Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135362e302f32332d3234203d3e203631333137.roa
File:                     34352e31302e3135362e302f32332d3234203d3e203631333137.roa (raw, json)
Hash identifier:          SlzmdYmG5txCq62Y8MX6zg7rRki3mnaIhvuWikrR8U8=
Subject key identifier:   37:50:58:85:F0:F5:4B:1B:5B:E0:03:1C:C7:37:E8:6F:FE:62:22:52
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6DA4F12A88F4605AF936005585EC6B3B9657E769
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135362e302f32332d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:51 +0000
ROA not before:           Mon 26 Feb 2024 08:47:51 +0000
ROA not after:            Mon 24 Feb 2025 08:52:51 +0000
asID:                     61317
IP address blocks:        45.10.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:a4:f1:2a:88:f4:60:5a:f9:36:00:55:85:ec:6b:3b:96:57:e7:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:51 2024 GMT
            Not After : Feb 24 08:52:51 2025 GMT
        Subject: CN=37505885F0F54B1B5BE0031CC737E86FFE622252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6b:fe:22:39:d9:8c:f1:f9:d9:a8:08:8e:73:
                    d6:8e:dc:65:08:df:6c:97:e8:2b:e3:52:ea:f3:0e:
                    1f:4d:21:44:a3:6c:f0:97:e9:62:d8:58:f6:1c:fb:
                    5d:2c:d7:2b:38:fe:d8:75:a5:0a:db:92:c6:5a:7d:
                    44:be:60:48:ad:c2:a0:89:8a:9a:e6:09:7d:46:3a:
                    74:4f:b4:f0:93:d9:0e:85:bf:46:80:53:17:81:10:
                    c7:24:b1:93:20:b2:7d:df:28:d6:77:d5:b0:34:9d:
                    5c:2a:61:f5:37:bb:3e:90:b9:a8:22:a3:3e:ce:a5:
                    a2:39:88:38:6b:f8:df:26:23:3d:71:fa:f1:66:eb:
                    4c:0c:94:6d:14:4e:bf:f8:22:4c:27:77:46:6b:22:
                    14:44:f9:43:5d:25:dc:e8:0b:2e:88:73:14:8b:e9:
                    2d:12:b2:67:36:91:16:57:b8:31:75:70:66:1a:8a:
                    da:2e:67:7f:29:df:9f:d6:ab:93:14:1a:40:63:b2:
                    5a:15:72:50:e4:8f:40:95:96:18:52:cf:a7:75:a4:
                    e5:6d:44:2f:12:fc:11:de:e2:8f:9e:a0:ad:e6:6d:
                    93:25:42:80:5a:c1:50:08:83:02:54:a4:d3:8b:cb:
                    9b:78:9d:62:c6:e2:75:04:51:8c:1e:54:39:1c:da:
                    23:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:50:58:85:F0:F5:4B:1B:5B:E0:03:1C:C7:37:E8:6F:FE:62:22:52
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135362e302f32332d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:c4:2c:b2:cf:fe:2f:55:36:1d:29:12:65:44:d8:bc:60:b7:
         7d:13:d0:e9:db:20:9e:82:0f:f1:e2:e3:f9:6c:30:40:1f:c6:
         02:b8:d6:38:e8:3b:9b:37:6b:db:38:38:0e:ef:40:a0:db:da:
         7c:60:76:8c:7f:c8:8c:4e:31:2d:43:c5:6c:f9:46:2d:f6:94:
         48:9e:c8:03:16:8e:ae:06:9a:e9:86:b1:37:61:28:25:77:3b:
         33:12:97:31:9f:de:f5:ec:e8:92:68:43:79:af:4e:50:ed:39:
         7b:c4:2c:0f:28:bd:b6:ea:b0:43:3c:f8:fe:4f:32:9f:39:e7:
         2f:d9:0c:e4:f2:cb:04:f8:09:7f:f8:1a:c8:55:71:9c:cc:67:
         a7:ce:ed:fa:f9:29:ef:bd:01:91:7b:aa:ca:27:3d:af:78:42:
         c8:b8:3b:28:75:00:54:60:8b:cb:0d:8f:8c:98:72:f4:5e:3e:
         d2:e0:f7:83:1d:34:eb:fa:68:e7:68:c3:80:c2:2e:c0:c7:70:
         4a:72:fe:5c:5d:db:9e:15:da:09:0a:cb:d6:07:20:15:54:99:
         05:ec:e2:8c:b6:0c:65:35:58:1c:43:b5:cb:74:72:d5:e1:db:
         59:54:62:c0:c8:3d:9f:f7:6d:35:2c:ea:65:db:83:29:04:61:
         20:98:fb:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbaTxKoj0YFr5NgBVhexrO5ZX52kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTFaFw0yNTAyMjQwODUyNTFaMDMxMTAvBgNV
BAMTKDM3NTA1ODg1RjBGNTRCMUI1QkUwMDMxQ0M3MzdFODZGRkU2MjIyNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCya/4iOdmM8fnZqAiOc9aO3GUI
32yX6CvjUurzDh9NIUSjbPCX6WLYWPYc+10s1ys4/th1pQrbksZafUS+YEitwqCJ
iprmCX1GOnRPtPCT2Q6Fv0aAUxeBEMcksZMgsn3fKNZ31bA0nVwqYfU3uz6Quagi
oz7OpaI5iDhr+N8mIz1x+vFm60wMlG0UTr/4Ikwnd0ZrIhRE+UNdJdzoCy6IcxSL
6S0Ssmc2kRZXuDF1cGYaitouZ38p35/Wq5MUGkBjsloVclDkj0CVlhhSz6d1pOVt
RC8S/BHe4o+eoK3mbZMlQoBawVAIgwJUpNOLy5t4nWLG4nUEUYweVDkc2iPvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN1BYhfD1Sxtb4AMcxzfob/5iIlIwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMDJlMzEzNTM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
nDANBgkqhkiG9w0BAQsFAAOCAQEAVcQsss/+L1U2HSkSZUTYvGC3fRPQ6dsgnoIP
8eLj+WwwQB/GArjWOOg7mzdr2zg4Du9AoNvafGB2jH/IjE4xLUPFbPlGLfaUSJ7I
AxaOrgaa6YaxN2EoJXc7MxKXMZ/e9ezokmhDea9OUO05e8QsDyi9tuqwQzz4/k8y
nznnL9kM5PLLBPgJf/gayFVxnMxnp87t+vkp770BkXuqyic9r3hCyLg7KHUAVGCL
yw2PjJhy9F4+0uD3gx006/po52jDgMIuwMdwSnL+XF3bnhXaCQrL1gcgFVSZBezi
jLYMZTVYHEO1y3Ry1eHbWVRiwMg9n/dtNSzqZduDKQRhIJj7oA==
-----END CERTIFICATE-----