Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132302e302f32332d3332203d3e203531313637.roa
File:                     34352e39302e3132302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          1XyGF+mAP9ed0O+Ehw0jJIl269koddVOrO5fR3goxi4=
Subject key identifier:   2E:3A:22:0E:87:AA:8F:01:67:A5:4F:56:F5:70:63:14:C8:FB:0E:2D
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       4E38EE172F7B6215E35024D1DEB7106A01146178
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 23 Apr 2025 13:46:09 +0000
ROA not before:           Wed 23 Apr 2025 13:41:09 +0000
ROA not after:            Wed 22 Apr 2026 13:46:09 +0000
asID:                     51167
IP address blocks:        45.90.120.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 15:35:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:38:ee:17:2f:7b:62:15:e3:50:24:d1:de:b7:10:6a:01:14:61:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr 23 13:41:09 2025 GMT
            Not After : Apr 22 13:46:09 2026 GMT
        Subject: CN=2E3A220E87AA8F0167A54F56F5706314C8FB0E2D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:31:b5:43:dc:31:80:83:0a:18:c9:e5:cf:df:
                    16:d2:55:f1:d8:de:d4:0d:71:aa:8c:2e:e1:df:69:
                    5a:c7:3e:ff:4c:73:eb:4f:8c:0d:c5:9e:86:38:a1:
                    f5:33:67:43:92:2c:e6:44:97:7f:be:82:34:e7:1e:
                    8f:1b:44:ea:6b:02:2a:b8:c6:fe:ec:f7:ad:2e:55:
                    5f:44:c8:00:ab:c9:5a:6b:3f:d0:36:75:b7:8c:95:
                    95:70:f3:4e:a8:e1:4b:48:3a:7f:fb:04:60:b8:91:
                    18:dd:ff:30:3f:31:ea:87:4c:94:b7:86:5a:9a:b2:
                    6d:a0:bb:d3:3b:68:10:c7:44:24:fa:c6:66:ab:d0:
                    e5:ec:0f:85:ed:4b:b7:23:9b:63:75:f2:74:b2:d2:
                    f7:4f:b0:f4:29:7f:80:86:bb:dd:c0:ff:c3:cc:2f:
                    f0:de:87:5e:ed:7f:95:41:40:bf:28:60:e4:e7:58:
                    be:d6:6f:ca:c0:55:d2:a3:77:d2:13:57:8e:6a:c8:
                    21:fb:27:a1:9a:b3:02:07:f1:f1:dd:14:67:78:d7:
                    6c:de:ff:78:46:02:b1:62:c9:17:a7:a8:99:9f:54:
                    2b:21:e6:83:0f:f0:8f:b7:8b:ee:26:2e:fd:ce:bd:
                    1e:4b:df:06:dd:76:ba:bb:5b:de:54:b7:34:61:af:
                    42:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3A:22:0E:87:AA:8F:01:67:A5:4F:56:F5:70:63:14:C8:FB:0E:2D
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:3c:f8:c9:7f:f9:48:d6:e3:05:7c:c0:a6:3c:19:62:71:e9:
         87:08:6a:49:e4:bf:22:4c:f9:30:27:47:53:77:07:c7:c6:0f:
         ac:42:7c:67:4e:65:9e:bd:cd:b5:7c:45:bf:4c:4a:b1:a1:45:
         49:c0:8c:2a:4a:81:d1:24:a0:52:ce:cb:ba:fd:95:57:af:7f:
         f2:3e:22:08:74:09:6b:ca:0a:37:bf:f0:5b:b3:79:f6:21:75:
         1a:07:2c:a1:81:2d:9a:33:dd:0d:e5:5e:4b:04:72:08:62:09:
         ef:53:43:40:97:a8:b5:cf:39:c5:d1:f4:bb:54:2b:59:12:b9:
         c0:61:43:0b:8a:c7:cc:53:2b:3a:80:09:59:93:1e:2b:a9:fd:
         9b:06:58:b1:1d:cd:dd:50:9e:a1:44:8e:89:94:fb:b4:ae:95:
         1d:32:62:ba:dc:bb:23:1f:b3:6e:d2:aa:c1:c1:1e:f6:09:02:
         93:3c:c9:c6:af:31:52:4a:40:82:79:47:ee:4f:ad:65:c0:35:
         cc:fd:4e:17:77:b6:01:36:fc:1f:54:1a:76:6e:0b:cf:ee:07:
         39:4d:bd:3f:83:ae:38:44:00:72:7e:52:35:c9:51:b9:6d:20:
         f9:23:e5:12:80:a9:72:c7:84:c5:af:4f:d0:fe:95:56:de:3f:
         3d:ad:d1:d2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTjjuFy97YhXjUCTR3rcQagEUYXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA0MjMxMzQxMDlaFw0yNjA0MjIxMzQ2MDlaMDMxMTAvBgNV
BAMTKDJFM0EyMjBFODdBQThGMDE2N0E1NEY1NkY1NzA2MzE0QzhGQjBFMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfMbVD3DGAgwoYyeXP3xbSVfHY
3tQNcaqMLuHfaVrHPv9Mc+tPjA3FnoY4ofUzZ0OSLOZEl3++gjTnHo8bROprAiq4
xv7s960uVV9EyACryVprP9A2dbeMlZVw806o4UtIOn/7BGC4kRjd/zA/MeqHTJS3
hlqasm2gu9M7aBDHRCT6xmar0OXsD4XtS7cjm2N18nSy0vdPsPQpf4CGu93A/8PM
L/Deh17tf5VBQL8oYOTnWL7Wb8rAVdKjd9ITV45qyCH7J6GaswIH8fHdFGd412ze
/3hGArFiyRenqJmfVCsh5oMP8I+3i+4mLv3OvR5L3wbddrq7W95UtzRhr0LJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULjoiDoeqjwFnpU9W9XBjFMj7Di0wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMDJlMzEzMjMw
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1a
eDANBgkqhkiG9w0BAQsFAAOCAQEAYjz4yX/5SNbjBXzApjwZYnHphwhqSeS/Ikz5
MCdHU3cHx8YPrEJ8Z05lnr3NtXxFv0xKsaFFScCMKkqB0SSgUs7Luv2VV69/8j4i
CHQJa8oKN7/wW7N59iF1GgcsoYEtmjPdDeVeSwRyCGIJ71NDQJeotc85xdH0u1Qr
WRK5wGFDC4rHzFMrOoAJWZMeK6n9mwZYsR3N3VCeoUSOiZT7tK6VHTJiuty7Ix+z
btKqwcEe9gkCkzzJxq8xUkpAgnlH7k+tZcA1zP1OF3e2ATb8H1Qadm4Lz+4HOU29
P4OuOEQAcn5SNclRuW0g+SPlEoCpcseExa9P0P6VVt4/Pa3R0g==
-----END CERTIFICATE-----