Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e203136323736.roa
File:                     34352e382e3137332e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          ud4i8lCUMdeWK2PaAcXG4zWzS0nCzA9kltTd0ORvaE4=
Subject key identifier:   37:C4:22:92:BF:17:6F:37:DD:94:77:27:36:A3:E5:81:09:3E:71:64
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       67D6F26CF3D5B18B40320D206473E5E410AD85D9
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e203136323736.roa
Signing time:             Sun 10 Nov 2024 19:42:33 +0000
ROA not before:           Sun 10 Nov 2024 19:37:33 +0000
ROA not after:            Sun 09 Nov 2025 19:42:33 +0000
asID:                     16276
IP address blocks:        45.8.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:d6:f2:6c:f3:d5:b1:8b:40:32:0d:20:64:73:e5:e4:10:ad:85:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov 10 19:37:33 2024 GMT
            Not After : Nov  9 19:42:33 2025 GMT
        Subject: CN=37C42292BF176F37DD94772736A3E581093E7164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:37:5c:6b:15:a4:5b:5c:34:4a:e7:52:2e:c6:
                    f8:5a:02:ba:8f:37:92:00:05:5a:84:3e:73:31:59:
                    8f:fe:6f:3d:2f:83:9d:54:93:d9:81:92:2f:e1:23:
                    ef:ad:4e:32:7a:d1:71:49:4c:e7:ca:7d:27:75:96:
                    75:8e:06:80:c3:99:26:12:f2:90:48:d0:7c:1d:35:
                    cc:b6:d4:97:85:0b:3a:b2:5a:93:39:58:28:26:f5:
                    28:54:68:3a:74:5a:76:09:6c:cc:d7:8e:8e:34:cd:
                    b8:fe:a4:24:6b:cf:da:eb:23:ea:f0:73:51:64:ce:
                    3e:f7:b5:db:ef:af:d0:09:e4:1b:1f:e1:e6:2a:fc:
                    7c:38:29:dc:13:2a:98:6f:81:30:f2:7a:7c:0a:a3:
                    28:34:d2:ae:cd:26:7f:79:64:77:fe:5d:ca:69:5d:
                    24:00:02:c9:a3:2d:00:99:6d:6a:ae:95:ec:33:91:
                    3b:a0:9b:e6:7f:7d:f9:a9:0b:90:19:f1:58:04:ef:
                    79:f4:04:05:f1:e3:b4:72:52:67:31:45:23:31:73:
                    81:31:f1:a7:b9:c3:3e:f1:48:3e:ba:1a:f3:0e:91:
                    57:1d:a2:19:b9:e2:b7:41:25:92:a4:7f:b4:2b:f9:
                    0b:b8:55:c7:6b:78:a6:fd:38:c7:b6:34:c7:43:07:
                    a1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:C4:22:92:BF:17:6F:37:DD:94:77:27:36:A3:E5:81:09:3E:71:64
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c2:59:9c:c7:fb:5c:a7:c0:91:65:d1:d4:dc:a4:33:c0:d5:
         5c:f3:a4:10:47:78:35:06:09:c7:f1:82:3e:7c:02:68:23:7b:
         8f:f1:95:9e:2a:32:0a:60:9d:23:68:8c:73:1d:5f:5d:d2:71:
         e7:c3:55:f9:6e:96:fc:58:e2:10:3e:dc:09:42:70:8b:4b:04:
         39:93:8e:8f:47:5b:a2:41:03:9b:d3:b6:bd:52:03:a7:1d:f0:
         3b:40:51:5f:8e:af:6b:25:8c:7c:e9:7d:53:dd:a1:e9:eb:cd:
         79:75:3d:6a:1f:2a:39:41:31:78:68:46:a7:b1:75:df:48:11:
         97:6b:37:1a:60:44:2c:cc:91:86:bb:ff:7a:9c:78:8a:84:f8:
         3b:32:13:1a:15:82:93:32:7b:3a:0c:1a:90:a0:e9:a8:a7:b0:
         d1:2c:e2:c1:66:08:e8:0b:06:f8:15:e4:83:c6:bf:16:b0:11:
         ae:92:12:5c:b2:bb:95:ee:a8:cb:86:a9:82:03:7b:33:56:20:
         7b:90:b9:fb:cd:4c:d2:c5:91:ec:32:df:b3:81:31:54:29:da:
         44:9a:eb:4f:42:17:1b:4d:2b:a7:d3:83:71:ba:4e:98:72:cb:
         e3:be:66:12:d8:ea:96:4c:f1:89:45:64:83:80:75:90:1a:c9:
         50:c3:71:5e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZ9bybPPVsYtAMg0gZHPl5BCthdkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNDExMTAxOTM3MzNaFw0yNTExMDkxOTQyMzNaMDMxMTAvBgNV
BAMTKDM3QzQyMjkyQkYxNzZGMzdERDk0NzcyNzM2QTNFNTgxMDkzRTcxNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXN1xrFaRbXDRK51IuxvhaArqP
N5IABVqEPnMxWY/+bz0vg51Uk9mBki/hI++tTjJ60XFJTOfKfSd1lnWOBoDDmSYS
8pBI0HwdNcy21JeFCzqyWpM5WCgm9ShUaDp0WnYJbMzXjo40zbj+pCRrz9rrI+rw
c1Fkzj73tdvvr9AJ5Bsf4eYq/Hw4KdwTKphvgTDyenwKoyg00q7NJn95ZHf+Xcpp
XSQAAsmjLQCZbWqulewzkTugm+Z/ffmpC5AZ8VgE73n0BAXx47RyUmcxRSMxc4Ex
8ae5wz7xSD66GvMOkVcdohm54rdBJZKkf7Qr+Qu4VcdreKb9OMe2NMdDB6H5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUN8Qikr8XbzfdlHcnNqPlgQk+cWQwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzMjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtCK0w
DQYJKoZIhvcNAQELBQADggEBAG3CWZzH+1ynwJFl0dTcpDPA1VzzpBBHeDUGCcfx
gj58Amgje4/xlZ4qMgpgnSNojHMdX13ScefDVflulvxY4hA+3AlCcItLBDmTjo9H
W6JBA5vTtr1SA6cd8DtAUV+Or2sljHzpfVPdoenrzXl1PWofKjlBMXhoRqexdd9I
EZdrNxpgRCzMkYa7/3qceIqE+DsyExoVgpMyezoMGpCg6ainsNEs4sFmCOgLBvgV
5IPGvxawEa6SElyyu5XuqMuGqYIDezNWIHuQufvNTNLFkewy37OBMVQp2kSa609C
FxtNK6fTg3G6Tphyy+O+ZhLY6pZM8YlFZIOAdZAayVDDcV4=
-----END CERTIFICATE-----