Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38322e37322e302f32322d3234203d3e203437353833.roa
File:                     34352e38322e37322e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          VNFjO1+RkQ2TLztPVX/YwNFpQGqlLKkcMH6mCgAQlxM=
Subject key identifier:   98:AC:CA:14:2F:8F:ED:74:D6:1A:A8:21:12:6C:AC:C5:34:8D:63:5C
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       7C83A4D1A74ABC50BB51B1B2CAE211C33697DA5F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38322e37322e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:47 +0000
ROA not before:           Mon 27 Jan 2025 09:39:47 +0000
ROA not after:            Mon 26 Jan 2026 09:44:47 +0000
asID:                     47583
IP address blocks:        45.82.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 14:33:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:83:a4:d1:a7:4a:bc:50:bb:51:b1:b2:ca:e2:11:c3:36:97:da:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 27 09:39:47 2025 GMT
            Not After : Jan 26 09:44:47 2026 GMT
        Subject: CN=98ACCA142F8FED74D61AA821126CACC5348D635C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:b9:05:61:6f:76:1d:a2:97:5a:8c:46:d6:50:
                    5c:30:0c:e5:ba:50:7e:49:a8:75:02:1d:0f:ea:a6:
                    c4:9a:79:6a:41:3f:d1:96:76:0d:b6:9a:29:84:ec:
                    a8:52:29:56:63:5b:06:06:b4:8c:38:d2:ae:a9:10:
                    86:e5:c7:df:97:06:04:02:62:68:e9:8e:e5:03:8b:
                    e8:a7:26:09:7a:1a:e0:8d:cc:b8:79:29:a0:98:64:
                    5d:8b:26:5a:96:2e:e7:64:39:1a:f7:ec:4b:46:67:
                    37:e5:96:0e:ec:a3:6e:c0:b2:50:dd:61:3c:ab:38:
                    36:77:f3:8d:b8:b0:c3:82:c1:42:40:c7:f0:f3:73:
                    00:2f:f3:b4:12:b4:a7:2b:e0:8a:27:38:8d:87:b2:
                    0d:3c:48:14:84:62:02:7d:e3:6e:a2:c8:c4:34:85:
                    e4:43:fb:08:61:e6:16:b3:69:d4:58:f2:9a:91:ec:
                    8d:73:22:d9:8b:e1:0b:7e:6a:34:b8:72:24:39:44:
                    da:9a:1d:df:89:6f:08:85:3a:d6:5c:98:d8:e1:5a:
                    56:2f:59:79:91:d1:73:54:71:0a:67:b9:6e:41:dd:
                    15:60:86:08:ff:8e:a0:7d:db:f7:62:b4:03:17:8b:
                    46:b7:c4:14:19:ba:85:d8:eb:64:4e:a5:51:64:3e:
                    3e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:AC:CA:14:2F:8F:ED:74:D6:1A:A8:21:12:6C:AC:C5:34:8D:63:5C
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38322e37322e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:fa:30:91:90:8f:a4:0e:6f:09:25:e9:6f:45:04:3f:8e:ca:
         41:c7:01:ad:aa:89:3d:30:37:82:c4:ee:81:8c:fe:4c:9c:ad:
         0f:e5:11:a5:cc:cf:36:31:35:b1:0e:cc:6e:dc:25:77:a7:65:
         6b:36:fd:2d:9c:84:5a:60:22:9e:0d:ea:f5:e5:3f:4b:bc:b9:
         60:ee:f1:c1:71:b6:e7:b3:49:6c:ba:49:f9:42:4d:17:10:ce:
         f4:73:c0:d7:44:65:c6:25:bc:81:08:93:65:19:3f:4e:49:f7:
         79:bb:fb:ef:8c:20:b2:76:7e:c1:a8:5b:c3:18:fe:aa:ab:dd:
         88:bb:94:00:1e:fa:e6:cc:80:6e:f9:84:c8:83:0c:be:3d:61:
         45:c3:37:ad:c9:78:16:77:82:35:4a:f4:b2:60:98:8b:cc:6d:
         7f:4b:96:4f:9d:5d:86:ad:1a:da:c7:94:5c:0a:d6:c5:d6:05:
         dd:7a:5b:a9:02:17:db:26:19:18:4e:66:09:0f:a3:ae:50:4b:
         87:93:70:d4:74:66:8c:30:09:68:58:c7:00:61:f1:1f:8c:8a:
         71:de:86:1f:da:be:86:8b:9a:64:0f:66:34:d0:36:3e:b3:b5:
         d7:9f:a0:f6:08:a7:74:96:cc:ca:08:1e:ab:24:01:27:b4:36:
         e6:48:9e:42
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfIOk0adKvFC7UbGyyuIRwzaX2l8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTAxMjcwOTM5NDdaFw0yNjAxMjYwOTQ0NDdaMDMxMTAvBgNV
BAMTKDk4QUNDQTE0MkY4RkVENzRENjFBQTgyMTEyNkNBQ0M1MzQ4RDYzNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDruQVhb3YdopdajEbWUFwwDOW6
UH5JqHUCHQ/qpsSaeWpBP9GWdg22mimE7KhSKVZjWwYGtIw40q6pEIblx9+XBgQC
YmjpjuUDi+inJgl6GuCNzLh5KaCYZF2LJlqWLudkORr37EtGZzfllg7so27AslDd
YTyrODZ38424sMOCwUJAx/DzcwAv87QStKcr4IonOI2Hsg08SBSEYgJ9426iyMQ0
heRD+whh5hazadRY8pqR7I1zItmL4Qt+ajS4ciQ5RNqaHd+JbwiFOtZcmNjhWlYv
WXmR0XNUcQpnuW5B3RVghgj/jqB92/ditAMXi0a3xBQZuoXY62ROpVFkPj73AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmKzKFC+P7XTWGqghEmysxTSNY1wwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgzMjJlMzczMjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItUkgw
DQYJKoZIhvcNAQELBQADggEBAC/6MJGQj6QObwkl6W9FBD+OykHHAa2qiT0wN4LE
7oGM/kycrQ/lEaXMzzYxNbEOzG7cJXenZWs2/S2chFpgIp4N6vXlP0u8uWDu8cFx
tuezSWy6SflCTRcQzvRzwNdEZcYlvIEIk2UZP05J93m7+++MILJ2fsGoW8MY/qqr
3Yi7lAAe+ubMgG75hMiDDL49YUXDN63JeBZ3gjVK9LJgmIvMbX9Llk+dXYatGtrH
lFwK1sXWBd16W6kCF9smGRhOZgkPo65QS4eTcNR0ZowwCWhYxwBh8R+MinHehh/a
voaLmmQPZjTQNj6ztdefoPYIp3SWzMoIHqskASe0NuZInkI=
-----END CERTIFICATE-----