Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3135312e302f32342d3234203d3e203134343435.roa
File:                     34352e36362e3135312e302f32342d3234203d3e203134343435.roa (raw, json)
Hash identifier:          sbQZAarDOPBDEu2y/4s1HWuu0GLNFowkYXPZj8B/IPk=
Subject key identifier:   0A:A1:7A:BC:8C:92:E5:27:4A:62:C2:63:4D:24:D2:BF:93:C0:01:DC
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       3952B316C6A2C60117229581D4C9F6824B79014C
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3135312e302f32342d3234203d3e203134343435.roa
Signing time:             Thu 28 Mar 2024 11:10:23 +0000
ROA not before:           Thu 28 Mar 2024 11:05:23 +0000
ROA not after:            Thu 27 Mar 2025 11:10:23 +0000
asID:                     14445
IP address blocks:        45.66.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:52:b3:16:c6:a2:c6:01:17:22:95:81:d4:c9:f6:82:4b:79:01:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Mar 28 11:05:23 2024 GMT
            Not After : Mar 27 11:10:23 2025 GMT
        Subject: CN=0AA17ABC8C92E5274A62C2634D24D2BF93C001DC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6e:2d:e8:36:58:e2:f4:33:12:ec:bd:70:68:
                    bc:ad:6a:34:81:ea:d6:5a:1b:e4:ba:af:8d:1c:f8:
                    f5:12:85:99:aa:d8:67:ab:2d:72:58:1a:4a:f2:e9:
                    7d:13:b9:96:a0:48:84:f3:c7:f7:dc:ae:3e:88:8b:
                    64:83:db:5a:fc:c6:4f:11:b6:d3:7d:9f:d8:a5:1b:
                    e1:e9:bc:09:6b:18:4b:1c:e0:0c:b6:50:f5:84:df:
                    b6:12:d9:b6:59:89:ab:f6:58:d1:fd:1b:b2:c2:8a:
                    92:c5:07:55:85:01:4f:16:44:e4:bc:8f:92:e0:b4:
                    76:64:c3:7e:0b:bc:da:b2:92:a8:45:c0:0a:02:f7:
                    f3:1a:6f:ee:f4:9e:65:c8:1a:52:94:af:64:fc:cf:
                    71:5b:7f:d0:ee:fa:06:65:f5:1d:a6:59:27:10:3e:
                    b7:41:ca:a9:67:82:12:01:0a:52:5b:dd:7d:42:39:
                    e8:62:b8:68:ed:ba:34:0b:98:75:91:b6:24:9e:0c:
                    dc:6d:89:48:d5:d9:90:cd:d9:97:75:fc:e2:af:4a:
                    13:01:27:4a:a1:6f:af:b4:1c:9a:06:04:9b:60:a0:
                    e4:f1:53:04:0a:e7:8c:db:3d:ba:d1:93:24:67:77:
                    89:e3:14:9b:bd:fc:01:58:b4:d5:3c:63:56:9c:9d:
                    a2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:A1:7A:BC:8C:92:E5:27:4A:62:C2:63:4D:24:D2:BF:93:C0:01:DC
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e36362e3135312e302f32342d3234203d3e203134343435.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c9:c2:29:ce:4b:8d:32:80:06:6e:bb:c6:fa:88:fc:11:c1:
         8a:01:dd:bf:c3:3b:ad:99:1c:71:a7:04:50:60:5a:b5:30:70:
         dc:e3:db:16:37:df:22:58:90:b8:be:83:05:9a:f1:2d:37:05:
         70:66:3b:08:3f:63:3d:5d:c6:31:9b:0b:a7:48:dd:a5:7b:b4:
         c7:ca:a3:fe:e5:8a:6d:df:20:0b:5e:e2:78:b2:03:07:5e:1d:
         39:98:15:c1:f8:c1:9d:4b:32:48:c9:e4:04:15:a3:08:52:4c:
         7d:ef:38:15:11:a1:c7:52:8b:20:35:9d:3e:1a:7b:2d:0e:05:
         80:b8:6d:8a:b6:b8:0b:7a:72:31:01:41:47:5b:d6:a1:9f:f3:
         bc:d8:db:e9:39:98:e2:39:b9:09:5e:74:7a:bb:59:e0:38:06:
         a7:6b:73:2f:41:52:ab:74:4d:96:38:63:e8:b1:b8:d5:36:35:
         83:ad:31:50:40:9c:6e:2b:8a:5e:78:57:38:04:52:ae:80:a9:
         1b:bd:54:79:6f:80:d4:da:c5:7a:11:85:34:bb:1a:ed:36:de:
         e9:78:41:2a:b2:36:6f:79:f7:55:40:47:2a:bc:e4:94:ab:6b:
         c3:3a:ac:f1:9f:c6:35:dd:c7:c1:7c:00:05:14:85:23:12:df:
         77:dc:5a:c4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOVKzFsaixgEXIpWB1Mn2gkt5AUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAzMjgxMTA1MjNaFw0yNTAzMjcxMTEwMjNaMDMxMTAvBgNV
BAMTKDBBQTE3QUJDOEM5MkU1Mjc0QTYyQzI2MzREMjREMkJGOTNDMDAxREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVbi3oNlji9DMS7L1waLytajSB
6tZaG+S6r40c+PUShZmq2GerLXJYGkry6X0TuZagSITzx/fcrj6Ii2SD21r8xk8R
ttN9n9ilG+HpvAlrGEsc4Ay2UPWE37YS2bZZiav2WNH9G7LCipLFB1WFAU8WROS8
j5LgtHZkw34LvNqykqhFwAoC9/Mab+70nmXIGlKUr2T8z3Fbf9Du+gZl9R2mWScQ
PrdByqlnghIBClJb3X1COehiuGjtujQLmHWRtiSeDNxtiUjV2ZDN2Zd1/OKvShMB
J0qhb6+0HJoGBJtgoOTxUwQK54zbPbrRkyRnd4njFJu9/AFYtNU8Y1acnaJ9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCqF6vIyS5SdKYsJjTSTSv5PAAdwwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzYzNjJlMzEzNTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM0MzQzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
lzANBgkqhkiG9w0BAQsFAAOCAQEAZcnCKc5LjTKABm67xvqI/BHBigHdv8M7rZkc
cacEUGBatTBw3OPbFjffIliQuL6DBZrxLTcFcGY7CD9jPV3GMZsLp0jdpXu0x8qj
/uWKbd8gC17ieLIDB14dOZgVwfjBnUsySMnkBBWjCFJMfe84FRGhx1KLIDWdPhp7
LQ4FgLhtira4C3pyMQFBR1vWoZ/zvNjb6TmY4jm5CV50ertZ4DgGp2tzL0FSq3RN
ljhj6LG41TY1g60xUECcbiuKXnhXOARSroCpG71UeW+A1NrFehGFNLsa7Tbe6XhB
KrI2b3n3VUBHKrzklKtrwzqs8Z/GNd3HwXwABRSFIxLfd9xaxA==
-----END CERTIFICATE-----