Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/34352e31302e3135372e302f32342d3234203d3e20383334.roa
File:                     34352e31302e3135372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rLNji0k/nQLEsKfEi0Q4ZVrQEM1fGf3A1l+FzqkjlkQ=
Subject key identifier:   80:5A:CC:DD:04:09:8A:C5:51:45:E7:24:D1:46:0C:80:2C:39:A4:CB
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       3B8708511C899C5DC1BA7D40E3BDAF1109015220
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/34352e31302e3135372e302f32342d3234203d3e20383334.roa
Signing time:             Fri 27 Dec 2024 11:47:46 +0000
ROA not before:           Fri 27 Dec 2024 11:42:46 +0000
ROA not after:            Fri 26 Dec 2025 11:47:46 +0000
asID:                     834
IP address blocks:        45.10.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:45:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:87:08:51:1c:89:9c:5d:c1:ba:7d:40:e3:bd:af:11:09:01:52:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Dec 27 11:42:46 2024 GMT
            Not After : Dec 26 11:47:46 2025 GMT
        Subject: CN=805ACCDD04098AC55145E724D1460C802C39A4CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4e:32:31:25:69:3a:b7:67:4f:8e:a4:f8:87:
                    46:3e:d3:d9:fe:6a:76:d3:20:55:09:92:a8:52:61:
                    54:a5:2a:3a:c5:22:80:9b:75:14:e9:3b:8a:69:45:
                    b4:bf:44:8d:04:1a:9e:fc:ff:7d:df:b4:53:d0:a1:
                    d9:01:41:16:b2:14:72:bb:8a:37:92:62:e5:94:38:
                    f4:53:e2:11:18:ec:6a:63:ad:57:3b:71:39:0d:b8:
                    78:9a:31:6a:93:c7:af:7a:a1:0b:91:40:3b:7a:4a:
                    53:f7:24:f5:92:3b:4b:bf:4f:2b:5b:4d:e1:70:f7:
                    a3:48:dc:b9:29:3e:24:0f:67:12:e0:68:c7:f4:db:
                    91:4e:00:b0:b7:25:7b:4a:b6:b2:d6:f4:24:b6:83:
                    46:53:a0:39:4d:5c:ce:f1:e1:c1:7f:91:38:0e:47:
                    77:52:51:00:3e:51:a6:a9:ba:9c:aa:b1:86:c5:6a:
                    82:da:96:ae:e8:92:42:cb:55:28:03:f1:c7:90:ba:
                    2f:cd:41:61:bc:ca:0e:ad:f6:ec:8d:25:3d:e4:43:
                    77:f1:9d:47:c4:3b:ff:7f:9c:d3:ef:a2:83:e0:ae:
                    ab:1b:df:9b:b5:ed:5b:83:13:19:97:e5:66:84:d3:
                    04:0b:ea:be:63:91:62:80:c0:af:48:4e:90:9c:c9:
                    c7:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:5A:CC:DD:04:09:8A:C5:51:45:E7:24:D1:46:0C:80:2C:39:A4:CB
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/34352e31302e3135372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:53:73:db:25:e9:71:59:75:dd:e5:b9:f6:9b:5c:c1:0a:5b:
         a8:d3:39:f4:65:7d:ec:af:18:0d:76:24:f9:70:79:28:0a:ab:
         fc:4b:bb:7e:84:2f:e0:31:bd:cd:cd:c7:18:de:3b:3a:b5:ae:
         39:ab:85:a4:d6:fe:85:29:58:a9:f8:94:c6:bf:56:bd:86:89:
         1d:ee:a7:cb:48:a4:fc:f5:9e:a6:6b:d1:0a:7e:96:1e:c7:31:
         4a:de:5f:27:04:19:01:0a:69:9c:0e:3d:27:20:fd:82:28:33:
         5d:e0:76:20:08:bb:06:f4:61:6d:e5:53:26:ee:7d:32:55:28:
         66:5d:75:62:89:a0:df:48:ef:cd:f0:92:10:e4:e7:aa:4e:87:
         6f:65:d3:e6:86:b7:9c:ef:a4:8c:1b:8f:ae:fd:9b:ba:47:c2:
         a6:20:1c:da:65:03:77:c8:d9:53:34:eb:b4:fc:00:b9:f7:ed:
         67:7d:96:55:0a:52:a4:9e:f0:d6:0b:29:5b:e9:23:f6:cd:92:
         85:33:5b:a8:dc:19:40:a9:62:bd:26:dc:89:ac:80:91:65:34:
         1a:21:62:ba:d4:a5:5d:6d:b4:99:e8:61:7b:49:b2:96:dd:07:
         88:53:84:88:c6:d6:81:4b:65:4c:ec:58:53:49:c7:14:41:72:
         79:08:fd:c5
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUO4cIURyJnF3Bun1A472vEQkBUiAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNDEyMjcxMTQyNDZaFw0yNTEyMjYxMTQ3NDZaMDMxMTAvBgNV
BAMTKDgwNUFDQ0REMDQwOThBQzU1MTQ1RTcyNEQxNDYwQzgwMkMzOUE0Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMTjIxJWk6t2dPjqT4h0Y+09n+
anbTIFUJkqhSYVSlKjrFIoCbdRTpO4ppRbS/RI0EGp78/33ftFPQodkBQRayFHK7
ijeSYuWUOPRT4hEY7GpjrVc7cTkNuHiaMWqTx696oQuRQDt6SlP3JPWSO0u/Tytb
TeFw96NI3LkpPiQPZxLgaMf025FOALC3JXtKtrLW9CS2g0ZToDlNXM7x4cF/kTgO
R3dSUQA+UaapupyqsYbFaoLalq7okkLLVSgD8ceQui/NQWG8yg6t9uyNJT3kQ3fx
nUfEO/9/nNPvooPgrqsb35u17VuDExmX5WaE0wQL6r5jkWKAwK9ITpCcycc5AgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUgFrM3QQJisVRReck0UYMgCw5pMswHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zNDM1MmUzMTMwMmUz
MTM1MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAt
Cp0wDQYJKoZIhvcNAQELBQADggEBAClTc9sl6XFZdd3lufabXMEKW6jTOfRlfeyv
GA12JPlweSgKq/xLu36EL+Axvc3NxxjeOzq1rjmrhaTW/oUpWKn4lMa/Vr2GiR3u
p8tIpPz1nqZr0Qp+lh7HMUreXycEGQEKaZwOPScg/YIoM13gdiAIuwb0YW3lUybu
fTJVKGZddWKJoN9I783wkhDk56pOh29l0+aGt5zvpIwbj679m7pHwqYgHNplA3fI
2VM067T8ALn37Wd9llUKUqSe8NYLKVvpI/bNkoUzW6jcGUCpYr0m3ImsgJFlNBoh
YrrUpV1ttJnoYXtJspbdB4hThIjG1oFLZUzsWFNJxxRBcnkI/cU=
-----END CERTIFICATE-----