Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e203330383233.roa
File:                     34352e382e3135312e302f32342d3234203d3e203330383233.roa (raw, json)
Hash identifier:          +wwfPApyZkEiSZQtGnYtuKERajccXcS//nHTr+TKRHc=
Subject key identifier:   B5:30:D1:C7:84:12:55:26:AA:C1:41:7D:92:C0:B7:48:2D:2C:77:95
Certificate issuer:       /CN=08fb9ba827e6f10a7af37490803dd5a076397235
Certificate serial:       2A584E6E3530CAD93C6EE7298EB9300F69992474
Authority key identifier: 08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e203330383233.roa
Signing time:             Mon 26 Feb 2024 08:52:46 +0000
ROA not before:           Mon 26 Feb 2024 08:47:46 +0000
ROA not after:            Mon 24 Feb 2025 08:52:46 +0000
asID:                     30823
IP address blocks:        45.8.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:58:4e:6e:35:30:ca:d9:3c:6e:e7:29:8e:b9:30:0f:69:99:24:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fb9ba827e6f10a7af37490803dd5a076397235
        Validity
            Not Before: Feb 26 08:47:46 2024 GMT
            Not After : Feb 24 08:52:46 2025 GMT
        Subject: CN=B530D1C784125526AAC1417D92C0B7482D2C7795
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:66:31:26:c7:1b:2d:ad:f8:26:4e:d5:84:eb:
                    87:1f:73:29:8d:90:3e:65:39:16:8b:41:58:7f:cf:
                    1a:b8:f6:4f:ff:92:22:64:69:72:3f:24:eb:15:ae:
                    60:3e:71:ba:ea:85:ef:36:85:99:6c:9f:9e:da:68:
                    92:f5:09:ce:15:c4:7c:91:d1:02:40:9f:10:2f:d0:
                    bf:89:67:a2:45:86:f1:16:e7:13:61:bc:c5:53:98:
                    ab:97:e4:e8:4c:86:68:ec:df:5e:82:dd:d6:87:87:
                    67:0a:a6:da:c0:d6:e8:24:ef:ed:11:2d:a7:f0:f4:
                    75:d6:e1:00:7a:f5:a6:d3:47:e9:80:36:ce:cc:96:
                    d8:11:e1:ff:c8:95:55:9d:9e:ac:1d:34:f8:12:36:
                    77:f5:c7:46:25:10:37:b6:3b:eb:a4:b5:49:97:ae:
                    4c:92:d9:77:01:55:91:0e:ec:37:99:6a:82:e8:aa:
                    03:17:64:bd:51:53:59:07:8c:3e:fc:4a:58:33:c8:
                    70:63:fb:99:13:83:fc:47:90:d8:eb:6f:38:e6:a6:
                    24:3a:c2:16:b7:ba:22:b3:cc:29:74:b6:92:d0:f9:
                    e5:35:fe:cb:19:17:a6:68:13:0f:a1:bc:36:96:d6:
                    24:ea:80:f1:ba:21:b7:9a:7c:09:72:34:95:0d:f4:
                    c2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:30:D1:C7:84:12:55:26:AA:C1:41:7D:92:C0:B7:48:2D:2C:77:95
            X509v3 Authority Key Identifier:
                keyid:08:FB:9B:A8:27:E6:F1:0A:7A:F3:74:90:80:3D:D5:A0:76:39:72:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/08FB9BA827E6F10A7AF37490803DD5A076397235.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CPubqCfm8Qp683SQgD3VoHY5cjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/2/34352e382e3135312e302f32342d3234203d3e203330383233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:33:5d:fb:57:83:bb:95:f8:85:4e:84:d2:76:fc:a7:e4:a3:
         93:77:33:31:f5:bd:47:61:5f:08:e6:87:fb:d8:cd:4a:73:ff:
         37:c2:68:c4:91:f4:a9:05:b7:c6:77:79:ea:6a:22:be:b9:53:
         92:f9:69:70:b8:d6:d4:21:af:5e:83:30:a7:f6:fa:b0:d6:79:
         93:3e:5f:29:25:1d:12:f5:28:f3:45:2f:c9:58:04:8d:5b:d0:
         1b:7f:db:58:be:24:1d:f2:33:94:6a:09:73:bb:c3:25:ca:82:
         c3:94:1c:fe:c9:94:99:38:a6:60:34:bf:3a:da:6b:e9:7c:a4:
         a2:55:9f:b2:96:78:fb:f9:da:a3:da:d2:03:41:2e:7f:29:5b:
         c8:2c:23:1e:bf:24:05:84:38:34:de:d1:3b:b4:8f:bc:b2:e4:
         70:40:72:38:ac:ba:5b:74:b1:d5:bc:6d:23:4f:06:43:bf:57:
         a6:eb:51:0c:4e:10:7a:a6:2e:6e:51:1b:6a:56:69:f7:42:41:
         25:b8:cb:2d:e5:de:62:dd:09:7c:dd:9b:1c:1e:a4:d2:81:6a:
         0d:e5:43:26:98:7d:77:68:b4:0d:00:29:e4:b8:a2:db:43:47:
         76:73:94:80:6d:be:4d:9c:aa:5d:81:a0:da:ab:74:8f:db:4f:
         c3:d0:a6:f2
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKlhObjUwytk8bucpjrkwD2mZJHQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhmYjliYTgyN2U2ZjEwYTdhZjM3NDkwODAzZGQ1YTA3
NjM5NzIzNTAeFw0yNDAyMjYwODQ3NDZaFw0yNTAyMjQwODUyNDZaMDMxMTAvBgNV
BAMTKEI1MzBEMUM3ODQxMjU1MjZBQUMxNDE3RDkyQzBCNzQ4MkQyQzc3OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzZjEmxxstrfgmTtWE64cfcymN
kD5lORaLQVh/zxq49k//kiJkaXI/JOsVrmA+cbrqhe82hZlsn57aaJL1Cc4VxHyR
0QJAnxAv0L+JZ6JFhvEW5xNhvMVTmKuX5OhMhmjs316C3daHh2cKptrA1ugk7+0R
Lafw9HXW4QB69abTR+mANs7MltgR4f/IlVWdnqwdNPgSNnf1x0YlEDe2O+uktUmX
rkyS2XcBVZEO7DeZaoLoqgMXZL1RU1kHjD78SlgzyHBj+5kTg/xHkNjrbzjmpiQ6
wha3uiKzzCl0tpLQ+eU1/ssZF6ZoEw+hvDaW1iTqgPG6IbeafAlyNJUN9MI7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtTDRx4QSVSaqwUF9ksC3SC0sd5UwHwYDVR0j
BBgwFoAUCPubqCfm8Qp683SQgD3VoHY5cjUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzIvMDhGQjlCQTgyN0U2RjEwQTdBRjM3NDkwODAzREQ1QTA3NjM5NzIzNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NQdWJxQ2ZtOFFwNjgzU1FnRDNWb0hZ
NWNqVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzIvMzQzNTJlMzgyZTMxMzUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzAzODMyMzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtCJcw
DQYJKoZIhvcNAQELBQADggEBAE0zXftXg7uV+IVOhNJ2/Kfko5N3MzH1vUdhXwjm
h/vYzUpz/zfCaMSR9KkFt8Z3eepqIr65U5L5aXC41tQhr16DMKf2+rDWeZM+Xykl
HRL1KPNFL8lYBI1b0Bt/21i+JB3yM5RqCXO7wyXKgsOUHP7JlJk4pmA0vzraa+l8
pKJVn7KWePv52qPa0gNBLn8pW8gsIx6/JAWEODTe0Tu0j7yy5HBAcjisult0sdW8
bSNPBkO/V6brUQxOEHqmLm5RG2pWafdCQSW4yy3l3mLdCXzdmxwepNKBag3lQyaY
fXdotA0AKeS4ottDR3ZzlIBtvk2cql2BoNqrdI/bT8PQpvI=
-----END CERTIFICATE-----