Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e20333935373837.roa
File:                     34352e382e3135312e302f32342d3234203d3e20333935373837.roa (raw, json)
Hash identifier:          95wmnxC8rzp2TvJhg5YJCGhAwsYlLd+SULUtMUx39tE=
Subject key identifier:   24:5F:25:E6:FF:23:82:A7:08:00:BD:77:05:F4:72:25:DB:D2:67:F0
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       54284E9F36493EDAAD559E99585FDE957860D120
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e20333935373837.roa
Signing time:             Mon 26 Feb 2024 08:52:56 +0000
ROA not before:           Mon 26 Feb 2024 08:47:56 +0000
ROA not after:            Mon 24 Feb 2025 08:52:56 +0000
asID:                     395787
IP address blocks:        45.8.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 16:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:28:4e:9f:36:49:3e:da:ad:55:9e:99:58:5f:de:95:78:60:d1:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:56 2024 GMT
            Not After : Feb 24 08:52:56 2025 GMT
        Subject: CN=245F25E6FF2382A70800BD7705F47225DBD267F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6c:38:6d:9e:c3:58:a7:42:81:61:44:dd:f7:
                    7e:51:e3:3e:8c:cb:a6:a3:f2:a4:06:a1:06:39:91:
                    13:e5:56:9b:a2:7b:17:5c:24:ba:1e:e9:d0:e6:ce:
                    98:3d:79:d0:25:43:d6:09:c8:1b:1c:3b:27:c8:8a:
                    7e:76:61:3f:b9:43:6a:01:b9:8e:3c:76:56:ed:e3:
                    ad:38:03:47:32:5a:f3:95:32:91:18:d9:28:e4:1d:
                    d4:04:09:90:ea:8b:ad:f5:2f:0d:ed:86:ca:dc:c5:
                    62:63:fb:db:35:c7:d2:af:d2:c9:ce:72:0a:dc:72:
                    74:45:e3:06:16:6f:a1:43:fb:fc:68:47:42:59:5f:
                    6a:35:ea:d7:d9:c7:72:c5:9a:ca:b1:2b:fe:2b:dd:
                    ae:53:ac:3c:85:b9:f5:46:98:f3:dc:68:2a:9d:40:
                    93:eb:cf:72:f6:ac:3b:42:4f:f7:6c:9d:d1:3b:d3:
                    76:b7:6a:6d:ff:03:ea:a8:a3:2f:e8:ed:73:3d:07:
                    6d:5b:7b:4f:c4:0c:06:7b:1d:3d:9e:bf:5d:f0:bd:
                    5b:a2:e7:4c:56:43:d1:cd:9b:51:19:15:1c:38:77:
                    7a:00:05:8a:df:98:99:79:5a:bc:11:ce:1a:51:07:
                    fd:ca:8a:3d:6b:f0:ac:0b:e8:95:05:96:b4:dc:d2:
                    7e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:5F:25:E6:FF:23:82:A7:08:00:BD:77:05:F4:72:25:DB:D2:67:F0
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e20333935373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:14:46:9d:fa:bc:c0:08:f0:8c:3c:a2:b3:14:32:c8:4e:9e:
         4a:e4:43:f2:d7:15:4d:04:ae:01:59:15:3f:5b:b1:0b:b9:ec:
         cc:1c:99:26:34:59:03:e1:6b:43:c3:00:e4:5b:38:15:23:a4:
         19:61:66:cc:de:72:36:f8:0a:0a:5c:a1:1e:d4:f6:0b:32:21:
         2d:81:c0:f4:8f:a0:26:03:12:28:27:a2:10:2f:d4:0e:a3:7f:
         8e:26:b7:53:2d:ef:71:2c:3d:16:61:ec:f4:e0:ca:fd:1a:4d:
         6d:de:2e:1b:fc:d5:16:4e:6d:6e:c1:66:e1:3a:eb:ef:7d:84:
         de:8b:78:38:bf:38:ef:90:7b:2d:89:51:c1:1e:bc:31:2a:1c:
         c9:92:6a:20:dd:cc:05:0a:b3:3e:45:d3:b5:05:3e:63:14:ae:
         8a:31:cd:30:e8:f2:d0:fa:0b:7a:74:41:5f:1b:45:48:f9:46:
         72:72:c7:ef:ef:b5:f1:93:cf:c6:71:03:70:07:24:42:0c:f0:
         14:66:d8:2c:3a:0a:50:40:54:58:31:c5:ba:44:6c:87:8d:97:
         66:f4:66:2c:e0:55:9e:9d:3d:f8:43:fe:56:86:bb:e0:e4:c7:
         63:dd:96:75:cf:cc:11:fa:99:48:ce:de:24:58:8c:80:b3:d4:
         fd:c4:e6:03
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVChOnzZJPtqtVZ6ZWF/elXhg0SAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTZaFw0yNTAyMjQwODUyNTZaMDMxMTAvBgNV
BAMTKDI0NUYyNUU2RkYyMzgyQTcwODAwQkQ3NzA1RjQ3MjI1REJEMjY3RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNbDhtnsNYp0KBYUTd935R4z6M
y6aj8qQGoQY5kRPlVpuiexdcJLoe6dDmzpg9edAlQ9YJyBscOyfIin52YT+5Q2oB
uY48dlbt4604A0cyWvOVMpEY2SjkHdQECZDqi631Lw3thsrcxWJj+9s1x9Kv0snO
cgrccnRF4wYWb6FD+/xoR0JZX2o16tfZx3LFmsqxK/4r3a5TrDyFufVGmPPcaCqd
QJPrz3L2rDtCT/dsndE703a3am3/A+qooy/o7XM9B21be0/EDAZ7HT2ev13wvVui
50xWQ9HNm1EZFRw4d3oABYrfmJl5WrwRzhpRB/3Kij1r8KwL6JUFlrTc0n5DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJF8l5v8jgqcIAL13BfRyJdvSZ/AwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNTM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
lzANBgkqhkiG9w0BAQsFAAOCAQEAARRGnfq8wAjwjDyisxQyyE6eSuRD8tcVTQSu
AVkVP1uxC7nszByZJjRZA+FrQ8MA5Fs4FSOkGWFmzN5yNvgKClyhHtT2CzIhLYHA
9I+gJgMSKCeiEC/UDqN/jia3Uy3vcSw9FmHs9ODK/RpNbd4uG/zVFk5tbsFm4Trr
732E3ot4OL8475B7LYlRwR68MSocyZJqIN3MBQqzPkXTtQU+YxSuijHNMOjy0PoL
enRBXxtFSPlGcnLH7++18ZPPxnEDcAckQgzwFGbYLDoKUEBUWDHFukRsh42XZvRm
LOBVnp09+EP+Voa74OTHY92Wdc/MEfqZSM7eJFiMgLPU/cTmAw==
-----END CERTIFICATE-----