Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135302e302f32332d3234203d3e203631333137.roa
File:                     34352e382e3135302e302f32332d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Ck+wslSZ70s/g50zTem73xtWmiafXR1mzqhGyo0ToFw=
Subject key identifier:   E6:6F:CB:D5:73:F3:73:37:CC:A7:0C:FB:43:34:60:4C:35:EE:6E:5D
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       1DDC462CD052186719F97EB4159C81DD07DBBFA8
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135302e302f32332d3234203d3e203631333137.roa
Signing time:             Mon 26 Feb 2024 08:52:52 +0000
ROA not before:           Mon 26 Feb 2024 08:47:52 +0000
ROA not after:            Mon 24 Feb 2025 08:52:52 +0000
asID:                     61317
IP address blocks:        45.8.150.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Apr 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:dc:46:2c:d0:52:18:67:19:f9:7e:b4:15:9c:81:dd:07:db:bf:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:52 2024 GMT
            Not After : Feb 24 08:52:52 2025 GMT
        Subject: CN=E66FCBD573F37337CCA70CFB4334604C35EE6E5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:b7:43:5d:2c:97:ee:c8:c1:97:27:ff:6a:42:
                    52:cd:89:c5:78:ae:2b:e2:fd:73:4d:a3:54:41:38:
                    6c:67:e9:10:56:43:cc:ef:6b:58:64:98:97:82:05:
                    44:4e:89:36:59:5b:c9:a8:46:c5:aa:79:15:1f:b4:
                    29:14:68:e1:5e:95:91:40:8f:f4:b9:59:02:e0:7d:
                    85:6f:45:1d:35:f7:e8:5f:29:d3:44:4a:7c:70:c2:
                    b8:1f:b3:db:9f:d5:db:8a:5e:c3:d2:1f:1f:14:5f:
                    17:ec:e2:87:51:1f:32:92:cd:7c:63:9b:67:8f:8c:
                    32:9f:27:a4:89:03:eb:4d:ee:3b:59:b9:24:f3:5a:
                    ef:5c:83:c5:7e:53:8e:82:94:f6:44:7d:3f:15:da:
                    f2:1a:67:ff:2b:1f:71:1e:17:3b:44:ac:a1:43:59:
                    e6:6e:74:9b:90:ce:0f:72:01:a5:c1:79:1a:ba:80:
                    29:86:a2:b6:c6:61:f0:4d:c3:0e:bd:cf:bb:2f:22:
                    2d:7e:36:83:3d:08:da:10:20:b5:95:b6:a8:40:67:
                    15:b3:e7:cd:d0:5d:5b:f0:5d:e0:1c:f0:38:95:ae:
                    b9:69:0a:42:e5:20:76:1d:7c:b0:64:45:8e:61:f5:
                    6e:72:fe:28:80:c5:f3:e7:bd:97:3f:34:1f:1e:01:
                    dd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:6F:CB:D5:73:F3:73:37:CC:A7:0C:FB:43:34:60:4C:35:EE:6E:5D
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135302e302f32332d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:1a:11:1d:ac:05:d5:be:5c:eb:31:87:5f:20:6e:fb:57:24:
         9c:db:a0:90:2f:d0:10:e0:3b:b4:69:51:b3:b9:cf:c3:90:f8:
         73:37:46:b1:c5:7c:f5:58:ec:92:73:cd:49:9c:33:c4:cb:f6:
         1b:d4:7f:38:fe:a3:63:f6:c4:f4:bf:a7:e6:7c:97:51:f2:a2:
         87:92:04:f6:f1:9a:68:ba:2d:eb:fd:f3:06:7b:d1:b0:a2:1d:
         d2:93:b5:5c:fd:88:28:68:c8:96:2e:47:c9:f4:e1:cb:1e:34:
         60:70:c4:37:79:fa:36:0a:a0:0f:13:96:cb:fb:63:6f:e8:df:
         12:ad:69:d0:1a:b0:b1:37:7f:6a:09:3a:62:26:a6:e5:83:8b:
         ac:7e:32:5a:da:a7:0c:e3:28:6c:83:a7:84:e3:e0:91:ed:45:
         a0:63:6d:b2:33:c5:62:5e:a0:ba:9f:13:f2:dd:c4:47:91:87:
         d6:6a:22:af:a5:bc:c5:71:e8:ad:5e:a8:78:4e:4d:58:fc:c5:
         09:b4:3c:0d:b4:1f:8a:89:ed:53:0f:96:94:ca:71:29:cb:77:
         be:87:dc:0f:17:f7:db:23:5e:55:f6:8e:48:2d:00:e5:28:a4:
         b0:17:f3:8c:22:a7:32:93:bb:04:62:68:a7:63:ca:8e:96:9a:
         e9:98:9b:a4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHdxGLNBSGGcZ+X60FZyB3Qfbv6gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NTJaFw0yNTAyMjQwODUyNTJaMDMxMTAvBgNV
BAMTKEU2NkZDQkQ1NzNGMzczMzdDQ0E3MENGQjQzMzQ2MDRDMzVFRTZFNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbt0NdLJfuyMGXJ/9qQlLNicV4
rivi/XNNo1RBOGxn6RBWQ8zva1hkmJeCBUROiTZZW8moRsWqeRUftCkUaOFelZFA
j/S5WQLgfYVvRR019+hfKdNESnxwwrgfs9uf1duKXsPSHx8UXxfs4odRHzKSzXxj
m2ePjDKfJ6SJA+tN7jtZuSTzWu9cg8V+U46ClPZEfT8V2vIaZ/8rH3EeFztErKFD
WeZudJuQzg9yAaXBeRq6gCmGorbGYfBNww69z7svIi1+NoM9CNoQILWVtqhAZxWz
583QXVvwXeAc8DiVrrlpCkLlIHYdfLBkRY5h9W5y/iiAxfPnvZc/NB8eAd3zAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5m/L1XPzczfMpwz7QzRgTDXubl0wHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzUzMDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtCJYw
DQYJKoZIhvcNAQELBQADggEBAFAaER2sBdW+XOsxh18gbvtXJJzboJAv0BDgO7Rp
UbO5z8OQ+HM3RrHFfPVY7JJzzUmcM8TL9hvUfzj+o2P2xPS/p+Z8l1HyooeSBPbx
mmi6Lev98wZ70bCiHdKTtVz9iChoyJYuR8n04cseNGBwxDd5+jYKoA8Tlsv7Y2/o
3xKtadAasLE3f2oJOmImpuWDi6x+MlrapwzjKGyDp4Tj4JHtRaBjbbIzxWJeoLqf
E/LdxEeRh9ZqIq+lvMVx6K1eqHhOTVj8xQm0PA20H4qJ7VMPlpTKcSnLd76H3A8X
99sjXlX2jkgtAOUopLAX84wipzKTuwRiaKdjyo6WmumYm6Q=
-----END CERTIFICATE-----