Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38322e37322e302f32322d3234203d3e203437353833.roa
File:                     34352e38322e37322e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          11hCzaHrlWnkuP1+Z8DwrgCYqB40D554fut0s/MpOuk=
Subject key identifier:   FA:F3:E3:16:CB:9A:E0:B1:88:37:CC:BF:46:38:4B:9C:87:7C:82:B3
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       7995EDA05A72AD62946BD77C132481C7187BEDBE
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38322e37322e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     47583
IP address blocks:        45.82.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:95:ed:a0:5a:72:ad:62:94:6b:d7:7c:13:24:81:c7:18:7b:ed:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=FAF3E316CB9AE0B18837CCBF46384B9C877C82B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:82:e7:43:7e:89:d6:e7:76:df:37:93:f7:ba:
                    26:3d:83:0a:b2:6d:35:db:37:27:84:84:aa:dc:fc:
                    df:57:ac:82:57:9e:e6:ad:a6:b6:4e:b0:9d:7a:dd:
                    fa:ea:7c:b6:c9:27:65:e9:21:18:c2:e3:41:aa:b6:
                    ce:7c:db:f7:8d:38:c6:da:23:54:08:5d:e1:ca:94:
                    c2:20:dc:5a:32:80:cf:07:db:39:26:59:45:35:7f:
                    41:8f:20:0b:77:77:d9:c3:05:d8:f5:53:ca:0c:1e:
                    34:03:b9:0e:b9:8b:4d:fb:30:21:ae:71:23:4e:87:
                    1c:0c:85:90:a1:fc:71:8c:8b:86:9d:d5:35:0c:4b:
                    4e:3c:dc:91:b0:d1:11:c2:af:02:04:92:bb:c3:ba:
                    d5:a0:8b:81:30:db:65:0b:2b:3f:4a:95:55:1c:b4:
                    04:60:7b:3a:13:f6:c0:56:3e:9f:ad:66:dc:5d:17:
                    13:56:de:f0:4a:05:14:45:ef:57:9a:d8:c7:ca:ed:
                    0b:31:89:47:83:e1:c1:14:1e:40:72:ea:f3:e3:b9:
                    84:f8:85:94:5a:6d:85:ea:f8:a0:2e:e1:69:3a:6a:
                    4c:36:a8:32:d2:c1:1f:49:d8:c9:bf:42:3a:c3:cd:
                    13:d8:e6:d4:30:a7:ff:33:7f:29:b5:07:64:4e:5c:
                    95:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F3:E3:16:CB:9A:E0:B1:88:37:CC:BF:46:38:4B:9C:87:7C:82:B3
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e38322e37322e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:24:f1:9f:c4:07:f2:e7:e3:21:c4:f4:8c:93:e1:9d:84:34:
         f5:f8:c0:ba:36:c9:5b:17:30:bf:c6:cc:91:2c:82:66:68:4f:
         56:7f:10:89:70:9b:42:a4:a9:74:cb:a7:25:01:53:09:bc:e0:
         b4:e1:56:b6:ad:1c:b0:b1:b8:a5:33:b6:e6:37:17:e9:0c:d5:
         2c:d5:ac:56:0d:46:05:c8:2a:88:5b:47:cc:d1:73:00:12:f5:
         06:c9:29:41:a1:e1:d1:c4:4f:39:fd:da:b1:4f:a7:c6:5b:28:
         13:76:54:2e:85:59:f9:7f:52:b4:e8:4c:a7:7b:a7:52:b2:fd:
         05:95:83:78:f3:35:06:b2:90:86:53:eb:23:4d:82:f0:6a:1c:
         5e:e5:20:ca:5b:08:55:eb:e0:a8:69:86:4d:27:5e:ef:34:0c:
         61:e4:c5:aa:f3:d7:56:c3:31:fa:cc:df:bb:a3:4d:26:df:84:
         ba:94:40:e3:39:2e:8f:2d:01:56:51:27:58:d0:33:19:dc:f1:
         9a:ee:46:41:6f:8e:4a:19:a1:c6:6a:90:10:32:1a:6b:46:5a:
         1f:e7:74:bc:a3:74:57:bb:ec:07:61:25:2f:0e:5f:8f:01:e0:
         64:81:27:14:aa:f6:83:b9:dc:ec:87:50:a8:ea:f8:8e:20:2b:
         5a:ef:61:7d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUeZXtoFpyrWKUa9d8EySBxxh77b4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKEZBRjNFMzE2Q0I5QUUwQjE4ODM3Q0NCRjQ2Mzg0QjlDODc3QzgyQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+gudDfonW53bfN5P3uiY9gwqy
bTXbNyeEhKrc/N9XrIJXnuatprZOsJ163frqfLbJJ2XpIRjC40Gqts582/eNOMba
I1QIXeHKlMIg3FoygM8H2zkmWUU1f0GPIAt3d9nDBdj1U8oMHjQDuQ65i037MCGu
cSNOhxwMhZCh/HGMi4ad1TUMS0483JGw0RHCrwIEkrvDutWgi4Ew22ULKz9KlVUc
tARgezoT9sBWPp+tZtxdFxNW3vBKBRRF71ea2MfK7QsxiUeD4cEUHkBy6vPjuYT4
hZRabYXq+KAu4Wk6akw2qDLSwR9J2Mm/QjrDzRPY5tQwp/8zfym1B2ROXJX1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+vPjFsua4LGIN8y/RjhLnId8grMwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgzMjJlMzczMjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItUkgw
DQYJKoZIhvcNAQELBQADggEBABMk8Z/EB/Ln4yHE9IyT4Z2ENPX4wLo2yVsXML/G
zJEsgmZoT1Z/EIlwm0KkqXTLpyUBUwm84LThVratHLCxuKUztuY3F+kM1SzVrFYN
RgXIKohbR8zRcwAS9QbJKUGh4dHETzn92rFPp8ZbKBN2VC6FWfl/UrToTKd7p1Ky
/QWVg3jzNQaykIZT6yNNgvBqHF7lIMpbCFXr4Khphk0nXu80DGHkxarz11bDMfrM
37ujTSbfhLqUQOM5Lo8tAVZRJ1jQMxnc8ZruRkFvjkoZocZqkBAyGmtGWh/ndLyj
dFe77AdhJS8OX48B4GSBJxSq9oO53OyHUKjq+I4gK1rvYX0=
-----END CERTIFICATE-----