Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137342e302f32342d3234203d3e2037353632.roa
File:                     34352e382e3137342e302f32342d3234203d3e2037353632.roa (raw, json)
Hash identifier:          Y7IbPRg5qQHAo4WFrVenmXjcCZLx20s3VxoWUs04Maw=
Subject key identifier:   57:F9:81:02:21:D0:5B:EA:1F:AF:E7:78:CD:57:B8:DA:35:BF:33:99
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       16D89F91F4B95EA24506D077FF2BCEB7B43985C8
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137342e302f32342d3234203d3e2037353632.roa
Signing time:             Thu 22 Feb 2024 17:05:13 +0000
ROA not before:           Thu 22 Feb 2024 17:00:13 +0000
ROA not after:            Thu 20 Feb 2025 17:05:13 +0000
asID:                     7562
IP address blocks:        45.8.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 04:36:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:d8:9f:91:f4:b9:5e:a2:45:06:d0:77:ff:2b:ce:b7:b4:39:85:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 22 17:00:13 2024 GMT
            Not After : Feb 20 17:05:13 2025 GMT
        Subject: CN=57F9810221D05BEA1FAFE778CD57B8DA35BF3399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:21:17:7d:7e:aa:22:c7:4b:2d:d7:47:b4:38:
                    85:ed:c1:33:6c:b3:e5:43:2e:4b:18:8d:dc:e5:63:
                    27:4a:1a:91:49:da:0b:ea:25:d8:7f:b6:51:1b:a3:
                    ce:73:07:42:6e:f2:a3:2c:ea:09:01:60:25:52:fe:
                    19:6a:b1:6e:7f:99:9c:bf:f3:98:5f:33:17:5a:69:
                    99:7c:58:29:39:0d:f1:17:7a:27:0a:a3:22:14:5d:
                    67:1b:a9:0e:f9:54:59:9d:75:67:74:63:62:57:2e:
                    72:d0:e4:6a:62:4a:ef:36:5a:d5:13:bf:78:98:72:
                    18:f9:84:e4:f2:9b:15:06:fc:29:62:e1:c2:a0:68:
                    15:56:62:90:16:48:b1:94:61:c1:26:db:e8:bc:e8:
                    12:ca:bc:19:75:6c:88:7a:9e:a3:64:25:df:ef:77:
                    0f:b1:d2:93:1e:29:38:ce:09:97:98:2e:99:ca:d9:
                    39:03:9a:21:7e:4a:bd:a8:a7:ba:84:c5:14:af:23:
                    ed:a5:e9:4e:bc:4c:6d:6d:2b:9f:82:d1:9c:9e:5f:
                    f0:ba:a2:53:5a:ff:db:d7:91:58:a8:d7:8d:81:34:
                    32:c6:d0:15:00:10:b7:0c:b3:a2:71:95:cc:8a:fd:
                    cc:3d:57:e1:42:af:d9:e3:72:b1:6f:42:80:e4:2b:
                    f9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F9:81:02:21:D0:5B:EA:1F:AF:E7:78:CD:57:B8:DA:35:BF:33:99
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/34352e382e3137342e302f32342d3234203d3e2037353632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:32:cd:ef:dc:f5:d8:bd:51:11:77:9e:a3:78:8d:b4:fd:50:
         da:e1:a3:44:6f:28:73:1f:15:82:54:25:40:b6:77:ee:7a:41:
         86:e0:56:f3:ec:7c:51:6f:ac:b6:3d:0b:ad:51:24:c8:b0:d7:
         5a:b1:23:71:31:26:62:96:6c:63:28:36:69:c5:c0:a8:c9:f5:
         2d:23:4e:e5:0c:d3:71:26:8a:1c:f7:45:01:8d:41:7e:27:aa:
         3c:18:a0:6e:93:ff:ae:7d:5c:4e:27:ae:97:d6:d1:a1:39:0f:
         5c:f2:8e:0d:63:b6:b2:79:5f:5b:dc:9b:33:95:4c:cf:c4:ae:
         81:fe:ef:74:30:52:f6:e9:3c:8e:f1:0b:84:5a:02:f9:92:78:
         70:c5:9e:4c:e2:a0:67:84:85:02:a0:05:8b:e4:82:d0:24:8e:
         5d:0d:ce:34:22:ac:ee:28:d3:d5:ab:28:d2:e4:d5:c2:89:9d:
         1d:cf:84:bb:4c:d2:8f:71:0e:99:7f:7f:5f:60:d1:08:a5:a8:
         c0:23:7e:22:4c:7f:f7:d2:9b:bd:5a:7b:82:1c:1a:25:74:04:
         9e:4f:bb:0f:bf:00:1a:72:ae:c1:8c:0d:51:e7:29:66:2a:5c:
         26:41:f0:6b:78:13:5a:08:72:6b:a7:ab:fc:8c:a5:6a:37:be:
         09:e9:a3:80
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFtifkfS5XqJFBtB3/yvOt7Q5hcgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNDAyMjIxNzAwMTNaFw0yNTAyMjAxNzA1MTNaMDMxMTAvBgNV
BAMTKDU3Rjk4MTAyMjFEMDVCRUExRkFGRTc3OENENTdCOERBMzVCRjMzOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5IRd9fqoix0st10e0OIXtwTNs
s+VDLksYjdzlYydKGpFJ2gvqJdh/tlEbo85zB0Ju8qMs6gkBYCVS/hlqsW5/mZy/
85hfMxdaaZl8WCk5DfEXeicKoyIUXWcbqQ75VFmddWd0Y2JXLnLQ5GpiSu82WtUT
v3iYchj5hOTymxUG/Cli4cKgaBVWYpAWSLGUYcEm2+i86BLKvBl1bIh6nqNkJd/v
dw+x0pMeKTjOCZeYLpnK2TkDmiF+Sr2op7qExRSvI+2l6U68TG1tK5+C0ZyeX/C6
olNa/9vXkVio142BNDLG0BUAELcMs6JxlcyK/cw9V+FCr9njcrFvQoDkK/m5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUV/mBAiHQW+ofr+d4zVe42jW/M5kwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzQzNTJlMzgyZTMxMzczNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzUzNjMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQiuMA0G
CSqGSIb3DQEBCwUAA4IBAQA4Ms3v3PXYvVERd56jeI20/VDa4aNEbyhzHxWCVCVA
tnfuekGG4Fbz7HxRb6y2PQutUSTIsNdasSNxMSZilmxjKDZpxcCoyfUtI07lDNNx
Jooc90UBjUF+J6o8GKBuk/+ufVxOJ66X1tGhOQ9c8o4NY7ayeV9b3JszlUzPxK6B
/u90MFL26TyO8QuEWgL5knhwxZ5M4qBnhIUCoAWL5ILQJI5dDc40IqzuKNPVqyjS
5NXCiZ0dz4S7TNKPcQ6Zf39fYNEIpajAI34iTH/30pu9WnuCHBoldASeT7sPvwAa
cq7BjA1R5ylmKlwmQfBreBNaCHJrp6v8jKVqN74J6aOA
-----END CERTIFICATE-----