Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa
File:                     34352e31312e38302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          HEkxjhOQ9crpUAQiU73CX2+vUTnCmG3sDMxQgaufh0Y=
Subject key identifier:   23:2E:B2:EE:90:CD:C2:7B:B5:90:38:44:7E:50:94:27:50:68:F8:6E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2116E1BADFF645DC753F8222A932B3C000082139
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 27 Sep 2023 13:40:10 +0000
ROA not before:           Wed 27 Sep 2023 13:35:10 +0000
ROA not after:            Wed 25 Sep 2024 13:40:10 +0000
asID:                     136787
IP address blocks:        45.11.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:16:e1:ba:df:f6:45:dc:75:3f:82:22:a9:32:b3:c0:00:08:21:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 13:35:10 2023 GMT
            Not After : Sep 25 13:40:10 2024 GMT
        Subject: CN=232EB2EE90CDC27BB59038447E5094275068F86E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:96:af:c0:96:95:e4:e3:5d:59:8d:71:33:bc:
                    2f:7d:6f:8c:12:ab:20:a4:45:d8:79:c4:4e:0e:0a:
                    ab:5f:69:90:a1:ff:d8:22:90:e8:fa:05:17:d8:12:
                    0a:5a:76:65:0c:b2:9f:b0:0f:a0:75:f7:d3:1a:f7:
                    08:60:26:3d:36:bb:c6:29:11:03:9b:1a:2b:eb:c7:
                    48:c3:45:b7:47:de:23:8d:8f:ed:d8:1b:21:c5:d7:
                    7a:fb:a8:bf:42:cd:ca:64:67:92:e6:be:47:51:b3:
                    73:a3:bf:1d:86:8b:68:37:25:ec:b1:2c:e6:e4:bf:
                    3c:84:c9:4f:30:34:db:98:cc:94:cd:d1:6b:c2:7d:
                    fe:bd:40:cd:80:df:7c:bc:78:5c:13:57:9a:cf:1f:
                    83:8b:66:b5:10:16:bc:25:bd:c1:6e:05:e5:15:f3:
                    96:a3:a7:25:52:5d:4b:6b:46:42:42:20:bb:69:ba:
                    2a:6e:83:77:45:90:bf:1d:33:86:ff:58:19:67:31:
                    d9:47:45:2f:80:7a:d5:41:92:d6:a9:97:a3:40:cf:
                    fa:fe:57:64:49:65:4a:44:d8:37:d0:01:4d:88:94:
                    e2:36:16:5b:a6:3a:a0:6f:32:7f:f7:f2:2e:ac:85:
                    76:b4:08:33:79:14:81:27:06:45:dd:22:fe:d0:9c:
                    23:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:2E:B2:EE:90:CD:C2:7B:B5:90:38:44:7E:50:94:27:50:68:F8:6E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:2a:91:23:33:e9:5f:00:83:02:14:95:d5:30:5a:66:d5:24:
         cd:e3:c2:05:ee:5c:5d:88:8e:3a:ba:45:b3:36:9a:fa:6f:cd:
         70:99:03:4d:47:01:ba:74:dd:7c:dc:99:38:2d:d6:cd:77:fb:
         b1:c7:c3:b2:c2:a8:4a:ae:7e:5d:d4:da:77:23:d6:f7:9c:46:
         10:4e:6d:39:4c:f0:d7:ea:c8:97:61:63:17:c3:72:48:06:d3:
         84:6e:6b:ae:62:89:1e:e6:47:cc:88:d2:cb:97:40:d3:8e:6e:
         d2:f8:50:9b:5f:61:d4:b6:09:3d:0e:f2:cd:ef:7c:2b:2c:b9:
         e9:78:53:71:98:5a:d3:59:f8:34:20:da:ae:27:dd:08:dc:7f:
         29:fb:9e:c4:e7:ab:26:21:95:04:2b:78:5a:0d:cf:07:7c:ca:
         da:6c:01:7a:0d:bb:12:cb:13:54:bd:d1:d3:80:de:9b:a9:d0:
         ca:c0:77:28:53:a5:41:f9:7e:fb:bf:2b:e4:cb:16:3c:bb:5a:
         84:c2:bd:e0:ec:b9:b4:09:63:f7:1d:af:d7:d8:c3:d7:48:1d:
         e2:c4:bc:b1:b5:f5:32:4d:e5:a1:b1:08:b9:44:dc:5c:33:7f:
         66:ef:01:7f:96:20:61:6e:af:c2:52:ba:f9:61:10:aa:d4:e5:
         e9:8a:58:75
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIRbhut/2Rdx1P4IiqTKzwAAIITkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxMzM1MTBaFw0yNDA5MjUxMzQwMTBaMDMxMTAvBgNV
BAMTKDIzMkVCMkVFOTBDREMyN0JCNTkwMzg0NDdFNTA5NDI3NTA2OEY4NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzlq/AlpXk411ZjXEzvC99b4wS
qyCkRdh5xE4OCqtfaZCh/9gikOj6BRfYEgpadmUMsp+wD6B199Ma9whgJj02u8Yp
EQObGivrx0jDRbdH3iONj+3YGyHF13r7qL9CzcpkZ5LmvkdRs3Ojvx2Gi2g3Jeyx
LObkvzyEyU8wNNuYzJTN0WvCff69QM2A33y8eFwTV5rPH4OLZrUQFrwlvcFuBeUV
85ajpyVSXUtrRkJCILtpuipug3dFkL8dM4b/WBlnMdlHRS+AetVBktapl6NAz/r+
V2RJZUpE2DfQAU2IlOI2FlumOqBvMn/38i6shXa0CDN5FIEnBkXdIv7QnCPNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIy6y7pDNwnu1kDhEflCUJ1Bo+G4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMTJlMzgzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
UDANBgkqhkiG9w0BAQsFAAOCAQEAoiqRIzPpXwCDAhSV1TBaZtUkzePCBe5cXYiO
OrpFszaa+m/NcJkDTUcBunTdfNyZOC3WzXf7scfDssKoSq5+XdTadyPW95xGEE5t
OUzw1+rIl2FjF8NySAbThG5rrmKJHuZHzIjSy5dA045u0vhQm19h1LYJPQ7yze98
Kyy56XhTcZha01n4NCDarifdCNx/KfuexOerJiGVBCt4Wg3PB3zK2mwBeg27EssT
VL3R04Dem6nQysB3KFOlQfl++78r5MsWPLtahMK94Oy5tAlj9x2v19jD10gd4sS8
sbX1Mk3lobEIuUTcXDN/Zu8Bf5YgYW6vwlK6+WEQqtTl6YpYdQ==
-----END CERTIFICATE-----