Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33372e302f32342d3234203d3e203437353833.roa
File:                     3134392e36322e33372e302f32342d3234203d3e203437353833.roa (raw, json)
Hash identifier:          CaM0/e//N4f/XVrdOz+a7B+LNhReWTrNzfhI8sllJs0=
Subject key identifier:   C6:41:E3:DC:1B:9B:E1:8C:51:73:FB:3E:AC:2C:B8:16:63:06:54:36
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       37AB051934BE33E49E1BAE8E0FFED5118475740C
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33372e302f32342d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:51 +0000
ROA not before:           Mon 26 Feb 2024 08:47:51 +0000
ROA not after:            Mon 24 Feb 2025 08:52:51 +0000
asID:                     47583
IP address blocks:        149.62.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ab:05:19:34:be:33:e4:9e:1b:ae:8e:0f:fe:d5:11:84:75:74:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:51 2024 GMT
            Not After : Feb 24 08:52:51 2025 GMT
        Subject: CN=C641E3DC1B9BE18C5173FB3EAC2CB81663065436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9e:5c:aa:1e:df:b6:07:39:d2:42:19:86:7d:
                    5a:57:a1:f5:87:53:c4:8d:ee:ff:b1:9d:70:5a:ba:
                    7f:fb:85:9f:b8:e8:11:77:1e:e0:33:c0:09:2e:ae:
                    c9:9b:1e:5e:fb:f4:8f:83:36:b2:54:31:2e:ae:a3:
                    61:be:10:16:10:0e:5b:d6:05:90:39:e8:b9:de:fb:
                    50:53:34:2d:b5:6c:c2:a4:e3:a2:3f:dc:35:f4:ce:
                    de:d0:d7:29:44:75:83:45:b1:ee:8c:e8:bb:9a:78:
                    b1:c4:53:ba:e9:a8:fc:bc:87:82:46:00:63:41:44:
                    d8:ff:7a:3d:b0:d9:61:3b:5b:08:97:d1:aa:ec:ff:
                    2e:c3:63:1d:7f:37:f0:d4:16:a9:63:c7:b9:67:72:
                    f9:ad:f0:1b:03:10:14:ec:5f:76:90:41:2e:fd:c8:
                    6e:75:2a:51:f8:0c:e3:a9:cd:b6:38:94:29:af:d9:
                    f3:ed:61:c9:9d:9d:be:41:f5:83:ee:da:fc:f9:1f:
                    1f:2f:db:6c:ff:3d:ea:d6:7d:36:7d:32:82:bc:03:
                    1a:9f:c0:27:15:20:18:91:85:de:f1:2d:3c:2c:29:
                    4e:29:5d:0c:7b:eb:f2:85:79:75:8c:ed:ac:65:60:
                    dd:c9:63:e7:ee:33:e6:e8:8d:fc:c4:7c:90:ae:4b:
                    99:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:41:E3:DC:1B:9B:E1:8C:51:73:FB:3E:AC:2C:B8:16:63:06:54:36
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/3134392e36322e33372e302f32342d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:4a:27:45:3f:99:36:c9:be:55:47:c4:b8:9c:60:47:ae:f3:
         68:0b:39:e5:ad:e4:2a:39:47:45:91:1b:9c:ed:86:db:31:77:
         9f:0c:4a:5d:99:e8:12:3d:38:e9:37:f9:a4:31:19:d1:9e:7e:
         2c:ae:8c:5e:3b:17:bd:35:73:57:4d:ad:a9:7a:db:d5:24:7f:
         95:61:86:e8:15:cc:d7:f2:9f:f4:7e:98:a5:74:23:02:30:b7:
         75:a1:60:34:71:b5:2c:ce:e0:cc:35:16:56:13:e9:50:07:0a:
         78:cd:47:d5:4c:6e:16:c9:96:5c:ea:3a:32:f0:01:0f:01:d7:
         87:a7:26:30:02:50:a4:22:5c:8d:ec:b8:45:14:69:97:54:7a:
         f8:42:ac:65:07:a8:8b:95:05:64:0d:02:1b:9c:24:ea:9c:66:
         b9:cd:53:79:3b:28:8d:cc:bf:85:d4:dc:c5:e0:cf:09:93:72:
         fb:3b:1d:1c:e0:76:c3:12:40:a9:42:b3:77:5f:e7:d6:e6:0f:
         f4:30:29:dc:59:09:c9:7b:81:74:ea:a2:18:cc:f5:2d:b7:f7:
         7c:d3:c1:f4:dc:69:7a:f5:ed:28:46:5c:14:32:b8:20:3a:1d:
         2c:66:ff:30:12:cd:21:97:07:f6:bb:11:6b:2b:7e:cc:73:19:
         28:50:0f:4f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN6sFGTS+M+SeG66OD/7VEYR1dAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTFaFw0yNTAyMjQwODUyNTFaMDMxMTAvBgNV
BAMTKEM2NDFFM0RDMUI5QkUxOEM1MTczRkIzRUFDMkNCODE2NjMwNjU0MzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRnlyqHt+2BznSQhmGfVpXofWH
U8SN7v+xnXBaun/7hZ+46BF3HuAzwAkursmbHl779I+DNrJUMS6uo2G+EBYQDlvW
BZA56Lne+1BTNC21bMKk46I/3DX0zt7Q1ylEdYNFse6M6LuaeLHEU7rpqPy8h4JG
AGNBRNj/ej2w2WE7WwiX0ars/y7DYx1/N/DUFqljx7lncvmt8BsDEBTsX3aQQS79
yG51KlH4DOOpzbY4lCmv2fPtYcmdnb5B9YPu2vz5Hx8v22z/PerWfTZ9MoK8Axqf
wCcVIBiRhd7xLTwsKU4pXQx76/KFeXWM7axlYN3JY+fuM+bojfzEfJCuS5k7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxkHj3Bub4YxRc/s+rCy4FmMGVDYwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzEzNDM5MmUzNjMyMmUzMzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJU+
JTANBgkqhkiG9w0BAQsFAAOCAQEAEUonRT+ZNsm+VUfEuJxgR67zaAs55a3kKjlH
RZEbnO2G2zF3nwxKXZnoEj046Tf5pDEZ0Z5+LK6MXjsXvTVzV02tqXrb1SR/lWGG
6BXM1/Kf9H6YpXQjAjC3daFgNHG1LM7gzDUWVhPpUAcKeM1H1UxuFsmWXOo6MvAB
DwHXh6cmMAJQpCJcjey4RRRpl1R6+EKsZQeoi5UFZA0CG5wk6pxmuc1TeTsojcy/
hdTcxeDPCZNy+zsdHOB2wxJAqUKzd1/n1uYP9DAp3FkJyXuBdOqiGMz1Lbf3fNPB
9NxpevXtKEZcFDK4IDodLGb/MBLNIZcH9rsRayt+zHMZKFAPTw==
-----END CERTIFICATE-----