Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137322e302f32342d3234203d3e20323030343135.roa
File:                     34352e382e3137322e302f32342d3234203d3e20323030343135.roa (raw, json)
Hash identifier:          KfGm8oKCcj7dPsD1fNqk4qOilkoWdq266OnknCVNfLk=
Subject key identifier:   74:ED:20:51:68:10:2B:3D:09:DE:F7:E6:FB:61:0C:9E:87:32:D1:2F
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       7EFB280DB57593800A7E4A092C72269EE9CFC97A
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137322e302f32342d3234203d3e20323030343135.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     200415
IP address blocks:        45.8.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:fb:28:0d:b5:75:93:80:0a:7e:4a:09:2c:72:26:9e:e9:cf:c9:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=74ED205168102B3D09DEF7E6FB610C9E8732D12F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:10:be:f0:0b:60:4d:d0:d0:d6:08:83:69:89:
                    66:e4:3d:56:e5:d6:69:7e:43:6b:4e:30:2b:aa:c3:
                    c4:e3:db:bb:86:84:14:36:42:ae:24:76:6a:56:5b:
                    f3:8f:11:30:d1:e8:9a:53:5a:65:7c:b7:0d:94:9c:
                    d5:cd:87:e8:ac:6b:12:e5:65:9a:0b:a7:2c:4b:b2:
                    5c:f7:94:ce:b5:c3:62:3c:0e:1e:39:67:29:07:98:
                    f7:46:c8:c4:b6:eb:be:7c:3e:20:a3:aa:f0:73:2e:
                    a0:96:04:58:ba:e2:a2:7d:81:fa:4a:c2:40:6b:ee:
                    58:e4:85:78:8d:9e:c5:c3:7b:b9:87:1f:56:45:c9:
                    a4:2e:21:de:f9:02:a7:17:d1:7f:a0:1f:cb:45:33:
                    0b:e4:bd:41:df:f6:df:78:f1:d5:a4:94:e5:e7:df:
                    bc:8d:a7:13:2e:9e:a2:b9:59:f8:3c:91:83:86:d5:
                    b0:d6:fb:fe:a4:12:59:d9:54:e8:82:3f:e7:97:4e:
                    9c:99:1b:d5:ba:98:8d:c9:74:59:8a:37:08:bc:16:
                    0c:1d:87:da:05:84:2f:51:80:a4:6e:f9:42:eb:b8:
                    2f:af:d0:29:cd:ed:83:60:45:b2:c2:ea:a1:03:15:
                    7c:d3:df:13:71:9f:1c:2e:28:94:72:34:c7:97:bf:
                    b8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:ED:20:51:68:10:2B:3D:09:DE:F7:E6:FB:61:0C:9E:87:32:D1:2F
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137322e302f32342d3234203d3e20323030343135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:7a:42:cb:68:55:c0:22:15:70:a8:d0:ed:04:c7:0b:39:75:
         52:2f:0c:ad:a8:0e:1a:c2:4e:d9:b5:57:77:bd:cb:59:e4:60:
         6d:53:1f:4d:3e:7c:3c:5e:75:f9:c5:dd:88:b6:d2:ea:9c:00:
         26:cc:95:c5:aa:b1:0e:e1:7b:a6:f2:bd:90:e3:44:df:80:c1:
         3d:8f:dc:27:b7:6b:ee:b0:66:6a:ca:05:58:9f:a1:4e:a8:fb:
         4b:2a:5d:1a:f5:e8:e4:17:4f:18:96:f7:c0:cf:75:f0:6b:55:
         8f:e2:12:46:10:69:9c:fd:e6:2c:e3:90:e1:e8:e2:e0:c2:f0:
         bc:5d:f3:bb:c1:49:1d:24:2c:b8:e1:6b:ac:84:ee:30:02:74:
         4d:c8:b3:c1:a5:d7:62:e3:cd:21:a3:72:ac:1b:00:03:60:b6:
         8d:57:67:03:12:18:22:32:ae:28:25:2e:ec:06:b1:11:38:45:
         f1:05:fe:e8:a5:dc:78:d0:2b:ff:9a:93:3b:d9:48:ec:a3:af:
         4e:25:ae:4b:39:be:54:37:4d:3a:42:3a:45:0d:d0:b1:37:01:
         98:fe:cc:da:44:20:99:b3:84:e5:2e:db:93:39:f9:57:73:e1:
         17:27:53:17:26:a4:98:c0:5c:d0:c4:98:36:bf:46:a1:04:d2:
         34:53:15:b5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfvsoDbV1k4AKfkoJLHImnunPyXowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKDc0RUQyMDUxNjgxMDJCM0QwOURFRjdFNkZCNjEwQzlFODczMkQxMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuEL7wC2BN0NDWCINpiWbkPVbl
1ml+Q2tOMCuqw8Tj27uGhBQ2Qq4kdmpWW/OPETDR6JpTWmV8tw2UnNXNh+isaxLl
ZZoLpyxLslz3lM61w2I8Dh45ZykHmPdGyMS26758PiCjqvBzLqCWBFi64qJ9gfpK
wkBr7ljkhXiNnsXDe7mHH1ZFyaQuId75AqcX0X+gH8tFMwvkvUHf9t948dWklOXn
37yNpxMunqK5Wfg8kYOG1bDW+/6kElnZVOiCP+eXTpyZG9W6mI3JdFmKNwi8Fgwd
h9oFhC9RgKRu+ULruC+v0CnN7YNgRbLC6qEDFXzT3xNxnxwuKJRyNMeXv7hLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdO0gUWgQKz0J3vfm+2EMnocy0S8wHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzgyZTMxMzczMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMDM0MzEzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rDANBgkqhkiG9w0BAQsFAAOCAQEAenpCy2hVwCIVcKjQ7QTHCzl1Ui8MragOGsJO
2bVXd73LWeRgbVMfTT58PF51+cXdiLbS6pwAJsyVxaqxDuF7pvK9kONE34DBPY/c
J7dr7rBmasoFWJ+hTqj7SypdGvXo5BdPGJb3wM918GtVj+ISRhBpnP3mLOOQ4eji
4MLwvF3zu8FJHSQsuOFrrITuMAJ0TcizwaXXYuPNIaNyrBsAA2C2jVdnAxIYIjKu
KCUu7AaxEThF8QX+6KXceNAr/5qTO9lI7KOvTiWuSzm+VDdNOkI6RQ3QsTcBmP7M
2kQgmbOE5S7bkzn5V3PhFydTFyakmMBc0MSYNr9GoQTSNFMVtQ==
-----END CERTIFICATE-----