Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34362e31372e3137342e302f32332d3234203d3e203437353833.roa
File:                     34362e31372e3137342e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          jrb4DqM88x+edP4reUzMEVhmiLq6/UZ/rOtjhi0itP8=
Subject key identifier:   90:66:DF:D2:F2:E7:12:7D:DC:B1:FC:91:67:B6:6B:13:92:DF:1A:41
Certificate issuer:       /CN=5d70845822a61408ec2a5fd580c132da777f09d1
Certificate serial:       13DF3912AB8D3CF948D8690C321AA5EB7718B7EC
Authority key identifier: 5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34362e31372e3137342e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:47 +0000
ROA not before:           Mon 26 Feb 2024 08:48:47 +0000
ROA not after:            Mon 24 Feb 2025 08:53:47 +0000
asID:                     47583
IP address blocks:        46.17.174.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:df:39:12:ab:8d:3c:f9:48:d8:69:0c:32:1a:a5:eb:77:18:b7:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d70845822a61408ec2a5fd580c132da777f09d1
        Validity
            Not Before: Feb 26 08:48:47 2024 GMT
            Not After : Feb 24 08:53:47 2025 GMT
        Subject: CN=9066DFD2F2E7127DDCB1FC9167B66B1392DF1A41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:17:89:40:d3:59:83:27:88:4f:d1:60:5c:c3:
                    04:9d:9e:41:96:8e:62:a3:c5:bb:79:22:63:fc:d3:
                    e1:ce:95:c3:c0:b3:e5:4c:40:34:f6:af:5a:dd:c3:
                    70:12:17:a4:c3:f6:1d:42:25:49:4a:18:29:ea:01:
                    61:8e:dc:68:13:f8:62:6e:dc:d1:f0:7d:f9:83:c6:
                    ef:8c:f8:50:a4:65:d2:84:f9:20:2f:cf:de:30:d9:
                    68:bd:55:97:70:2d:05:bf:8c:65:b9:72:f4:3a:ab:
                    bd:76:f6:17:eb:18:d5:39:e0:65:fb:03:f6:55:0d:
                    06:6a:d1:7b:15:92:0f:e2:5c:51:d7:c6:0d:33:9e:
                    0d:e6:57:45:58:3d:14:53:4e:f5:7f:b6:db:83:67:
                    a9:dc:e1:56:bd:c7:96:09:a8:27:61:2a:31:31:75:
                    22:14:ed:8b:a9:52:40:35:74:35:17:49:68:9c:42:
                    21:14:b5:56:bd:5d:95:c5:c0:32:98:9d:c8:21:0c:
                    94:75:f7:18:03:c1:fe:f1:99:09:db:26:69:87:8d:
                    72:da:23:ea:17:db:06:e6:37:a4:79:f3:ac:24:0d:
                    f4:8a:f1:22:42:e4:28:00:7c:18:af:94:37:8f:da:
                    03:71:a9:9d:c2:4e:77:b7:77:9b:96:82:b4:2f:99:
                    53:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:66:DF:D2:F2:E7:12:7D:DC:B1:FC:91:67:B6:6B:13:92:DF:1A:41
            X509v3 Authority Key Identifier:
                keyid:5D:70:84:58:22:A6:14:08:EC:2A:5F:D5:80:C1:32:DA:77:7F:09:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/5D70845822A61408EC2A5FD580C132DA777F09D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XXCEWCKmFAjsKl_VgMEy2nd_CdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/8/34362e31372e3137342e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:62:90:57:2a:22:2a:92:ec:48:c0:06:61:4f:b4:94:44:c7:
         f6:51:09:58:0a:42:58:22:9f:50:1e:d1:8c:b9:f4:98:48:92:
         ff:f3:eb:22:83:39:20:a4:38:d9:4d:54:16:91:04:fb:40:82:
         4f:ff:bb:c4:87:54:b6:59:60:d6:ec:88:02:e3:60:4f:25:98:
         ce:fb:cb:31:6a:3b:23:5d:40:d4:b5:0f:0b:c0:52:32:64:57:
         b9:b8:32:32:58:34:81:a8:78:e4:0b:c4:63:55:f2:fa:92:da:
         5c:22:ef:7b:9b:5e:f9:a4:1e:15:b8:64:50:c9:e5:bd:fa:3f:
         4a:a2:64:e7:0f:71:4f:91:88:5c:bf:86:8f:dd:d4:21:34:b4:
         ad:8a:de:6b:ac:8a:26:81:af:02:c7:b0:41:6a:73:4a:f9:f0:
         ea:9c:e8:33:cb:1e:1a:6e:38:93:16:53:ad:53:47:c3:79:0e:
         bf:92:89:f1:d6:9d:8d:6a:89:57:e3:0c:e8:2c:55:b4:72:47:
         68:72:7a:c8:f0:1c:dc:5b:7b:d4:fe:86:97:b4:66:75:c2:da:
         b1:97:fb:e9:2c:aa:5a:c3:1d:c3:21:63:8f:17:d8:1d:23:30:
         4f:b2:6a:be:e9:c0:20:50:04:11:5a:cd:4f:c1:ed:1a:cd:a8:
         51:0d:20:a9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUE985EquNPPlI2GkMMhql63cYt+wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWQ3MDg0NTgyMmE2MTQwOGVjMmE1ZmQ1ODBjMTMyZGE3
NzdmMDlkMTAeFw0yNDAyMjYwODQ4NDdaFw0yNTAyMjQwODUzNDdaMDMxMTAvBgNV
BAMTKDkwNjZERkQyRjJFNzEyN0REQ0IxRkM5MTY3QjY2QjEzOTJERjFBNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdF4lA01mDJ4hP0WBcwwSdnkGW
jmKjxbt5ImP80+HOlcPAs+VMQDT2r1rdw3ASF6TD9h1CJUlKGCnqAWGO3GgT+GJu
3NHwffmDxu+M+FCkZdKE+SAvz94w2Wi9VZdwLQW/jGW5cvQ6q7129hfrGNU54GX7
A/ZVDQZq0XsVkg/iXFHXxg0zng3mV0VYPRRTTvV/ttuDZ6nc4Va9x5YJqCdhKjEx
dSIU7YupUkA1dDUXSWicQiEUtVa9XZXFwDKYncghDJR19xgDwf7xmQnbJmmHjXLa
I+oX2wbmN6R586wkDfSK8SJC5CgAfBivlDeP2gNxqZ3CTne3d5uWgrQvmVM9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkGbf0vLnEn3csfyRZ7ZrE5LfGkEwHwYDVR0j
BBgwFoAUXXCEWCKmFAjsKl/VgMEy2nd/CdEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzgvNUQ3MDg0NTgyMkE2MTQwOEVDMkE1RkQ1ODBDMTMyREE3NzdGMDlEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hYQ0VXQ0ttRkFqc0tsX1ZnTUV5Mm5k
X0NkRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzgvMzQzNjJlMzEzNzJlMzEzNzM0
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS4R
rjANBgkqhkiG9w0BAQsFAAOCAQEAbmKQVyoiKpLsSMAGYU+0lETH9lEJWApCWCKf
UB7RjLn0mEiS//PrIoM5IKQ42U1UFpEE+0CCT/+7xIdUtllg1uyIAuNgTyWYzvvL
MWo7I11A1LUPC8BSMmRXubgyMlg0gah45AvEY1Xy+pLaXCLve5te+aQeFbhkUMnl
vfo/SqJk5w9xT5GIXL+Gj93UITS0rYrea6yKJoGvAsewQWpzSvnw6pzoM8seGm44
kxZTrVNHw3kOv5KJ8dadjWqJV+MM6CxVtHJHaHJ6yPAc3Ft71P6Gl7RmdcLasZf7
6SyqWsMdwyFjjxfYHSMwT7JqvunAIFAEEVrNT8HtGs2oUQ0gqQ==
-----END CERTIFICATE-----