Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135362e302f32342d3234203d3e203631333137.roa
File:                     34352e31302e3135362e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          RkDECN6mN/2A2O/17u+FQCdKPZq3F+g/19Yyk1QUL9c=
Subject key identifier:   7F:C1:E9:6E:29:0C:67:CF:35:B4:2E:EB:F2:90:56:9C:E9:AF:E4:06
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       798CA37DC9842480991C48278C73F8A3A9D5048D
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135362e302f32342d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:49 +0000
ROA not before:           Mon 26 Feb 2024 08:47:49 +0000
ROA not after:            Mon 24 Feb 2025 08:52:49 +0000
asID:                     61317
IP address blocks:        45.10.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:8c:a3:7d:c9:84:24:80:99:1c:48:27:8c:73:f8:a3:a9:d5:04:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:49 2024 GMT
            Not After : Feb 24 08:52:49 2025 GMT
        Subject: CN=7FC1E96E290C67CF35B42EEBF290569CE9AFE406
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d5:fa:7c:77:4d:5c:57:31:f2:c6:e6:b3:1f:
                    30:f1:4d:94:15:08:68:d2:67:31:d9:e0:33:75:3a:
                    48:b0:7e:b0:f6:77:94:e5:8b:34:49:87:76:0a:8d:
                    6a:f8:45:c0:ae:4a:ba:a2:ab:3d:fd:6d:51:27:4e:
                    4c:5b:04:3e:6e:be:84:f8:bb:8f:29:5c:ed:98:1b:
                    fa:aa:f0:f7:91:d8:6b:df:fd:37:6f:8c:b1:4b:fc:
                    c6:0a:9e:c4:ff:ba:74:08:20:f1:cd:85:a3:49:b4:
                    8f:6f:f9:9a:74:7e:7e:7b:93:55:d0:5e:79:7b:cc:
                    50:53:55:47:75:0d:99:f3:07:4b:f5:17:fa:b0:91:
                    8e:a7:84:19:f8:6b:e7:00:df:f7:04:4c:17:8a:13:
                    a5:96:13:ec:30:4e:e7:cd:d0:bd:b9:8d:7c:ec:1a:
                    24:19:38:76:df:b6:28:7f:e0:2b:8f:40:72:79:fb:
                    3e:83:cd:4e:db:b5:27:00:15:af:ee:2d:58:ee:9f:
                    c8:4e:d9:b4:0f:0d:10:76:af:7c:47:e6:fe:77:e3:
                    a8:ab:23:a0:77:9b:99:71:04:68:54:8c:23:95:1d:
                    0d:fb:43:31:2d:1f:46:66:ce:93:37:3f:ac:8d:b3:
                    c1:2d:31:87:c7:a0:86:0c:eb:0d:9b:ae:d6:3a:ba:
                    ee:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C1:E9:6E:29:0C:67:CF:35:B4:2E:EB:F2:90:56:9C:E9:AF:E4:06
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135362e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c6:34:4f:4f:b6:a5:8c:d2:c9:89:85:4f:6c:f6:44:f6:7a:
         24:bc:cd:87:c1:46:3b:f0:09:4a:fb:36:46:85:51:7e:49:81:
         de:5d:04:45:1e:cb:c7:40:c0:2d:a0:c5:11:fc:85:0f:65:33:
         6c:f1:1a:b0:71:05:47:4b:f9:2e:0e:a2:e2:71:9a:a3:f7:2e:
         05:87:6d:d7:da:a9:28:f1:34:17:f6:db:f1:9f:98:2a:cd:8c:
         2c:ac:36:7e:5f:3c:23:6e:92:48:ce:8c:ba:89:da:54:8a:c6:
         6e:73:66:c9:b2:30:55:1c:d5:21:9f:25:eb:c5:6c:86:95:40:
         66:24:80:89:70:81:24:14:c3:10:fd:60:62:c2:f1:c8:80:7c:
         47:13:4c:b6:f6:8e:03:f2:06:d3:d6:1b:49:08:07:43:50:48:
         9f:ff:c1:f1:a6:31:d8:47:ae:9a:0f:57:fb:5c:59:61:41:68:
         77:19:9d:3e:53:54:9b:32:a4:55:5c:9d:e4:72:2a:d9:7f:12:
         84:bc:ee:ad:96:f8:96:64:d7:80:62:c7:0e:86:9e:19:f8:3c:
         7c:c3:04:49:55:15:e1:a8:c5:be:5d:b7:c5:12:fb:fd:0b:bc:
         2d:d4:7d:85:1b:bd:9d:c6:cf:97:7a:44:af:5c:9b:1d:27:93:
         93:14:d5:b2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeYyjfcmEJICZHEgnjHP4o6nVBI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDlaFw0yNTAyMjQwODUyNDlaMDMxMTAvBgNV
BAMTKDdGQzFFOTZFMjkwQzY3Q0YzNUI0MkVFQkYyOTA1NjlDRTlBRkU0MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl1fp8d01cVzHyxuazHzDxTZQV
CGjSZzHZ4DN1OkiwfrD2d5TlizRJh3YKjWr4RcCuSrqiqz39bVEnTkxbBD5uvoT4
u48pXO2YG/qq8PeR2Gvf/TdvjLFL/MYKnsT/unQIIPHNhaNJtI9v+Zp0fn57k1XQ
Xnl7zFBTVUd1DZnzB0v1F/qwkY6nhBn4a+cA3/cETBeKE6WWE+wwTufN0L25jXzs
GiQZOHbftih/4CuPQHJ5+z6DzU7btScAFa/uLVjun8hO2bQPDRB2r3xH5v5346ir
I6B3m5lxBGhUjCOVHQ37QzEtH0ZmzpM3P6yNs8EtMYfHoIYM6w2brtY6uu4nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf8HpbikMZ881tC7r8pBWnOmv5AYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMDJlMzEzNTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0K
nDANBgkqhkiG9w0BAQsFAAOCAQEAcsY0T0+2pYzSyYmFT2z2RPZ6JLzNh8FGO/AJ
Svs2RoVRfkmB3l0ERR7Lx0DALaDFEfyFD2UzbPEasHEFR0v5Lg6i4nGao/cuBYdt
19qpKPE0F/bb8Z+YKs2MLKw2fl88I26SSM6MuonaVIrGbnNmybIwVRzVIZ8l68Vs
hpVAZiSAiXCBJBTDEP1gYsLxyIB8RxNMtvaOA/IG09YbSQgHQ1BIn//B8aYx2Eeu
mg9X+1xZYUFodxmdPlNUmzKkVVyd5HIq2X8ShLzurZb4lmTXgGLHDoaeGfg8fMME
SVUV4ajFvl23xRL7/Qu8LdR9hRu9ncbPl3pEr1ybHSeTkxTVsg==
-----END CERTIFICATE-----