Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31352e32342e302f32322d3234203d3e203437353833.roa
File:                     34352e31352e32342e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          u33PSZrAU2Lt24YWHHI+Nnx5fxQmFED+nzXeIVnptiM=
Subject key identifier:   1C:86:82:EC:D6:7B:CD:74:79:36:DB:32:D5:E6:56:B5:D1:C6:ED:E3
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       20EA4FECAF989FF836CD9600E7D3874B79016BB3
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31352e32342e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:52:52 +0000
ROA not before:           Mon 26 Feb 2024 08:47:52 +0000
ROA not after:            Mon 24 Feb 2025 08:52:52 +0000
asID:                     47583
IP address blocks:        45.15.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:ea:4f:ec:af:98:9f:f8:36:cd:96:00:e7:d3:87:4b:79:01:6b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:52 2024 GMT
            Not After : Feb 24 08:52:52 2025 GMT
        Subject: CN=1C8682ECD67BCD747936DB32D5E656B5D1C6EDE3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4f:a5:f6:3e:16:2b:64:16:75:ca:2b:58:62:
                    98:0b:bb:c1:88:23:9b:09:f8:63:19:cf:08:44:48:
                    cb:25:d7:43:98:7e:06:ee:0f:c9:00:47:ab:39:30:
                    46:0a:af:d1:00:33:99:38:c9:63:d2:77:c0:74:38:
                    4f:6e:98:11:73:ab:12:ad:2b:40:21:8d:8a:57:21:
                    33:fc:d4:44:b9:93:d7:3e:83:62:dd:dd:89:80:05:
                    2b:5e:64:d4:2b:4e:8c:37:a4:1f:52:33:d5:76:b5:
                    e3:14:4f:59:58:59:52:d6:8c:02:f9:77:5b:4a:97:
                    51:98:26:c3:5c:f0:64:fa:fc:c2:58:8b:3d:35:c3:
                    21:9d:3a:1c:fb:25:85:51:56:01:36:6c:09:1f:9c:
                    a4:d7:a5:5e:21:50:fc:81:93:aa:35:b1:0e:89:fe:
                    34:3e:d8:1e:0f:c9:e2:b9:b7:5d:60:62:6a:ee:47:
                    d7:ad:f3:3d:1e:9c:f6:7c:64:b3:bf:f9:f1:79:16:
                    ee:dc:1d:36:41:37:bf:52:3b:2d:b9:5d:2a:91:1f:
                    16:0a:98:8f:f5:a8:47:8a:16:b2:00:4c:8e:76:98:
                    fd:02:48:e6:76:24:13:6c:56:cc:11:c3:eb:33:22:
                    1e:53:4a:f9:35:43:ad:c8:ee:96:55:5b:e7:59:a7:
                    24:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:86:82:EC:D6:7B:CD:74:79:36:DB:32:D5:E6:56:B5:D1:C6:ED:E3
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e31352e32342e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:77:64:9d:7b:c3:41:90:66:e9:63:97:9c:56:45:07:83:2f:
         61:6a:88:cb:59:d0:86:ee:8b:17:d8:88:3d:65:95:2a:e6:3a:
         1c:6d:d4:2a:92:db:9b:23:8e:4f:88:45:f3:e3:29:be:3e:4d:
         5c:6e:c1:e0:7d:bf:29:2b:04:fe:49:15:da:a8:45:2d:68:a2:
         06:8a:61:fb:01:b7:8a:a3:c5:b3:a9:22:cb:10:ed:49:a4:36:
         cc:6d:e7:05:07:2e:08:89:3b:cf:ed:84:12:bb:74:8b:64:69:
         d8:57:4d:14:e6:87:59:89:9c:14:16:57:9c:2e:ab:2d:1c:a7:
         0f:25:70:f3:91:84:93:32:57:96:14:17:9f:be:7d:8c:8a:b5:
         d3:1f:71:5b:19:66:a5:e5:0e:6b:13:17:7a:ab:60:68:10:85:
         bc:7a:d2:1c:6b:ff:e8:2f:d0:d6:62:86:b6:cc:d1:9c:45:28:
         6e:22:a5:47:e6:92:71:7e:10:29:9b:7b:a9:f9:69:a2:3e:ee:
         3b:0a:a4:52:60:df:c3:57:7b:58:98:75:a0:0c:ca:3a:71:52:
         40:31:55:78:e5:d5:f2:56:8f:9e:10:43:c9:65:8d:d8:24:ee:
         56:b9:f6:31:5f:67:6b:cd:6e:4f:02:43:5e:77:68:39:89:45:
         f1:3d:1f:48
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIOpP7K+Yn/g2zZYA59OHS3kBa7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTJaFw0yNTAyMjQwODUyNTJaMDMxMTAvBgNV
BAMTKDFDODY4MkVDRDY3QkNENzQ3OTM2REIzMkQ1RTY1NkI1RDFDNkVERTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2T6X2PhYrZBZ1yitYYpgLu8GI
I5sJ+GMZzwhESMsl10OYfgbuD8kAR6s5MEYKr9EAM5k4yWPSd8B0OE9umBFzqxKt
K0AhjYpXITP81ES5k9c+g2Ld3YmABSteZNQrTow3pB9SM9V2teMUT1lYWVLWjAL5
d1tKl1GYJsNc8GT6/MJYiz01wyGdOhz7JYVRVgE2bAkfnKTXpV4hUPyBk6o1sQ6J
/jQ+2B4PyeK5t11gYmruR9et8z0enPZ8ZLO/+fF5Fu7cHTZBN79SOy25XSqRHxYK
mI/1qEeKFrIATI52mP0CSOZ2JBNsVswRw+szIh5TSvk1Q63I7pZVW+dZpySrAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUHIaC7NZ7zXR5Ntsy1eZWtdHG7eMwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzEzNTJlMzIzNDJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItDxgw
DQYJKoZIhvcNAQELBQADggEBAJV3ZJ17w0GQZuljl5xWRQeDL2FqiMtZ0IbuixfY
iD1llSrmOhxt1CqS25sjjk+IRfPjKb4+TVxuweB9vykrBP5JFdqoRS1oogaKYfsB
t4qjxbOpIssQ7UmkNsxt5wUHLgiJO8/thBK7dItkadhXTRTmh1mJnBQWV5wuqy0c
pw8lcPORhJMyV5YUF5++fYyKtdMfcVsZZqXlDmsTF3qrYGgQhbx60hxr/+gv0NZi
hrbM0ZxFKG4ipUfmknF+ECmbe6n5aaI+7jsKpFJg38NXe1iYdaAMyjpxUkAxVXjl
1fJWj54QQ8lljdgk7la59jFfZ2vNbk8CQ153aDmJRfE9H0g=
-----END CERTIFICATE-----