Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135382e302f32332d3234203d3e203631333137.roa
File:                     34352e31302e3135382e302f32332d3234203d3e203631333137.roa (raw, json)
Hash identifier:          609GJTFXxgNOpiKSZVX0b3fuZt7LsIQ2rdMBjOXe0fc=
Subject key identifier:   83:12:D6:A5:34:DC:D2:D8:8B:35:98:1A:D1:2A:E4:D7:49:D3:57:32
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       5642533C8BAE846961BB076732FF5EED7BEB3625
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135382e302f32332d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     61317
IP address blocks:        45.10.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:42:53:3c:8b:ae:84:69:61:bb:07:67:32:ff:5e:ed:7b:eb:36:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=8312D6A534DCD2D88B35981AD12AE4D749D35732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:75:db:0e:46:27:e2:ad:4e:6e:30:49:32:9f:
                    9c:a5:8f:0b:80:31:e9:36:1b:1e:d7:7e:95:6f:74:
                    6c:ff:49:66:d1:de:81:15:3f:bf:9c:54:de:4f:1e:
                    41:3d:ff:65:b1:88:d3:02:21:df:32:11:48:5b:a3:
                    ae:d6:9a:fd:fd:3c:72:15:15:3b:24:c1:58:57:40:
                    80:a9:5b:94:55:de:b7:d0:7f:56:c7:e0:4d:c6:e9:
                    e8:c3:a8:a9:02:3e:f8:8e:8d:d7:c8:98:4d:33:56:
                    33:fc:bd:06:50:b9:1e:2f:92:60:fd:19:89:d4:ad:
                    e7:c4:2e:95:dc:0b:70:8e:f1:2f:ad:4e:2a:7b:e3:
                    92:99:c2:5a:ce:82:79:0e:3c:f3:dd:85:f2:5e:c1:
                    7a:75:32:86:43:ed:51:23:39:8b:82:30:62:94:22:
                    ce:22:eb:c8:5a:51:d5:c4:fd:3b:c0:a3:ba:ca:4d:
                    90:4a:52:ad:fe:2d:e6:fe:20:94:f4:96:7c:99:bd:
                    89:01:6c:dd:c8:5a:52:38:13:2a:89:c0:25:d1:02:
                    1f:de:42:1a:8c:74:98:e4:c2:6d:94:d8:83:23:b6:
                    4e:5f:58:66:21:78:26:c0:34:65:79:af:7d:13:05:
                    55:24:be:1d:45:cb:19:dc:74:15:9e:6a:aa:11:15:
                    f1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:12:D6:A5:34:DC:D2:D8:8B:35:98:1A:D1:2A:E4:D7:49:D3:57:32
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31302e3135382e302f32332d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:f7:46:01:0f:9e:a6:58:da:21:ba:76:f4:93:f6:24:67:b3:
         9a:cc:4b:84:ce:e9:b8:17:f7:a6:21:e3:30:10:a4:62:36:ef:
         3c:29:7e:88:a2:81:de:2a:32:6a:67:4d:de:73:c6:86:ce:14:
         a0:a0:94:ff:76:46:3d:f6:20:1a:ef:76:26:dc:c4:0c:ea:b6:
         59:54:40:8d:24:69:23:17:c4:7d:ca:c1:44:96:cf:48:ca:a9:
         b2:a3:6e:ec:1e:22:01:a9:3e:15:a4:dd:d9:63:f5:ea:39:01:
         ff:69:87:7c:43:10:b5:39:31:90:b0:af:9a:a6:fb:b7:ab:8c:
         41:ac:b3:c2:55:b3:95:f6:5d:19:e3:e0:db:46:f3:76:b4:f9:
         06:d2:83:df:6b:db:85:e1:e7:f9:97:dc:34:93:ef:b6:ec:40:
         c0:76:6c:c4:7d:d7:8b:ad:e4:64:7d:6b:80:bf:fb:7e:72:f2:
         b7:06:c0:5d:06:0e:f4:cc:cf:b6:a8:db:87:9f:8c:a1:0b:35:
         35:60:7f:73:95:e1:84:5f:d1:d2:b3:b6:c0:89:4e:38:2e:3c:
         b8:2e:df:43:25:61:d1:31:a6:b2:9d:a0:c5:7e:27:1f:aa:b1:
         fe:d7:49:c4:17:e6:5e:e7:8e:d8:80:e2:f9:00:e3:4f:60:13:
         6e:b0:50:ff
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVkJTPIuuhGlhuwdnMv9e7XvrNiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKDgzMTJENkE1MzREQ0QyRDg4QjM1OTgxQUQxMkFFNEQ3NDlEMzU3MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ddsORifirU5uMEkyn5yljwuA
Mek2Gx7XfpVvdGz/SWbR3oEVP7+cVN5PHkE9/2WxiNMCId8yEUhbo67Wmv39PHIV
FTskwVhXQICpW5RV3rfQf1bH4E3G6ejDqKkCPviOjdfImE0zVjP8vQZQuR4vkmD9
GYnUrefELpXcC3CO8S+tTip745KZwlrOgnkOPPPdhfJewXp1MoZD7VEjOYuCMGKU
Is4i68haUdXE/TvAo7rKTZBKUq3+Leb+IJT0lnyZvYkBbN3IWlI4EyqJwCXRAh/e
QhqMdJjkwm2U2IMjtk5fWGYheCbANGV5r30TBVUkvh1FyxncdBWeaqoRFfFrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgxLWpTTc0tiLNZga0Srk10nTVzIwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzMDJlMzEzNTM4
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
njANBgkqhkiG9w0BAQsFAAOCAQEAbvdGAQ+epljaIbp29JP2JGezmsxLhM7puBf3
piHjMBCkYjbvPCl+iKKB3ioyamdN3nPGhs4UoKCU/3ZGPfYgGu92JtzEDOq2WVRA
jSRpIxfEfcrBRJbPSMqpsqNu7B4iAak+FaTd2WP16jkB/2mHfEMQtTkxkLCvmqb7
t6uMQayzwlWzlfZdGePg20bzdrT5BtKD32vbheHn+ZfcNJPvtuxAwHZsxH3Xi63k
ZH1rgL/7fnLytwbAXQYO9MzPtqjbh5+MoQs1NWB/c5XhhF/R0rO2wIlOOC48uC7f
QyVh0TGmsp2gxX4nH6qx/tdJxBfmXueO2IDi+QDjT2ATbrBQ/w==
-----END CERTIFICATE-----