Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e38342e3133382e302f32342d3332203d3e203531313637.roa
File:                     34352e38342e3133382e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          3nHS5gz1dW0HelVBNCkGo/UoWfQiX5E6CfqHnxvLktw=
Subject key identifier:   2F:6D:E3:C5:38:44:AC:63:17:D0:45:BB:4B:5D:30:61:B2:4C:37:08
Certificate issuer:       /CN=12c2a8354689aec2a74fca14944927621ba27c94
Certificate serial:       08480F40732DCD651FCC4611387824DF9A3AFB7E
Authority key identifier: 12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e38342e3133382e302f32342d3332203d3e203531313637.roa
Signing time:             Mon 26 Feb 2024 08:53:38 +0000
ROA not before:           Mon 26 Feb 2024 08:48:38 +0000
ROA not after:            Mon 24 Feb 2025 08:53:38 +0000
asID:                     51167
IP address blocks:        45.84.138.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:48:0f:40:73:2d:cd:65:1f:cc:46:11:38:78:24:df:9a:3a:fb:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c2a8354689aec2a74fca14944927621ba27c94
        Validity
            Not Before: Feb 26 08:48:38 2024 GMT
            Not After : Feb 24 08:53:38 2025 GMT
        Subject: CN=2F6DE3C53844AC6317D045BB4B5D3061B24C3708
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:9f:a8:d9:40:22:80:f6:ec:c5:b9:f3:a8:05:
                    07:69:47:32:13:b5:6d:ac:09:52:cb:f4:18:70:b1:
                    81:8c:d9:a6:a6:21:10:c4:1b:5a:a3:5c:e8:af:dc:
                    21:89:10:3e:f0:24:80:da:5d:19:cb:55:58:d0:37:
                    21:16:b0:da:69:bc:17:d7:56:59:dd:6d:98:4c:4e:
                    a5:0b:c7:76:17:3f:77:27:50:9b:b8:71:95:6b:69:
                    b5:a1:60:57:aa:e3:10:32:39:a6:f0:c2:8d:51:d9:
                    55:67:d5:c2:35:2c:c3:02:08:ea:2a:fc:47:55:7f:
                    21:9d:86:72:47:03:2b:e4:96:93:3b:c6:93:60:1e:
                    1d:bd:70:68:28:4e:79:95:14:56:9b:c2:c7:3b:f2:
                    7d:1e:82:54:06:f8:b4:28:c5:77:d0:ca:4b:73:f8:
                    f9:e9:d4:d2:57:2c:d9:e2:d3:9e:40:65:bb:12:2e:
                    f1:a5:0e:86:48:a3:dd:7e:fc:46:d5:85:57:a1:0c:
                    b9:86:a3:cf:99:88:74:1a:34:57:df:9f:28:2a:68:
                    05:8a:a6:d1:64:47:b2:a2:c7:f5:ee:94:74:87:e6:
                    c6:6a:55:58:5c:d7:4e:7f:f1:9d:bb:c7:5c:61:b2:
                    53:d9:e3:e7:d5:93:dd:19:4d:fe:37:5c:61:38:9a:
                    cf:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:6D:E3:C5:38:44:AC:63:17:D0:45:BB:4B:5D:30:61:B2:4C:37:08
            X509v3 Authority Key Identifier:
                keyid:12:C2:A8:35:46:89:AE:C2:A7:4F:CA:14:94:49:27:62:1B:A2:7C:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/12C2A8354689AEC2A74FCA14944927621BA27C94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsKoNUaJrsKnT8oUlEknYhuifJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/7/34352e38342e3133382e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:31:4b:84:1b:aa:a9:bb:0b:7d:98:b3:3f:78:74:85:d9:5c:
         aa:dc:94:6f:52:49:95:f7:5c:c1:52:2b:56:a6:3f:51:0f:0f:
         87:b4:49:85:0d:e1:e6:91:35:59:e7:c3:f4:67:12:a6:2a:55:
         42:78:2f:b4:33:1f:12:9a:ed:d4:16:58:db:a5:20:30:29:9f:
         45:ce:e6:aa:f5:0b:49:74:27:6a:01:a6:98:bb:44:43:27:53:
         c5:17:7a:cb:9c:e3:55:0c:09:2b:9b:6d:f1:67:37:79:41:96:
         a0:2d:c5:d9:fa:0c:5d:b6:f1:83:1d:91:19:96:77:c5:c8:aa:
         d8:58:f6:fd:51:68:0c:e8:68:a7:1f:17:28:ad:3f:0e:3c:7a:
         ea:19:59:f2:50:5f:c4:15:99:ee:51:eb:f3:97:1a:98:e9:8b:
         0a:01:df:69:ba:ca:cb:e2:91:97:32:31:4c:c3:76:35:b3:21:
         02:ec:07:d5:81:68:95:ba:56:3b:5a:d3:e8:31:79:f1:7e:bf:
         7a:bd:61:ca:d4:15:7f:ae:da:4c:09:7a:7a:f2:78:15:bf:17:
         10:dc:66:7f:9d:7e:63:1a:4a:be:e9:6b:c9:d3:61:29:8e:0e:
         a9:b3:d3:11:79:d2:88:8a:12:66:71:2f:26:dc:34:55:fb:e1:
         ad:c5:d5:0e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCEgPQHMtzWUfzEYROHgk35o6+34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTJjMmE4MzU0Njg5YWVjMmE3NGZjYTE0OTQ0OTI3NjIx
YmEyN2M5NDAeFw0yNDAyMjYwODQ4MzhaFw0yNTAyMjQwODUzMzhaMDMxMTAvBgNV
BAMTKDJGNkRFM0M1Mzg0NEFDNjMxN0QwNDVCQjRCNUQzMDYxQjI0QzM3MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6n6jZQCKA9uzFufOoBQdpRzIT
tW2sCVLL9BhwsYGM2aamIRDEG1qjXOiv3CGJED7wJIDaXRnLVVjQNyEWsNppvBfX
VlndbZhMTqULx3YXP3cnUJu4cZVrabWhYFeq4xAyOabwwo1R2VVn1cI1LMMCCOoq
/EdVfyGdhnJHAyvklpM7xpNgHh29cGgoTnmVFFabwsc78n0eglQG+LQoxXfQyktz
+Pnp1NJXLNni055AZbsSLvGlDoZIo91+/EbVhVehDLmGo8+ZiHQaNFffnygqaAWK
ptFkR7Kix/XulHSH5sZqVVhc105/8Z27x1xhslPZ4+fVk90ZTf43XGE4ms9JAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUL23jxThErGMX0EW7S10wYbJMNwgwHwYDVR0j
BBgwFoAUEsKoNUaJrsKnT8oUlEknYhuifJQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzcvMTJDMkE4MzU0Njg5QUVDMkE3NEZDQTE0OTQ0OTI3NjIxQkEyN0M5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0VzS29OVWFKcnNLblQ4b1VsRWtuWWh1
aWZKUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzcvMzQzNTJlMzgzNDJlMzEzMzM4
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1U
ijANBgkqhkiG9w0BAQsFAAOCAQEARDFLhBuqqbsLfZizP3h0hdlcqtyUb1JJlfdc
wVIrVqY/UQ8Ph7RJhQ3h5pE1WefD9GcSpipVQngvtDMfEprt1BZY26UgMCmfRc7m
qvULSXQnagGmmLtEQydTxRd6y5zjVQwJK5tt8Wc3eUGWoC3F2foMXbbxgx2RGZZ3
xciq2Fj2/VFoDOhopx8XKK0/Djx66hlZ8lBfxBWZ7lHr85camOmLCgHfabrKy+KR
lzIxTMN2NbMhAuwH1YFolbpWO1rT6DF58X6/er1hytQVf67aTAl6evJ4Fb8XENxm
f51+YxpKvulrydNhKY4OqbPTEXnSiIoSZnEvJtw0VfvhrcXVDg==
-----END CERTIFICATE-----