Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3134382e302f32332d3234203d3e20313336373837.roa
File:                     34352e382e3134382e302f32332d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          +7Drq1yPe3hOHioL2hCjiSPkTKMvYvejyQ+67d/vn6M=
Subject key identifier:   64:3B:73:64:87:60:3D:D6:CC:F8:5E:EA:07:4F:4D:D1:71:27:29:24
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       30F7AF3E66E13B864C1582BFF70215A3D51F5290
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3134382e302f32332d3234203d3e20313336373837.roa
Signing time:             Mon 26 Feb 2024 08:52:50 +0000
ROA not before:           Mon 26 Feb 2024 08:47:50 +0000
ROA not after:            Mon 24 Feb 2025 08:52:50 +0000
asID:                     136787
IP address blocks:        45.8.148.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:f7:af:3e:66:e1:3b:86:4c:15:82:bf:f7:02:15:a3:d5:1f:52:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:50 2024 GMT
            Not After : Feb 24 08:52:50 2025 GMT
        Subject: CN=643B736487603DD6CCF85EEA074F4DD171272924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3c:ee:2a:57:6e:c0:aa:35:fb:6b:3b:76:0b:
                    69:a1:59:fe:30:eb:e4:05:e6:75:80:dc:9f:3e:bb:
                    43:84:db:1a:9f:3e:98:95:35:06:fe:f0:51:91:f1:
                    2d:95:82:1e:de:42:2d:52:1a:52:25:32:1e:bd:34:
                    e0:69:ef:5c:ef:58:75:a9:d9:8b:a5:a5:d2:da:ff:
                    50:10:4a:8a:cf:c1:d1:ff:b6:9c:cf:38:bc:ba:8f:
                    54:91:54:33:ca:6d:79:fa:da:03:29:d1:95:ee:c8:
                    cf:08:81:29:2b:d4:19:90:54:5f:f8:84:36:2a:46:
                    54:39:65:69:53:d0:cd:12:9a:e3:fa:d1:b3:81:72:
                    a5:8d:22:1b:e7:d2:17:c9:5e:07:b0:38:74:dd:4a:
                    96:10:6a:be:fc:d1:2f:9b:2c:bf:e7:ef:86:a3:71:
                    a7:60:ec:29:58:19:06:00:41:72:19:c7:b5:39:87:
                    7b:ec:ed:d3:2a:a8:bb:8e:c9:a7:bb:ea:ac:f7:d1:
                    48:89:b1:0f:49:f3:43:84:de:bb:06:f7:05:a4:12:
                    ef:78:28:f3:5e:ad:f3:3b:e4:78:5c:f8:32:d6:ac:
                    ae:54:00:fc:3c:ec:e4:8e:fb:3a:9d:42:29:95:38:
                    0d:6b:34:43:5c:61:37:3b:01:8a:ee:5f:eb:62:81:
                    cc:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:3B:73:64:87:60:3D:D6:CC:F8:5E:EA:07:4F:4D:D1:71:27:29:24
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3134382e302f32332d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:fb:f2:74:8d:53:79:c3:c6:fa:54:ad:84:91:44:ac:ae:8f:
         d1:4b:6a:43:63:68:f4:df:61:8a:48:e0:3d:63:26:96:04:2f:
         fa:c9:93:7b:8e:d1:a8:15:7c:d3:5a:f8:15:9a:8c:46:2b:5e:
         75:f1:c5:75:fc:79:e9:52:fa:61:18:f0:3d:8e:01:1b:c9:1d:
         e2:72:87:8a:e5:db:54:fc:cb:35:23:d7:2c:09:34:5f:34:a6:
         86:04:ff:e3:7c:86:24:4e:f2:95:49:9c:64:de:6d:08:ff:6d:
         ca:dd:29:c3:8f:1e:f9:1b:ef:0e:42:ec:11:c6:7a:83:26:6b:
         4b:c9:cb:1d:d6:d0:82:76:8a:b4:49:21:3e:53:bd:6f:04:f4:
         d9:b6:3d:4c:f2:76:5a:88:de:34:39:0e:eb:cd:1f:ab:1c:1f:
         39:56:f9:2c:14:92:87:34:85:76:a2:e6:2e:9c:9d:3a:ff:15:
         d9:53:37:01:23:50:57:9c:9d:2e:6e:ef:d9:05:05:24:ec:b1:
         54:b1:f2:01:76:1e:0f:e0:0e:42:ef:39:f9:fc:81:a7:3a:b8:
         c6:37:3f:f7:3f:2e:42:c9:63:c7:6a:4b:f7:14:fc:48:c1:48:
         3b:52:25:27:ac:e2:3f:70:78:fd:57:47:7d:97:e6:22:61:89:
         59:4d:07:10
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMPevPmbhO4ZMFYK/9wIVo9UfUpAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTBaFw0yNTAyMjQwODUyNTBaMDMxMTAvBgNV
BAMTKDY0M0I3MzY0ODc2MDNERDZDQ0Y4NUVFQTA3NEY0REQxNzEyNzI5MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIPO4qV27AqjX7azt2C2mhWf4w
6+QF5nWA3J8+u0OE2xqfPpiVNQb+8FGR8S2Vgh7eQi1SGlIlMh69NOBp71zvWHWp
2YulpdLa/1AQSorPwdH/tpzPOLy6j1SRVDPKbXn62gMp0ZXuyM8IgSkr1BmQVF/4
hDYqRlQ5ZWlT0M0SmuP60bOBcqWNIhvn0hfJXgewOHTdSpYQar780S+bLL/n74aj
cadg7ClYGQYAQXIZx7U5h3vs7dMqqLuOyae76qz30UiJsQ9J80OE3rsG9wWkEu94
KPNerfM75Hhc+DLWrK5UAPw87OSO+zqdQimVOA1rNENcYTc7AYruX+tigcwPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZDtzZIdgPdbM+F7qB09N0XEnKSQwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzQzODJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0I
lDANBgkqhkiG9w0BAQsFAAOCAQEAmfvydI1TecPG+lSthJFErK6P0UtqQ2No9N9h
ikjgPWMmlgQv+smTe47RqBV801r4FZqMRitedfHFdfx56VL6YRjwPY4BG8kd4nKH
iuXbVPzLNSPXLAk0XzSmhgT/43yGJE7ylUmcZN5tCP9tyt0pw48e+RvvDkLsEcZ6
gyZrS8nLHdbQgnaKtEkhPlO9bwT02bY9TPJ2WojeNDkO680fqxwfOVb5LBSShzSF
dqLmLpydOv8V2VM3ASNQV5ydLm7v2QUFJOyxVLHyAXYeD+AOQu85+fyBpzq4xjc/
9z8uQsljx2pL9xT8SMFIO1IlJ6ziP3B4/VdHfZfmImGJWU0HEA==
-----END CERTIFICATE-----