Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3134382e302f32332d3332203d3e203531313637.roa
File:                     34352e382e3134382e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          G3Al9Q2FOs1NJjJHwdT87MpmQjBF415Vz22A595F34E=
Subject key identifier:   27:0F:E9:2A:B2:63:50:A4:49:9A:08:12:94:DA:77:D8:E8:33:45:76
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       3BB9B3D3B0C3B5A2836A364178B27A8F3FB467A1
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3134382e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 22 May 2024 12:51:40 +0000
ROA not before:           Wed 22 May 2024 12:46:40 +0000
ROA not after:            Wed 21 May 2025 12:51:40 +0000
asID:                     51167
IP address blocks:        45.8.148.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b9:b3:d3:b0:c3:b5:a2:83:6a:36:41:78:b2:7a:8f:3f:b4:67:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: May 22 12:46:40 2024 GMT
            Not After : May 21 12:51:40 2025 GMT
        Subject: CN=270FE92AB26350A4499A081294DA77D8E8334576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c5:0b:3b:4a:eb:52:c6:1a:1c:0b:4d:2c:fb:
                    ac:6b:f0:ad:e2:da:08:08:a2:9b:d3:e7:70:28:c5:
                    81:91:fa:f0:95:8d:89:af:7f:6a:d9:91:72:72:43:
                    eb:c1:cb:5c:e1:dc:08:97:82:a3:83:de:e4:02:d2:
                    7b:93:08:f4:95:03:04:f1:91:27:8e:1f:04:e0:79:
                    5d:7c:1e:6d:25:46:99:ee:2e:cc:22:f4:7f:85:3d:
                    d7:e0:9a:61:be:21:97:fa:7d:37:27:c7:4b:ec:37:
                    00:8b:84:6b:1c:58:67:2e:2f:1b:20:94:22:91:8f:
                    45:2f:bc:ea:b6:10:10:1b:02:fc:fd:57:21:6e:50:
                    a3:e3:f9:7f:9c:1d:d1:b1:55:89:66:42:f0:c3:ad:
                    db:f5:e3:30:53:de:81:fe:7c:4c:a8:63:23:71:2e:
                    07:2f:95:6e:d5:89:7e:90:f7:fb:9c:b1:09:5e:ba:
                    b3:17:2d:aa:b6:40:27:9d:fa:b3:a5:ae:e6:e8:4a:
                    30:2d:00:97:61:14:a6:d4:47:b6:6b:5e:da:e2:48:
                    c2:87:1a:32:ea:ac:55:76:f9:35:e1:4d:27:23:fb:
                    e2:2d:91:43:de:89:fd:b6:9b:8b:9a:c4:3e:7d:9c:
                    e3:f8:27:d4:67:51:bb:a4:7d:c8:42:33:37:c1:49:
                    d5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:0F:E9:2A:B2:63:50:A4:49:9A:08:12:94:DA:77:D8:E8:33:45:76
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3134382e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:b1:b0:b4:e4:a8:1b:2b:e7:f3:ac:72:44:3c:bd:81:80:c0:
         98:b5:51:03:cf:03:6a:5a:65:e5:1f:4c:80:7c:43:4b:78:54:
         9e:28:b4:ad:e2:b5:8d:d7:f4:da:5e:85:6e:18:ac:91:6f:a1:
         cc:24:97:90:f1:ae:1d:fb:20:21:9d:61:53:8a:c3:f5:a6:03:
         a4:e1:7c:6c:eb:f7:05:e8:25:d6:88:af:63:3d:53:58:1f:a9:
         68:b8:26:25:67:fe:16:89:a4:da:28:8a:a1:c7:a7:36:6f:7d:
         9e:90:66:78:9f:d2:82:b4:77:8b:12:9c:02:17:fd:af:04:e0:
         f2:6e:67:7d:ed:ff:f7:ef:c2:af:1c:ad:63:cb:d6:98:6d:cf:
         8b:f3:4b:d3:35:1f:4a:b7:74:10:b5:6f:46:fa:39:f1:f5:83:
         ef:f8:72:c9:58:18:6b:16:5e:ac:86:33:b0:b6:cc:8c:a3:b5:
         0b:82:14:78:35:04:61:91:0d:de:45:e3:0c:1b:d2:ee:84:ca:
         c8:fa:83:8f:c0:dc:1c:d7:1c:b7:d2:40:e1:ed:3e:e8:ce:dd:
         09:60:e8:0d:31:9d:41:ab:74:af:de:ed:e5:82:7b:28:a0:ef:
         fc:ca:88:ae:e2:f7:54:32:f7:0f:c4:61:e3:cf:fe:b6:8e:e6:
         58:32:bf:69
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUO7mz07DDtaKDajZBeLJ6jz+0Z6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDA1MjIxMjQ2NDBaFw0yNTA1MjExMjUxNDBaMDMxMTAvBgNV
BAMTKDI3MEZFOTJBQjI2MzUwQTQ0OTlBMDgxMjk0REE3N0Q4RTgzMzQ1NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwxQs7SutSxhocC00s+6xr8K3i
2ggIopvT53AoxYGR+vCVjYmvf2rZkXJyQ+vBy1zh3AiXgqOD3uQC0nuTCPSVAwTx
kSeOHwTgeV18Hm0lRpnuLswi9H+FPdfgmmG+IZf6fTcnx0vsNwCLhGscWGcuLxsg
lCKRj0UvvOq2EBAbAvz9VyFuUKPj+X+cHdGxVYlmQvDDrdv14zBT3oH+fEyoYyNx
LgcvlW7ViX6Q9/ucsQleurMXLaq2QCed+rOlruboSjAtAJdhFKbUR7ZrXtriSMKH
GjLqrFV2+TXhTScj++ItkUPeif22m4uaxD59nOP4J9RnUbukfchCMzfBSdUbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJw/pKrJjUKRJmggSlNp32OgzRXYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzQzODJl
MzAyZjMyMzMyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtCJQw
DQYJKoZIhvcNAQELBQADggEBABuxsLTkqBsr5/OsckQ8vYGAwJi1UQPPA2paZeUf
TIB8Q0t4VJ4otK3itY3X9NpehW4YrJFvocwkl5Dxrh37ICGdYVOKw/WmA6ThfGzr
9wXoJdaIr2M9U1gfqWi4JiVn/haJpNooiqHHpzZvfZ6QZnif0oK0d4sSnAIX/a8E
4PJuZ33t//fvwq8crWPL1phtz4vzS9M1H0q3dBC1b0b6OfH1g+/4cslYGGsWXqyG
M7C2zIyjtQuCFHg1BGGRDd5F4wwb0u6Eysj6g4/A3BzXHLfSQOHtPujO3Qlg6A0x
nUGrdK/e7eWCeyig7/zKiK7i91Qy9w/EYePP/raO5lgyv2k=
-----END CERTIFICATE-----