Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e203131383738.roa
File:                     34352e382e3135312e302f32342d3234203d3e203131383738.roa (raw, json)
Hash identifier:          G5rGU522qOV0vpb74r1m6wLQTzcohCMwXQUNR23USjQ=
Subject key identifier:   44:FD:55:D7:A7:6C:30:7A:A5:A4:41:78:F4:41:8F:65:06:40:B1:CA
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       6147FA9397C65E42B8781DC2A028FE381A1A870F
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e203131383738.roa
Signing time:             Mon 26 Feb 2024 08:52:47 +0000
ROA not before:           Mon 26 Feb 2024 08:47:47 +0000
ROA not after:            Mon 24 Feb 2025 08:52:47 +0000
asID:                     11878
IP address blocks:        45.8.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:47:fa:93:97:c6:5e:42:b8:78:1d:c2:a0:28:fe:38:1a:1a:87:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:47 2024 GMT
            Not After : Feb 24 08:52:47 2025 GMT
        Subject: CN=44FD55D7A76C307AA5A44178F4418F650640B1CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4f:51:45:d6:da:5d:c3:31:6e:17:2f:ed:41:
                    73:39:66:a1:e1:06:26:51:bf:94:2c:0a:84:c0:43:
                    45:e2:6f:81:63:0f:15:06:43:55:77:c5:45:d1:97:
                    02:d5:fc:a4:69:19:20:68:d0:e4:85:cb:4e:3c:eb:
                    d1:15:7e:d1:a0:f9:69:53:34:9d:17:fc:88:d4:e2:
                    d0:e0:a9:83:1a:5a:51:76:e5:f3:3c:80:56:71:61:
                    1f:f8:98:86:a8:08:ca:73:a7:10:16:3c:6d:eb:6f:
                    ba:06:7a:7d:80:46:4f:d4:81:e4:1c:2c:a6:e9:62:
                    a2:36:a0:c6:56:87:fa:10:77:7d:78:1e:5a:a9:92:
                    62:29:b6:7a:d0:aa:cc:f9:8d:e3:3b:bb:68:80:ef:
                    1e:70:e6:7c:6f:74:ce:ff:66:a8:2a:83:fa:43:b5:
                    f1:24:3d:9c:7d:85:d9:c3:13:0f:73:a5:ce:cd:6d:
                    81:a6:03:6d:78:73:05:16:63:19:c9:e8:06:cd:a5:
                    01:0e:70:21:44:6e:57:90:0e:1e:ab:ab:1b:94:5f:
                    4e:60:e5:3e:67:1c:e2:79:e3:6a:df:d8:78:ea:fa:
                    ed:1e:29:c8:9b:e9:87:e1:93:c2:cc:32:fd:57:16:
                    26:19:42:f5:66:1e:a9:32:47:0b:48:b4:fa:00:fc:
                    8e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:FD:55:D7:A7:6C:30:7A:A5:A4:41:78:F4:41:8F:65:06:40:B1:CA
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e203131383738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:21:45:fd:f0:d9:a2:06:df:0f:2a:70:2e:df:84:df:ae:b0:
         4e:c9:ee:bc:43:f5:8f:31:4f:fa:c2:09:d1:4e:47:13:a3:90:
         7b:04:50:df:a8:df:90:6d:bd:99:f3:8c:c0:fc:58:d9:3a:21:
         6d:b8:23:65:e7:cf:1e:1d:a4:78:54:ef:57:19:47:06:a8:de:
         ec:0f:ad:00:fc:00:60:56:79:2d:21:b6:39:c8:39:cd:57:d9:
         f7:fd:07:4c:d6:16:86:7d:85:e3:f4:3e:87:e2:a6:6a:80:f6:
         d8:9d:92:3c:38:e7:26:d1:dd:5a:e5:01:19:11:31:85:cf:ea:
         38:7f:76:c7:aa:c7:ea:03:9a:ee:5d:1a:49:ac:a3:85:27:5d:
         4d:7e:d0:c3:56:bd:ef:de:40:c7:38:f6:e9:5b:ce:d8:a0:a6:
         e3:fd:24:f6:8d:a2:af:86:5c:4e:2f:72:6b:f7:e5:a3:85:7e:
         2e:3c:2b:da:9b:ad:f4:8f:99:2d:ed:23:1b:54:31:b1:e8:d0:
         3b:12:c1:14:43:d4:60:c7:c0:34:cd:6d:c3:8b:67:af:96:1c:
         3a:19:3d:ca:90:31:88:db:54:bf:84:9f:a2:c0:0d:b1:55:fe:
         e9:4c:5b:ff:7c:56:e2:e6:2d:b8:fb:ab:1a:b7:eb:21:5a:15:
         c9:b5:1b:de
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYUf6k5fGXkK4eB3CoCj+OBoahw8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDdaFw0yNTAyMjQwODUyNDdaMDMxMTAvBgNV
BAMTKDQ0RkQ1NUQ3QTc2QzMwN0FBNUE0NDE3OEY0NDE4RjY1MDY0MEIxQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDST1FF1tpdwzFuFy/tQXM5ZqHh
BiZRv5QsCoTAQ0Xib4FjDxUGQ1V3xUXRlwLV/KRpGSBo0OSFy04869EVftGg+WlT
NJ0X/IjU4tDgqYMaWlF25fM8gFZxYR/4mIaoCMpzpxAWPG3rb7oGen2ARk/UgeQc
LKbpYqI2oMZWh/oQd314HlqpkmIptnrQqsz5jeM7u2iA7x5w5nxvdM7/Zqgqg/pD
tfEkPZx9hdnDEw9zpc7NbYGmA214cwUWYxnJ6AbNpQEOcCFEbleQDh6rqxuUX05g
5T5nHOJ542rf2Hjq+u0eKcib6Yfhk8LMMv1XFiYZQvVmHqkyRwtItPoA/I4LAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURP1V16dsMHqlpEF49EGPZQZAscowHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzEzODM3Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtCJcw
DQYJKoZIhvcNAQELBQADggEBAI4hRf3w2aIG3w8qcC7fhN+usE7J7rxD9Y8xT/rC
CdFORxOjkHsEUN+o35BtvZnzjMD8WNk6IW24I2Xnzx4dpHhU71cZRwao3uwPrQD8
AGBWeS0htjnIOc1X2ff9B0zWFoZ9heP0PofipmqA9tidkjw45ybR3VrlARkRMYXP
6jh/dseqx+oDmu5dGkmso4UnXU1+0MNWve/eQMc49ulbztigpuP9JPaNoq+GXE4v
cmv35aOFfi48K9qbrfSPmS3tIxtUMbHo0DsSwRRD1GDHwDTNbcOLZ6+WHDoZPcqQ
MYjbVL+En6LADbFV/ulMW/98VuLmLbj7qxq36yFaFcm1G94=
-----END CERTIFICATE-----