Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e39302e3232382e302f32322d3234203d3e203437353833.roa
File:                     34352e39302e3232382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          jyijFwYrDKcSP5hkBWSQ1C8z/UOfrZkq9anCmTHLLbA=
Subject key identifier:   8F:6F:BD:5A:F5:B6:7F:46:9B:FA:24:D8:24:F3:CB:43:D8:70:FA:CD
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       32F1D76B4E5B783A0330DE9C32D203177F982A7E
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e39302e3232382e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:47 +0000
ROA not before:           Mon 26 Feb 2024 08:48:47 +0000
ROA not after:            Mon 24 Feb 2025 08:53:47 +0000
asID:                     47583
IP address blocks:        45.90.228.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:f1:d7:6b:4e:5b:78:3a:03:30:de:9c:32:d2:03:17:7f:98:2a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:47 2024 GMT
            Not After : Feb 24 08:53:47 2025 GMT
        Subject: CN=8F6FBD5AF5B67F469BFA24D824F3CB43D870FACD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:e0:d0:54:99:d8:e9:20:5c:cc:3b:7d:f5:63:
                    3a:1b:ac:2a:cd:6e:e6:fc:17:f6:7b:cb:81:26:2f:
                    f9:2f:3c:55:87:a3:0a:85:87:41:59:08:c5:e0:70:
                    7b:c4:9a:29:e1:2a:7f:5d:05:9c:10:ad:86:d1:62:
                    86:98:8a:63:a8:ee:6f:b9:7a:ad:d7:14:01:8b:d8:
                    df:b4:22:d9:26:2a:67:79:77:2e:eb:e1:69:2a:77:
                    4c:a5:dc:19:2a:de:fb:69:c9:bd:31:45:7c:61:b6:
                    d9:c4:30:56:08:20:5a:10:9a:d9:a6:51:25:b0:07:
                    a2:bb:30:6b:ad:1a:0c:83:3d:13:d4:30:92:af:ba:
                    c3:28:8d:10:a5:07:d6:f9:a5:72:b3:f8:2d:ce:6c:
                    21:76:4f:25:32:40:f9:20:aa:9f:cd:f4:f4:f7:8e:
                    41:0f:13:bf:22:d5:f7:2c:5c:5d:a7:05:83:fb:c7:
                    7c:d9:73:4c:f7:8e:4a:0d:71:85:30:58:bf:97:52:
                    9e:2d:db:78:72:d9:ee:1d:28:c6:cc:96:93:39:7c:
                    84:da:a9:b6:e8:de:2e:a0:6f:19:69:69:77:09:9f:
                    9b:37:e9:da:f5:d5:8d:4f:69:4a:ea:59:8d:0b:9c:
                    8c:d4:f0:54:8e:2a:9e:b0:81:84:ee:38:63:c6:c6:
                    ad:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:6F:BD:5A:F5:B6:7F:46:9B:FA:24:D8:24:F3:CB:43:D8:70:FA:CD
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34352e39302e3232382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:98:c8:58:76:40:7c:62:ce:38:8d:30:cf:ef:58:54:9a:c4:
         1f:db:29:56:f3:85:0a:84:60:70:8c:f7:5b:bc:6b:95:a2:2b:
         66:90:d3:72:19:15:a0:df:e9:17:6e:75:a7:2a:b1:40:3f:71:
         fb:21:dd:cf:63:d7:22:81:11:0c:7c:e7:12:ba:ed:98:b6:f4:
         c6:31:df:7f:e6:ff:33:56:54:98:b1:e0:a6:33:08:85:b3:e3:
         b7:60:86:05:c0:cc:93:3c:ae:d8:90:c8:9d:60:cb:29:3f:34:
         eb:ed:af:2f:8a:16:7d:bc:eb:b0:2c:c3:c1:bd:4e:e4:c5:e4:
         99:05:3e:b2:40:ca:0e:44:03:a3:68:0c:5f:f1:35:0c:12:65:
         47:c3:79:72:1b:04:d7:d4:4a:e7:d7:c7:ff:1e:37:2e:b9:02:
         38:3f:c8:2e:af:a0:86:34:58:5e:25:80:ac:af:73:aa:be:73:
         7c:09:8b:5a:22:04:46:b4:fd:6c:07:a1:15:2f:23:07:cf:ba:
         79:8d:49:05:7f:58:ec:a2:91:08:a7:19:3e:bc:c3:d2:92:ae:
         fa:7d:b3:b6:f7:53:84:91:8e:ef:40:9e:74:81:1b:2a:18:fa:
         2c:0e:1e:5c:70:cf:9f:d0:51:59:c5:23:8e:30:77:45:f0:87:
         ac:2c:86:6f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMvHXa05beDoDMN6cMtIDF3+YKn4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDdaFw0yNTAyMjQwODUzNDdaMDMxMTAvBgNV
BAMTKDhGNkZCRDVBRjVCNjdGNDY5QkZBMjREODI0RjNDQjQzRDg3MEZBQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD74NBUmdjpIFzMO331YzobrCrN
bub8F/Z7y4EmL/kvPFWHowqFh0FZCMXgcHvEminhKn9dBZwQrYbRYoaYimOo7m+5
eq3XFAGL2N+0ItkmKmd5dy7r4Wkqd0yl3Bkq3vtpyb0xRXxhttnEMFYIIFoQmtmm
USWwB6K7MGutGgyDPRPUMJKvusMojRClB9b5pXKz+C3ObCF2TyUyQPkgqp/N9PT3
jkEPE78i1fcsXF2nBYP7x3zZc0z3jkoNcYUwWL+XUp4t23hy2e4dKMbMlpM5fITa
qbbo3i6gbxlpaXcJn5s36dr11Y1PaUrqWY0LnIzU8FSOKp6wgYTuOGPGxq0VAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUj2+9WvW2f0ab+iTYJPPLQ9hw+s0wHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzQzNTJlMzkzMDJlMzIzMjM4
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1a
5DANBgkqhkiG9w0BAQsFAAOCAQEAnpjIWHZAfGLOOI0wz+9YVJrEH9spVvOFCoRg
cIz3W7xrlaIrZpDTchkVoN/pF251pyqxQD9x+yHdz2PXIoERDHznErrtmLb0xjHf
f+b/M1ZUmLHgpjMIhbPjt2CGBcDMkzyu2JDInWDLKT806+2vL4oWfbzrsCzDwb1O
5MXkmQU+skDKDkQDo2gMX/E1DBJlR8N5chsE19RK59fH/x43LrkCOD/ILq+ghjRY
XiWArK9zqr5zfAmLWiIERrT9bAehFS8jB8+6eY1JBX9Y7KKRCKcZPrzD0pKu+n2z
tvdThJGO70CedIEbKhj6LA4eXHDPn9BRWcUjjjB3RfCHrCyGbw==
-----END CERTIFICATE-----