Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa
File:                     34352e39302e3132322e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          LNN/ED++q1k/AXy78RcIPXG5Wcso1UQQyFfJd4pA2B4=
Subject key identifier:   E5:35:31:CA:3A:7F:E8:3D:90:17:48:94:36:5C:9F:79:3A:F8:61:AD
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       020AF477FB57769A29BE82C01B59E2D2D47CA43C
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 23 Apr 2025 13:46:08 +0000
ROA not before:           Wed 23 Apr 2025 13:41:08 +0000
ROA not after:            Wed 22 Apr 2026 13:46:08 +0000
asID:                     51167
IP address blocks:        45.90.122.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:0a:f4:77:fb:57:76:9a:29:be:82:c0:1b:59:e2:d2:d4:7c:a4:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr 23 13:41:08 2025 GMT
            Not After : Apr 22 13:46:08 2026 GMT
        Subject: CN=E53531CA3A7FE83D90174894365C9F793AF861AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:82:cb:1e:e6:e0:03:94:da:4d:4b:51:d6:3d:
                    d1:92:94:c1:e2:04:8a:5a:bc:1d:9a:ce:29:93:58:
                    90:1b:67:4f:fa:bf:84:bf:36:30:26:91:24:73:d2:
                    7d:1c:5e:79:ba:b7:d9:6d:36:3d:0c:19:70:d9:2f:
                    42:ac:1d:ed:68:78:cd:4d:be:f3:ec:e8:d1:21:c4:
                    67:2d:80:40:04:66:00:28:36:cb:fd:bd:bd:41:60:
                    6c:92:cb:3e:07:71:1e:7e:3d:39:70:02:a9:c0:3d:
                    1a:0e:9d:98:34:9b:be:61:ef:9e:b4:01:68:ab:36:
                    3c:1b:04:2e:0f:25:62:23:94:c3:16:45:df:39:05:
                    d1:82:3e:bd:0e:2f:08:42:f5:f1:a5:bb:73:f6:dc:
                    c7:35:11:f8:e2:6e:24:0f:0a:d5:2e:0c:6a:63:e3:
                    7a:6a:d8:30:02:a9:60:a6:1c:2f:6a:46:8e:e4:f3:
                    a7:62:19:c3:fe:c6:72:47:0c:b9:c6:b3:a1:5f:54:
                    6b:67:6e:e6:81:24:6f:38:04:ec:92:c9:d4:e1:9c:
                    46:87:eb:5d:d0:a0:b9:82:4e:aa:82:82:ef:7d:a4:
                    86:6c:cf:d8:ca:4d:26:76:fc:01:b7:a3:f4:52:cc:
                    d8:e0:ae:46:17:ff:80:dd:86:34:0d:8c:b5:b7:a7:
                    c3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:35:31:CA:3A:7F:E8:3D:90:17:48:94:36:5C:9F:79:3A:F8:61:AD
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:d2:7e:9b:48:df:a8:b1:30:af:97:9c:0f:23:98:6d:63:26:
         f1:d7:36:15:06:4e:48:08:7e:45:ee:02:34:bd:4e:78:47:43:
         ca:c5:f6:3a:98:58:41:80:e7:25:c7:98:1c:98:9e:cd:1e:63:
         51:90:0f:20:19:59:6d:a8:d4:52:f1:b2:af:7f:2a:a5:28:21:
         74:c8:99:e2:07:14:91:c3:5e:8d:2a:79:3f:e8:43:e5:8d:d6:
         70:df:bc:90:00:37:6e:c1:29:e5:68:42:ab:ac:53:27:c4:e0:
         52:9a:e3:d6:32:e4:4c:dd:05:00:f6:93:25:0e:ea:18:54:21:
         e8:ae:63:55:63:f3:78:b0:6b:83:36:50:a2:15:a4:4f:4c:32:
         e5:b9:b5:29:92:30:2e:c4:ef:50:33:e8:9e:72:e1:fe:94:d7:
         93:36:2d:f0:e7:f4:c4:12:f3:06:39:37:d9:ce:65:ae:30:74:
         e3:1a:6b:87:09:30:09:79:04:aa:dd:4e:fe:00:a3:30:e7:c3:
         58:5e:32:9e:a8:d3:88:0b:1f:44:c0:a2:2f:1d:90:35:25:5e:
         8f:ed:d4:1a:0b:56:a3:2e:e9:1e:bb:a4:03:e4:a9:a2:89:cb:
         13:ef:9e:8c:7b:48:a2:1a:87:9c:e5:1d:3c:40:1d:50:70:c0:
         ee:03:16:6a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAgr0d/tXdpopvoLAG1ni0tR8pDwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA0MjMxMzQxMDhaFw0yNjA0MjIxMzQ2MDhaMDMxMTAvBgNV
BAMTKEU1MzUzMUNBM0E3RkU4M0Q5MDE3NDg5NDM2NUM5Rjc5M0FGODYxQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+gsse5uADlNpNS1HWPdGSlMHi
BIpavB2azimTWJAbZ0/6v4S/NjAmkSRz0n0cXnm6t9ltNj0MGXDZL0KsHe1oeM1N
vvPs6NEhxGctgEAEZgAoNsv9vb1BYGySyz4HcR5+PTlwAqnAPRoOnZg0m75h7560
AWirNjwbBC4PJWIjlMMWRd85BdGCPr0OLwhC9fGlu3P23Mc1EfjibiQPCtUuDGpj
43pq2DACqWCmHC9qRo7k86diGcP+xnJHDLnGs6FfVGtnbuaBJG84BOySydThnEaH
613QoLmCTqqCgu99pIZsz9jKTSZ2/AG3o/RSzNjgrkYX/4DdhjQNjLW3p8OtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5TUxyjp/6D2QF0iUNlyfeTr4Ya0wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMDJlMzEzMjMy
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1a
ejANBgkqhkiG9w0BAQsFAAOCAQEAKtJ+m0jfqLEwr5ecDyOYbWMm8dc2FQZOSAh+
Re4CNL1OeEdDysX2OphYQYDnJceYHJiezR5jUZAPIBlZbajUUvGyr38qpSghdMiZ
4gcUkcNejSp5P+hD5Y3WcN+8kAA3bsEp5WhCq6xTJ8TgUprj1jLkTN0FAPaTJQ7q
GFQh6K5jVWPzeLBrgzZQohWkT0wy5bm1KZIwLsTvUDPonnLh/pTXkzYt8Of0xBLz
Bjk32c5lrjB04xprhwkwCXkEqt1O/gCjMOfDWF4ynqjTiAsfRMCiLx2QNSVej+3U
GgtWoy7pHrukA+SpoonLE++ejHtIohqHnOUdPEAdUHDA7gMWag==
-----END CERTIFICATE-----