Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e20383334.roa
File:                     34352e382e3133352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cbNtg1qESW6dnScJGzfD7cnlNgVWkRCJydGE2JXrSJ4=
Subject key identifier:   23:ED:4C:48:45:72:D1:EC:6F:D0:1B:74:AB:42:D9:E7:B7:53:60:D1
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       06093293D10FD7A6C51AFE216365528AD3DA2024
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e20383334.roa
Signing time:             Tue 16 Jul 2024 08:04:13 +0000
ROA not before:           Tue 16 Jul 2024 07:59:13 +0000
ROA not after:            Tue 15 Jul 2025 08:04:13 +0000
asID:                     834
IP address blocks:        45.8.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Feb 2025 22:23:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:09:32:93:d1:0f:d7:a6:c5:1a:fe:21:63:65:52:8a:d3:da:20:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jul 16 07:59:13 2024 GMT
            Not After : Jul 15 08:04:13 2025 GMT
        Subject: CN=23ED4C484572D1EC6FD01B74AB42D9E7B75360D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:ee:a2:73:74:08:ba:d1:57:f5:e1:69:ef:a5:
                    60:d0:d2:90:db:8e:a6:3e:88:08:5b:e1:df:c6:38:
                    f9:b7:22:6d:a1:d7:2f:a8:0f:67:3b:f9:32:ec:dd:
                    d9:7e:c3:dc:46:65:14:2e:56:08:24:79:dd:03:63:
                    62:ad:14:1d:e7:54:c5:40:b7:9d:70:07:c2:4d:cb:
                    5c:28:7a:8d:6f:8c:45:78:47:18:f4:b8:45:3e:e4:
                    31:22:55:e4:58:d7:dc:5c:1a:7a:13:f7:d1:4f:fd:
                    55:be:f9:64:76:8c:7c:f6:12:60:d3:c2:b7:e2:55:
                    75:d0:1c:ae:4c:6d:09:79:94:ad:55:af:17:50:04:
                    92:ff:c6:9b:b0:90:d6:de:ef:74:d3:7d:e1:31:12:
                    77:c1:50:11:c2:4c:80:ee:d4:6f:26:2c:fa:e6:71:
                    a4:31:a4:2b:92:34:c3:5d:d4:d0:76:93:d1:70:e0:
                    4f:bd:71:13:d9:cb:a5:88:60:52:a9:b4:85:ad:7d:
                    0f:1c:6d:6b:7c:87:b6:4b:a5:4a:ac:15:4c:aa:4f:
                    c6:62:e6:97:d2:62:f6:35:ec:4e:b6:a9:ec:b5:10:
                    e8:d2:4a:8b:2c:d7:bd:5f:f7:8d:65:cf:9d:b5:0b:
                    96:37:e3:be:3b:d6:b1:82:4d:d7:40:9a:91:65:66:
                    95:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:ED:4C:48:45:72:D1:EC:6F:D0:1B:74:AB:42:D9:E7:B7:53:60:D1
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:f9:8c:c4:2d:dc:e9:b5:74:00:ce:dd:84:b6:d1:2c:f0:aa:
         64:b7:be:e6:1e:da:ee:fd:b5:68:7d:83:22:a4:f9:46:45:c2:
         fe:f0:8a:dc:cf:62:6f:db:f9:01:1e:d8:c9:3a:95:72:81:77:
         81:ba:21:40:7b:5d:dd:b0:bd:fc:59:f9:68:b5:ec:2a:3a:98:
         9f:d2:88:be:2b:9c:73:38:d8:b8:09:db:5d:89:ad:af:bc:ce:
         90:ca:48:e5:5f:10:d9:01:fe:c3:f9:0d:a4:c4:be:73:25:25:
         9c:9b:41:ae:60:54:eb:49:24:37:9d:0f:41:1a:19:01:de:00:
         64:28:4b:0c:65:a4:36:33:90:1a:4c:5c:53:b4:ce:79:a0:14:
         f5:7d:3f:f8:2f:2d:e4:a4:7d:e3:f3:37:16:72:89:b1:78:18:
         5d:bf:be:18:86:84:d1:20:51:0c:a4:fe:62:b4:ea:a2:1e:09:
         47:f4:9e:0a:f3:a1:a4:c4:62:f0:bc:66:34:fc:73:92:ee:cc:
         db:4e:ac:ca:e0:a0:5b:51:fc:07:33:7f:14:a5:ca:e1:5c:9f:
         fe:4c:dd:3d:7b:ca:04:fd:8e:51:81:b9:18:33:57:8e:a8:5a:
         0c:f9:d0:e7:d9:50:ae:3b:8c:af:bc:2b:40:a4:ed:d2:d2:60:
         2d:dc:ee:4f
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUBgkyk9EP16bFGv4hY2VSitPaICQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA3MTYwNzU5MTNaFw0yNTA3MTUwODA0MTNaMDMxMTAvBgNV
BAMTKDIzRUQ0QzQ4NDU3MkQxRUM2RkQwMUI3NEFCNDJEOUU3Qjc1MzYwRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDw7qJzdAi60Vf14WnvpWDQ0pDb
jqY+iAhb4d/GOPm3Im2h1y+oD2c7+TLs3dl+w9xGZRQuVggked0DY2KtFB3nVMVA
t51wB8JNy1woeo1vjEV4Rxj0uEU+5DEiVeRY19xcGnoT99FP/VW++WR2jHz2EmDT
wrfiVXXQHK5MbQl5lK1VrxdQBJL/xpuwkNbe73TTfeExEnfBUBHCTIDu1G8mLPrm
caQxpCuSNMNd1NB2k9Fw4E+9cRPZy6WIYFKptIWtfQ8cbWt8h7ZLpUqsFUyqT8Zi
5pfSYvY17E62qey1EOjSSoss171f941lz521C5Y347471rGCTddAmpFlZpU1AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUI+1MSEVy0exv0Bt0q0LZ57dTYNEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IhzANBgkq
hkiG9w0BAQsFAAOCAQEAV/mMxC3c6bV0AM7dhLbRLPCqZLe+5h7a7v21aH2DIqT5
RkXC/vCK3M9ib9v5AR7YyTqVcoF3gbohQHtd3bC9/Fn5aLXsKjqYn9KIviucczjY
uAnbXYmtr7zOkMpI5V8Q2QH+w/kNpMS+cyUlnJtBrmBU60kkN50PQRoZAd4AZChL
DGWkNjOQGkxcU7TOeaAU9X0/+C8t5KR94/M3FnKJsXgYXb++GIaE0SBRDKT+YrTq
oh4JR/SeCvOhpMRi8LxmNPxzku7M206syuCgW1H8BzN/FKXK4Vyf/kzdPXvKBP2O
UYG5GDNXjqhaDPnQ59lQrjuMr7wrQKTt0tJgLdzuTw==
-----END CERTIFICATE-----