Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa
File:                     34352e39302e3132322e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          1bk7uEyiNY31NpB69eZZw7c1OlRIMSKf0dWQfOtXc4E=
Subject key identifier:   8F:EC:DC:50:37:93:44:E8:B5:0A:78:AD:A8:49:C5:75:F1:05:90:6C
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       13AE9EE0A1A6FA619A001B38E115DA02B5BBC4F9
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:52:47 +0000
ROA not before:           Wed 22 May 2024 12:47:47 +0000
ROA not after:            Wed 21 May 2025 12:52:47 +0000
asID:                     51167
IP address blocks:        45.90.122.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ae:9e:e0:a1:a6:fa:61:9a:00:1b:38:e1:15:da:02:b5:bb:c4:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: May 22 12:47:47 2024 GMT
            Not After : May 21 12:52:47 2025 GMT
        Subject: CN=8FECDC50379344E8B50A78ADA849C575F105906C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:47:03:12:62:b8:7a:7f:35:a6:e7:99:c9:10:
                    d6:0e:59:25:d3:0b:d9:b0:09:5d:6b:70:27:9d:30:
                    6c:15:85:a6:23:5c:58:a1:a6:01:62:37:47:dd:32:
                    83:bb:e7:3d:55:ae:3a:27:70:c0:f7:ab:3d:b3:95:
                    34:7f:a0:59:19:02:73:11:37:6b:38:95:69:14:3f:
                    33:c0:83:de:df:87:4a:08:98:21:f7:07:dd:74:f8:
                    ba:97:10:7c:f6:94:7e:77:e4:4f:be:e6:2d:dd:96:
                    c3:87:5e:42:9e:1b:d4:1d:df:4c:7e:4a:40:d4:45:
                    5a:9a:f6:17:eb:d6:0e:de:bb:f6:3f:17:0c:71:1c:
                    96:83:70:c6:22:ad:ae:0f:24:af:f8:5a:ba:61:fa:
                    ed:1f:c6:78:8c:31:3e:af:75:00:92:ec:4f:d1:72:
                    ba:6c:1f:e6:dd:2c:d6:b6:de:26:da:6c:9d:88:c2:
                    43:97:5a:eb:0c:e2:40:64:78:57:15:37:dd:12:28:
                    62:df:ce:8f:a5:5f:ce:07:d2:14:3b:62:3e:fd:64:
                    d0:3d:d2:36:e3:ea:18:9f:0f:15:6f:72:5d:af:2a:
                    42:c1:d8:8c:69:93:c6:25:af:ab:a4:7b:a6:90:bd:
                    13:27:bc:c0:b9:db:ca:36:1d:c4:03:d4:1e:1a:cc:
                    1f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:EC:DC:50:37:93:44:E8:B5:0A:78:AD:A8:49:C5:75:F1:05:90:6C
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:8d:8e:ef:c2:e7:13:d4:da:df:67:57:91:ee:4f:eb:57:c5:
         56:de:19:ef:bf:f5:0a:ce:91:b5:af:66:6b:70:ac:e6:73:2d:
         48:89:6d:cb:88:20:3d:f8:48:73:ba:8e:03:75:1c:0e:c4:a6:
         b1:59:fb:6e:b8:d8:63:20:0c:51:57:04:35:b3:85:c3:be:81:
         92:68:f7:1f:da:75:f9:4b:fc:d1:4d:4c:83:a0:37:3e:3b:43:
         dc:97:f3:8d:d0:76:f7:76:f3:f8:ca:f2:46:e3:7f:7e:c3:c5:
         83:7e:88:cd:6b:d1:a3:e5:50:36:6c:b7:81:34:da:51:b6:f9:
         c9:4b:a7:dc:64:36:15:b4:c6:e5:8e:d7:c2:9e:39:11:70:42:
         9e:9e:2f:30:66:e9:ab:3e:00:bc:32:fe:72:7c:34:e6:17:cf:
         d4:49:58:b5:7a:00:64:5e:ef:5e:bb:7c:28:52:33:59:22:cf:
         ce:36:12:9e:80:9b:a8:f5:42:de:47:1e:89:bb:53:c8:68:ff:
         9c:11:fc:6b:08:e7:4d:59:7a:0e:d3:2c:ce:98:d7:61:21:f8:
         ab:fb:a8:0e:57:9d:54:94:97:a6:70:7d:f5:81:9d:fd:94:cb:
         79:9b:72:d1:4b:9e:d7:78:a1:82:4e:14:17:df:22:88:fd:33:
         82:de:de:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE66e4KGm+mGaABs44RXaArW7xPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNDA1MjIxMjQ3NDdaFw0yNTA1MjExMjUyNDdaMDMxMTAvBgNV
BAMTKDhGRUNEQzUwMzc5MzQ0RThCNTBBNzhBREE4NDlDNTc1RjEwNTkwNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8RwMSYrh6fzWm55nJENYOWSXT
C9mwCV1rcCedMGwVhaYjXFihpgFiN0fdMoO75z1VrjoncMD3qz2zlTR/oFkZAnMR
N2s4lWkUPzPAg97fh0oImCH3B910+LqXEHz2lH535E++5i3dlsOHXkKeG9Qd30x+
SkDURVqa9hfr1g7eu/Y/FwxxHJaDcMYira4PJK/4Wrph+u0fxniMMT6vdQCS7E/R
crpsH+bdLNa23ibabJ2IwkOXWusM4kBkeFcVN90SKGLfzo+lX84H0hQ7Yj79ZNA9
0jbj6hifDxVvcl2vKkLB2Ixpk8Ylr6uke6aQvRMnvMC528o2HcQD1B4azB/5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUj+zcUDeTROi1CnitqEnFdfEFkGwwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMDJlMzEzMjMy
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1a
ejANBgkqhkiG9w0BAQsFAAOCAQEAGo2O78LnE9Ta32dXke5P61fFVt4Z77/1Cs6R
ta9ma3Cs5nMtSIlty4ggPfhIc7qOA3UcDsSmsVn7brjYYyAMUVcENbOFw76Bkmj3
H9p1+Uv80U1Mg6A3PjtD3JfzjdB293bz+MryRuN/fsPFg36IzWvRo+VQNmy3gTTa
Ubb5yUun3GQ2FbTG5Y7Xwp45EXBCnp4vMGbpqz4AvDL+cnw05hfP1ElYtXoAZF7v
Xrt8KFIzWSLPzjYSnoCbqPVC3kceibtTyGj/nBH8awjnTVl6DtMszpjXYSH4q/uo
DledVJSXpnB99YGd/ZTLeZty0Uue13ihgk4UF98iiP0zgt7eqQ==
-----END CERTIFICATE-----