT
            Not After : May  7 07:15:59 2026 GMT
        Subject: CN=21EB6D2BA0C86179489A95410510BA455EAC07A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:43:d8:69:46:5a:b7:72:21:32:68:6a:03:67:
                    65:4c:29:21:0b:ff:9a:81:f0:ea:d0:50:80:a1:02:
                    d2:cc:b5:95:e2:a5:e4:59:75:74:a7:e8:f5:1c:9b:
                    ce:93:6e:c7:05:6f:04:b4:62:0d:c5:b7:9b:f1:24:
                    4c:24:24:93:16:35:3b:d6:32:af:c3:b2:7b:d2:6c:
                    fb:2a:c4:ad:00:ce:ab:6a:74:88:04:b3:a3:36:0e:
                    8a:58:db:f2:29:90:21:63:60:3e:ac:fe:76:9d:27:
                    e4:0a:34:ca:7c:1e:0b:43:b8:57:54:f5:2a:a9:06:
                    b0:8a:d8:33:13:3b:bd:1c:fc:5a:14:0c:90:1d:4e:
                    7c:fc:f4:7b:dc:a4:da:35:0d:2b:6a:06:47:7e:3b:
                    d9:df:4a:d2:32:5c:00:45:f7:58:43:bc:d6:f3:36:
                    70:e2:b3:c7:23:dd:f0:8e:2c:9f:68:09:60:28:0e:
                    71:eb:9f:4a:09:c8:0d:82:0d:3f:45:7a:3d:2d:4c:
                    1f:1a:d8:e4:4e:9a:9f:3f:cd:88:ff:fc:12:55:47:
                    59:fb:e8:85:e3:23:79:36:70:ac:d7:0c:45:a8:b5:
                    eb:1d:a4:5a:e4:12:15:e6:45:1e:a6:74:2f:7c:9e:
                    d6:ff:69:bc:9f:b8:e8:0a:b6:1a:49:83:a3:9e:1e:
                    29:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:EB:6D:2B:A0:C8:61:79:48:9A:95:41:05:10:BA:45:5E:AC:07:A0
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:0e:e0:22:56:43:f7:45:11:73:c0:bd:89:b1:70:32:1e:cf:
         fb:6a:d2:d7:c2:97:4b:10:84:a1:b1:54:36:ad:b1:d4:ae:4d:
         3b:7c:69:62:d9:fb:29:8c:26:42:a1:3e:5b:48:d4:75:c5:55:
         fb:ed:d3:76:9a:de:ff:05:1a:66:ec:84:80:04:c0:b3:9d:24:
         e2:05:74:79:d9:99:91:57:05:f9:1a:91:5c:aa:c2:e1:0e:6f:
         24:f6:d2:ba:4b:1c:dc:68:7b:7d:96:fe:a9:86:45:18:e6:23:
         36:21:7a:69:fd:af:a4:ce:84:30:01:41:fd:80:39:0f:a8:17:
         81:55:08:e5:4c:12:a6:2c:ec:ee:dd:3a:9c:9a:71:ef:11:3c:
         8c:d3:ea:78:68:4c:78:53:e9:35:54:f3:22:35:73:ad:f8:5b:
         b7:4c:d2:31:b5:9c:99:11:a1:3a:82:04:ec:b0:31:f2:40:37:
         f2:c4:78:20:7f:2d:b8:1d:63:c9:2b:5a:2e:15:39:4e:b1:78:
         c4:76:d0:84:50:ec:44:1f:c9:ca:f4:5e:ef:34:e0:52:ff:0f:
         9c:5e:b3:8a:5f:58:52:b3:52:66:a7:b8:a4:7d:3a:be:6f:e2:
         72:3a:1b:f2:9e:61:5e:ee:bc:93:5b:2d:5b:c6:55:12:83:c8:
         3d:00:c5:3b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUZQ8tyDUWK8POYYPMwGxThUsKFpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA1MDgwNzEwNTlaFw0yNjA1MDcwNzE1NTlaMDMxMTAvBgNV
BAMTKDIxRUI2RDJCQTBDODYxNzk0ODlBOTU0MTA1MTBCQTQ1NUVBQzA3QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDQ9hpRlq3ciEyaGoDZ2VMKSEL
/5qB8OrQUIChAtLMtZXipeRZdXSn6PUcm86TbscFbwS0Yg3Ft5vxJEwkJJMWNTvW
Mq/DsnvSbPsqxK0AzqtqdIgEs6M2DopY2/IpkCFjYD6s/nadJ+QKNMp8HgtDuFdU
9SqpBrCK2DMTO70c/FoUDJAdTnz89HvcpNo1DStqBkd+O9nfStIyXABF91hDvNbz
NnDis8cj3fCOLJ9oCWAoDnHrn0oJyA2CDT9Fej0tTB8a2OROmp8/zYj//BJVR1n7
6IXjI3k2cKzXDEWotesdpFrkEhXmRR6mdC98ntb/abyfuOgKthpJg6OeHin3AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUIettK6DIYXlImpVBBRC6RV6sB6AwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzAzNjM1LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQiHMA0G
CSqGSIb3DQEBCwUAA4IBAQCqDuAiVkP3RRFzwL2JsXAyHs/7atLXwpdLEIShsVQ2
rbHUrk07fGli2fspjCZCoT5bSNR1xVX77dN2mt7/BRpm7ISABMCznSTiBXR52ZmR
VwX5GpFcqsLhDm8k9tK6SxzcaHt9lv6phkUY5iM2IXpp/a+kzoQwAUH9gDkPqBeB
VQjlTBKmLOzu3TqcmnHvETyM0+p4aEx4U+k1VPMiNXOt+Fu3TNIxtZyZEaE6ggTs
sDHyQDfyxHggfy24HWPJK1ouFTlOsXjEdtCEUOxEH8nK9F7vNOBS/w+cXrOKX1hS
s1Jmp7ikfTq+b+JyOhvynmFe7ryTWy1bxlUSg8g9AMU7
-----END CERTIFICATE-----