Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa
File:                     34352e31312e38302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          5eNFa2w5sZ0+/jKGbMS5HE+LkBedoc+fFaigxMtmnDo=
Subject key identifier:   7D:6A:58:46:50:04:66:A5:F2:6A:27:58:45:67:13:DD:54:F0:D9:70
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       378FABD6242E355F013C1257F0593F6C24613644
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 28 Aug 2024 14:04:44 +0000
ROA not before:           Wed 28 Aug 2024 13:59:44 +0000
ROA not after:            Wed 27 Aug 2025 14:04:44 +0000
asID:                     136787
IP address blocks:        45.11.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:8f:ab:d6:24:2e:35:5f:01:3c:12:57:f0:59:3f:6c:24:61:36:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:44 2024 GMT
            Not After : Aug 27 14:04:44 2025 GMT
        Subject: CN=7D6A5846500466A5F26A2758456713DD54F0D970
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e7:16:9b:3e:00:1f:f2:6c:a9:af:ee:79:fb:
                    8e:ff:f8:61:35:66:85:f4:fd:53:aa:87:3c:07:44:
                    65:e1:d0:4d:62:8f:63:fc:13:06:d0:1a:3f:95:11:
                    85:10:a9:bc:69:fa:f8:3f:40:42:ae:cf:c0:d8:e5:
                    5d:4d:ad:8a:d7:ed:06:fe:42:78:ec:47:8d:44:ef:
                    f2:84:90:36:f9:3a:70:8d:9c:0f:02:40:4b:57:79:
                    2d:5f:1c:45:9a:1c:7a:66:08:21:6e:6b:a0:c6:35:
                    08:f5:e8:8a:22:2a:98:c9:84:b1:d4:46:6d:91:c1:
                    3d:92:0f:ad:05:f5:11:19:0a:88:8d:9f:5a:0c:a3:
                    f4:40:34:be:5a:24:88:0d:9a:a7:d0:ab:ad:5c:ef:
                    5a:6f:37:d6:2d:92:84:a5:96:5e:35:b8:4f:24:aa:
                    20:b3:10:d9:fa:e7:f5:4a:dd:df:25:84:8e:8f:d7:
                    99:1a:25:21:bb:d6:99:85:82:27:9e:5c:86:81:2b:
                    4a:8f:7c:10:df:7a:f3:70:6d:17:a6:aa:49:66:97:
                    8e:61:e0:64:94:25:b2:bc:31:6c:81:ba:be:67:43:
                    46:1f:2c:02:da:dc:35:f5:46:2f:f4:3b:f4:de:b4:
                    2d:c8:c3:f9:29:81:e9:b1:9b:d1:3c:d0:f3:2e:dc:
                    8d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:6A:58:46:50:04:66:A5:F2:6A:27:58:45:67:13:DD:54:F0:D9:70
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:9e:d4:c0:85:2e:e5:3a:ec:eb:fc:05:c0:eb:c9:6f:0b:e5:
         7c:74:f0:6e:b2:b2:85:78:6c:8b:ec:e6:68:62:c8:ae:c2:63:
         9b:7c:9b:ce:d5:b9:1e:5d:3a:40:0e:e7:ef:43:8f:4f:7b:97:
         bd:aa:02:3c:dc:86:37:36:fa:bc:9e:2f:38:ac:6b:7d:27:19:
         ce:12:49:1a:11:35:2e:f9:b7:8e:77:58:80:f8:f8:3e:42:2d:
         83:39:9c:62:9b:e8:46:0d:9e:c4:2c:ee:3f:e5:1d:9d:95:e6:
         d7:f9:6e:cd:85:45:d5:b4:81:b5:62:f9:ee:0d:ab:73:00:07:
         5e:87:ac:0f:ec:d7:ae:bf:b7:e7:2c:cb:4c:04:92:6f:44:2e:
         2a:67:be:8e:74:01:95:77:16:a0:28:c0:2e:7f:dc:af:d2:82:
         4f:fc:e8:cb:3d:0e:8b:6e:f7:e5:f1:55:fb:42:bd:5a:b6:46:
         27:1a:c3:f7:3e:db:a3:b7:13:27:e4:f5:74:81:27:3d:cd:1f:
         7b:20:95:59:75:82:1e:62:0a:b6:16:3f:b7:1a:54:a8:13:a3:
         7f:80:c9:c9:3f:81:51:88:76:75:93:10:ea:77:db:c5:3a:24:
         d2:23:1e:e2:1e:c6:8d:3d:88:dd:61:51:01:c3:3c:da:82:96:
         71:18:24:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN4+r1iQuNV8BPBJX8Fk/bCRhNkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDRaFw0yNTA4MjcxNDA0NDRaMDMxMTAvBgNV
BAMTKDdENkE1ODQ2NTAwNDY2QTVGMjZBMjc1ODQ1NjcxM0RENTRGMEQ5NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs5xabPgAf8mypr+55+47/+GE1
ZoX0/VOqhzwHRGXh0E1ij2P8EwbQGj+VEYUQqbxp+vg/QEKuz8DY5V1NrYrX7Qb+
QnjsR41E7/KEkDb5OnCNnA8CQEtXeS1fHEWaHHpmCCFua6DGNQj16IoiKpjJhLHU
Rm2RwT2SD60F9REZCoiNn1oMo/RANL5aJIgNmqfQq61c71pvN9YtkoSlll41uE8k
qiCzENn65/VK3d8lhI6P15kaJSG71pmFgieeXIaBK0qPfBDfevNwbRemqklml45h
4GSUJbK8MWyBur5nQ0YfLALa3DX1Ri/0O/TetC3Iw/kpgemxm9E80PMu3I0zAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfWpYRlAEZqXyaidYRWcT3VTw2XAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMTJlMzgzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
UDANBgkqhkiG9w0BAQsFAAOCAQEAl57UwIUu5Trs6/wFwOvJbwvlfHTwbrKyhXhs
i+zmaGLIrsJjm3ybztW5Hl06QA7n70OPT3uXvaoCPNyGNzb6vJ4vOKxrfScZzhJJ
GhE1Lvm3jndYgPj4PkItgzmcYpvoRg2exCzuP+UdnZXm1/luzYVF1bSBtWL57g2r
cwAHXoesD+zXrr+35yzLTASSb0QuKme+jnQBlXcWoCjALn/cr9KCT/zoyz0Oi273
5fFV+0K9WrZGJxrD9z7bo7cTJ+T1dIEnPc0feyCVWXWCHmIKthY/txpUqBOjf4DJ
yT+BUYh2dZMQ6nfbxTok0iMe4h7GjT2I3WFRAcM82oKWcRgkgw==
-----END CERTIFICATE-----