Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132302e302f32322d3234203d3e203432333636.roa
File:                     34352e39302e3132302e302f32322d3234203d3e203432333636.roa (raw, json)
Hash identifier:          Y5Mpf1rrw8wXgv0w71X05Vf/OB7CzjBnppt53WilH48=
Subject key identifier:   0C:DC:B2:B9:5A:CF:D9:5A:C2:CC:8E:C3:09:C4:66:21:08:63:9F:B3
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       453D1E69FDD1AED7245D184E0D57AB70A3FBBADF
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132302e302f32322d3234203d3e203432333636.roa
Signing time:             Mon 11 Mar 2024 08:59:34 +0000
ROA not before:           Mon 11 Mar 2024 08:54:34 +0000
ROA not after:            Mon 10 Mar 2025 08:59:34 +0000
asID:                     42366
IP address blocks:        45.90.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:3d:1e:69:fd:d1:ae:d7:24:5d:18:4e:0d:57:ab:70:a3:fb:ba:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 11 08:54:34 2024 GMT
            Not After : Mar 10 08:59:34 2025 GMT
        Subject: CN=0CDCB2B95ACFD95AC2CC8EC309C4662108639FB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:11:b2:63:b2:1b:32:46:1d:45:a0:64:fe:dd:
                    53:28:fb:29:9a:78:56:16:c5:bc:92:bd:48:44:47:
                    f2:21:9f:50:f4:6a:39:4c:9a:1a:95:4b:b6:2d:2d:
                    97:f7:3a:d1:38:b2:32:2d:b9:e9:75:69:7d:d8:45:
                    1b:5a:7d:f1:f4:ae:11:12:76:a4:8a:d4:4c:e7:72:
                    4a:63:9f:bd:c9:0b:c4:dd:02:24:f4:ad:0b:cc:da:
                    29:eb:30:db:11:a8:25:31:ff:76:e9:6a:97:ab:71:
                    f8:a8:ea:0a:39:6a:df:55:fb:93:47:9a:88:1d:be:
                    41:4f:b0:1d:f5:4b:56:c3:e0:f8:bd:53:4e:80:7f:
                    1e:61:3f:e4:ce:1f:35:57:1f:5c:68:79:b3:4e:d0:
                    0e:5f:97:3b:a2:19:05:3d:4c:f1:19:16:21:03:b0:
                    12:de:c7:69:79:7b:34:f6:72:a0:13:d9:41:36:6f:
                    94:a2:82:cb:c5:61:17:d2:4f:08:7d:e5:1f:16:33:
                    9a:f9:2c:69:a2:a5:2b:1a:78:ce:6c:96:66:65:3d:
                    a9:8e:54:2f:8c:d5:d5:f9:4e:5b:1b:f1:94:8a:a5:
                    fd:30:05:b6:a1:7a:6b:bf:ff:47:35:ec:41:57:24:
                    da:ed:54:35:fc:d6:94:78:0e:ef:c1:f6:ae:61:a5:
                    cb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DC:B2:B9:5A:CF:D9:5A:C2:CC:8E:C3:09:C4:66:21:08:63:9F:B3
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132302e302f32322d3234203d3e203432333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:67:4d:f6:d2:7a:19:aa:08:db:0e:4f:3a:74:4f:5d:3d:bf:
         95:21:9e:54:f6:84:fb:1c:14:6e:0c:05:cb:14:ec:00:61:e6:
         46:4e:8b:5a:27:53:51:9d:48:80:58:16:a0:9b:ea:a3:fe:23:
         c3:93:4d:78:60:15:7f:16:33:1b:0a:86:87:44:35:94:cb:22:
         c4:c5:56:6b:ba:63:21:f6:1b:55:54:6c:f4:72:63:3e:df:87:
         46:d8:0d:47:92:e9:31:3b:34:d9:0b:ed:63:15:fd:0e:7b:ef:
         aa:9d:0a:a1:7d:ce:cc:97:d6:9c:b4:bf:0a:de:5f:d4:b7:0d:
         f9:77:a7:99:10:eb:f6:64:9b:29:05:bb:7b:28:8b:9b:21:6e:
         84:92:ed:54:97:58:61:c8:07:10:50:ee:8e:1e:c2:2e:ff:58:
         be:18:e4:36:fa:0e:98:68:2b:45:32:0d:be:10:93:22:57:8f:
         b2:e6:f6:44:af:78:53:80:05:9c:f5:b8:cc:03:c0:4b:3f:bb:
         18:fd:16:aa:71:f0:8d:3f:56:7b:68:68:26:dc:c8:df:65:c7:
         eb:27:28:27:4b:44:94:3b:22:fa:c8:73:49:1f:8a:c6:88:d0:
         c9:4d:38:3b:91:75:ba:4b:1c:46:7d:16:5d:f3:e8:d0:05:8f:
         fc:3d:8c:1b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURT0eaf3RrtckXRhODVercKP7ut8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDAzMTEwODU0MzRaFw0yNTAzMTAwODU5MzRaMDMxMTAvBgNV
BAMTKDBDRENCMkI5NUFDRkQ5NUFDMkNDOEVDMzA5QzQ2NjIxMDg2MzlGQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2EbJjshsyRh1FoGT+3VMo+yma
eFYWxbySvUhER/Ihn1D0ajlMmhqVS7YtLZf3OtE4sjItuel1aX3YRRtaffH0rhES
dqSK1Eznckpjn73JC8TdAiT0rQvM2inrMNsRqCUx/3bpapercfio6go5at9V+5NH
mogdvkFPsB31S1bD4Pi9U06Afx5hP+TOHzVXH1xoebNO0A5flzuiGQU9TPEZFiED
sBLex2l5ezT2cqAT2UE2b5SigsvFYRfSTwh95R8WM5r5LGmipSsaeM5slmZlPamO
VC+M1dX5Tlsb8ZSKpf0wBbahemu//0c17EFXJNrtVDX81pR4Du/B9q5hpctTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDNyyuVrP2VrCzI7DCcRmIQhjn7MwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMDJlMzEzMjMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzMjMzMzYzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1a
eDANBgkqhkiG9w0BAQsFAAOCAQEAPGdN9tJ6GaoI2w5POnRPXT2/lSGeVPaE+xwU
bgwFyxTsAGHmRk6LWidTUZ1IgFgWoJvqo/4jw5NNeGAVfxYzGwqGh0Q1lMsixMVW
a7pjIfYbVVRs9HJjPt+HRtgNR5LpMTs02QvtYxX9Dnvvqp0KoX3OzJfWnLS/Ct5f
1LcN+XenmRDr9mSbKQW7eyiLmyFuhJLtVJdYYcgHEFDujh7CLv9YvhjkNvoOmGgr
RTINvhCTIlePsub2RK94U4AFnPW4zAPASz+7GP0WqnHwjT9We2hoJtzI32XH6yco
J0tElDsi+shzSR+KxojQyU04O5F1ukscRn0WXfPo0AWP/D2MGw==
-----END CERTIFICATE-----