Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135302e302f32342d3234203d3e20383334.roa
File:                     34352e382e3135302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Bd4lgpzMi5/hBcVZtedtdNmSoEQBT5C1yuVkpfG6Ixs=
Subject key identifier:   8A:FD:28:1D:C7:29:63:FE:98:7A:11:B1:89:68:C1:88:13:08:37:16
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       581C1B523D8233E3721D4A499EC398C3563C4347
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 15 Mar 2024 09:08:48 +0000
ROA not before:           Fri 15 Mar 2024 09:03:48 +0000
ROA not after:            Fri 14 Mar 2025 09:08:48 +0000
asID:                     834
IP address blocks:        45.8.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:1c:1b:52:3d:82:33:e3:72:1d:4a:49:9e:c3:98:c3:56:3c:43:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Mar 15 09:03:48 2024 GMT
            Not After : Mar 14 09:08:48 2025 GMT
        Subject: CN=8AFD281DC72963FE987A11B18968C18813083716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:0f:f0:87:1d:9d:1a:61:0c:11:d0:2e:36:27:
                    2a:f1:32:e5:3e:b7:d6:31:e4:8d:64:9a:95:5b:b2:
                    ca:88:1a:ed:c3:fd:39:f1:d9:2c:e0:74:51:42:4b:
                    95:be:2a:35:0d:43:a6:a1:5e:56:7f:1c:aa:76:db:
                    56:62:29:af:66:01:46:1e:cd:7a:aa:91:ad:ad:b3:
                    b0:cf:c8:fb:97:a9:b0:75:21:64:b7:f5:e4:6b:f1:
                    ff:01:bc:68:d0:55:ce:6a:61:1c:b1:6f:91:c1:00:
                    af:8b:e8:85:95:e2:cd:46:d3:2b:75:b4:b2:18:0a:
                    b7:d4:f2:1c:ae:1c:db:3b:89:58:4d:a7:56:4d:6d:
                    8e:f1:2e:cc:7a:bf:d9:10:c8:59:a6:b0:69:4c:ab:
                    8b:da:ce:f5:0c:83:12:fa:9c:37:ea:0b:f8:8d:5c:
                    fd:90:80:37:88:8a:bb:ce:3c:16:e9:54:3f:03:9a:
                    30:aa:ec:04:23:69:aa:76:49:45:8e:6e:02:01:af:
                    dd:81:6f:e4:85:e4:39:91:b2:0f:68:18:d7:51:8c:
                    22:72:1f:95:2c:19:6e:cc:5c:e5:0e:a3:22:e9:eb:
                    15:84:e3:9e:67:d7:1f:55:81:a2:ea:84:4f:6b:f1:
                    f1:a0:25:55:78:6f:da:57:e0:63:df:23:32:c0:c8:
                    b0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:FD:28:1D:C7:29:63:FE:98:7A:11:B1:89:68:C1:88:13:08:37:16
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:45:92:43:0f:44:84:fb:30:ff:2e:bd:bd:4e:02:1a:96:fa:
         79:ad:24:b6:13:90:37:cd:97:de:77:d7:3c:55:7f:e6:dc:8b:
         bc:3a:f0:8f:1e:73:09:95:59:78:6b:1a:44:2a:a4:f1:03:7a:
         1b:31:45:b2:d6:1f:88:0c:76:f3:52:12:57:ef:73:69:36:f5:
         17:87:cf:54:3b:88:6d:65:17:fd:b5:94:47:15:ee:6a:ba:bc:
         36:37:5e:63:9e:91:8f:09:45:8a:cf:bd:f2:09:a7:fe:cf:39:
         79:cc:a3:d6:7a:5f:5d:5f:be:2f:84:58:c6:73:90:62:b2:74:
         6f:3a:73:e7:60:5e:1d:a6:d8:3a:4f:96:a7:fa:30:bd:98:8d:
         97:85:53:df:9e:13:f6:b2:d0:b3:8b:cf:64:0b:7f:d5:c3:d2:
         68:94:26:a3:e5:e7:37:e2:cf:83:27:23:5a:1d:98:80:a7:5b:
         92:a9:5e:56:48:e1:6a:48:c3:9a:94:6f:a0:8f:f6:ff:eb:bf:
         e3:cf:df:5e:70:39:68:bb:91:da:e5:a2:65:da:e0:22:bd:c2:
         93:a1:10:96:c5:e6:b7:dc:3a:f3:be:a1:be:f0:43:34:e8:1f:
         68:72:01:fa:b1:e8:32:24:54:91:04:e8:cc:57:da:15:ad:b1:
         23:45:2a:10
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUWBwbUj2CM+NyHUpJnsOYw1Y8Q0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAzMTUwOTAzNDhaFw0yNTAzMTQwOTA4NDhaMDMxMTAvBgNV
BAMTKDhBRkQyODFEQzcyOTYzRkU5ODdBMTFCMTg5NjhDMTg4MTMwODM3MTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxD/CHHZ0aYQwR0C42JyrxMuU+
t9Yx5I1kmpVbssqIGu3D/Tnx2SzgdFFCS5W+KjUNQ6ahXlZ/HKp221ZiKa9mAUYe
zXqqka2ts7DPyPuXqbB1IWS39eRr8f8BvGjQVc5qYRyxb5HBAK+L6IWV4s1G0yt1
tLIYCrfU8hyuHNs7iVhNp1ZNbY7xLsx6v9kQyFmmsGlMq4vazvUMgxL6nDfqC/iN
XP2QgDeIirvOPBbpVD8DmjCq7AQjaap2SUWObgIBr92Bb+SF5DmRsg9oGNdRjCJy
H5UsGW7MXOUOoyLp6xWE455n1x9VgaLqhE9r8fGgJVV4b9pX4GPfIzLAyLAjAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUiv0oHccpY/6YehGxiWjBiBMINxYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IljANBgkq
hkiG9w0BAQsFAAOCAQEAeUWSQw9EhPsw/y69vU4CGpb6ea0kthOQN82X3nfXPFV/
5tyLvDrwjx5zCZVZeGsaRCqk8QN6GzFFstYfiAx281ISV+9zaTb1F4fPVDuIbWUX
/bWURxXuarq8NjdeY56RjwlFis+98gmn/s85ecyj1npfXV++L4RYxnOQYrJ0bzpz
52BeHabYOk+Wp/owvZiNl4VT354T9rLQs4vPZAt/1cPSaJQmo+XnN+LPgycjWh2Y
gKdbkqleVkjhakjDmpRvoI/2/+u/48/fXnA5aLuR2uWiZdrgIr3Ck6EQlsXmt9w6
876hvvBDNOgfaHIB+rHoMiRUkQTozFfaFa2xI0UqEA==
-----END CERTIFICATE-----