Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38312e302f32342d3332203d3e20313336373837.roa
File:                     34352e31312e38312e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          yJMCJM+dR+XTdUYlGHjDlWyryGRv9wAobCzq2zqOELo=
Subject key identifier:   C3:E6:46:C1:5A:8E:66:8B:AD:A9:16:59:1D:EA:7C:2E:DB:6E:34:A3
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3787DA6BF550260F0446A8ED25D6DD7F29EA9641
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38312e302f32342d3332203d3e20313336373837.roa
Signing time:             Wed 28 Aug 2024 14:04:45 +0000
ROA not before:           Wed 28 Aug 2024 13:59:45 +0000
ROA not after:            Wed 27 Aug 2025 14:04:45 +0000
asID:                     136787
IP address blocks:        45.11.81.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:87:da:6b:f5:50:26:0f:04:46:a8:ed:25:d6:dd:7f:29:ea:96:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:45 2024 GMT
            Not After : Aug 27 14:04:45 2025 GMT
        Subject: CN=C3E646C15A8E668BADA916591DEA7C2EDB6E34A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:6c:36:de:f6:fa:82:13:b0:4b:ed:ac:9e:43:
                    ad:40:2e:7a:8a:2c:6c:18:36:a1:58:19:c4:4c:86:
                    90:13:86:de:e1:46:42:c4:c1:de:a4:88:9d:70:e3:
                    2d:60:00:2d:59:2c:f0:0e:47:9a:d7:e7:a1:1a:f3:
                    eb:55:e2:e4:9e:29:f0:96:50:95:0e:e1:4a:71:c9:
                    5c:ab:20:01:90:1f:62:71:ab:0f:5a:e4:81:f2:72:
                    8d:c8:17:d0:ea:80:50:2d:15:27:6f:1d:e6:1c:0e:
                    22:9a:ed:32:06:b5:c0:ad:cb:f7:3f:f6:f7:2c:b1:
                    fb:4a:04:15:7c:dd:69:89:00:63:89:31:ea:4a:81:
                    88:b2:41:dd:d4:9d:a2:d3:3b:c2:d0:38:43:a7:35:
                    ca:a8:f6:75:63:8c:21:90:a9:5e:bc:22:e4:c5:3d:
                    32:09:49:c7:a5:e9:1f:c2:56:0b:c9:48:1c:05:27:
                    07:82:16:55:0c:88:a8:04:f4:b3:cf:e9:5a:9c:69:
                    b4:2d:48:a3:79:af:8f:42:aa:09:2b:93:d1:6c:5a:
                    87:79:a9:e5:19:4d:7a:ee:9e:c0:94:2f:f4:c6:ad:
                    75:5c:7a:bc:4d:3a:77:f4:7e:91:72:ab:9b:78:31:
                    e3:2b:a1:0c:31:ae:2b:7e:60:70:62:46:57:25:d3:
                    d9:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E6:46:C1:5A:8E:66:8B:AD:A9:16:59:1D:EA:7C:2E:DB:6E:34:A3
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38312e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:bf:78:e6:54:3a:2c:6a:33:0c:16:54:3c:fc:f3:2c:82:ee:
         59:c7:31:36:68:4a:8c:39:2d:2c:c8:96:93:4c:cd:b3:24:d6:
         16:33:c8:cd:87:d2:fe:5b:9b:52:41:84:05:5f:6b:a3:5e:6a:
         3b:cc:8a:40:cc:3b:9e:5d:06:de:b3:43:c5:eb:12:9d:06:b1:
         f6:3b:2d:06:e5:36:20:51:91:a5:4d:e5:3b:02:84:06:fe:f4:
         84:3b:66:24:11:e3:1c:7c:f2:bd:ca:4d:f3:2f:03:4f:35:bd:
         bc:bc:fd:5a:ad:d5:1b:44:fc:7b:05:b5:99:62:79:5b:24:f4:
         00:5d:b3:3e:2c:a4:17:92:d0:6a:ff:79:42:9e:47:45:c0:58:
         dc:28:e1:e7:93:9d:7e:7b:c5:f2:3c:bf:3d:b2:66:12:c5:27:
         61:09:9f:7c:66:6a:05:36:08:d7:58:d4:a4:88:22:5b:ae:35:
         68:33:e2:f8:1a:d7:19:1f:97:ff:b3:22:aa:79:fb:05:26:be:
         91:ee:06:8c:24:2c:6a:4b:92:4b:b9:86:90:5e:b0:36:0a:5f:
         61:5f:65:69:b1:4c:e2:76:45:ae:33:09:22:a4:cd:bd:a3:a5:
         94:c3:00:ee:d4:d0:a7:03:fe:dc:60:56:01:bd:78:1a:1c:b7:
         3f:39:39:f9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUN4faa/VQJg8ERqjtJdbdfynqlkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDVaFw0yNTA4MjcxNDA0NDVaMDMxMTAvBgNV
BAMTKEMzRTY0NkMxNUE4RTY2OEJBREE5MTY1OTFERUE3QzJFREI2RTM0QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3bDbe9vqCE7BL7ayeQ61ALnqK
LGwYNqFYGcRMhpATht7hRkLEwd6kiJ1w4y1gAC1ZLPAOR5rX56Ea8+tV4uSeKfCW
UJUO4UpxyVyrIAGQH2Jxqw9a5IHyco3IF9DqgFAtFSdvHeYcDiKa7TIGtcCty/c/
9vcssftKBBV83WmJAGOJMepKgYiyQd3UnaLTO8LQOEOnNcqo9nVjjCGQqV68IuTF
PTIJScel6R/CVgvJSBwFJweCFlUMiKgE9LPP6VqcabQtSKN5r49Cqgkrk9FsWod5
qeUZTXrunsCUL/TGrXVcerxNOnf0fpFyq5t4MeMroQwxrit+YHBiRlcl09kfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUw+ZGwVqOZoutqRZZHep8LttuNKMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMTJlMzgzMTJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
UTANBgkqhkiG9w0BAQsFAAOCAQEAm7945lQ6LGozDBZUPPzzLILuWccxNmhKjDkt
LMiWk0zNsyTWFjPIzYfS/lubUkGEBV9ro15qO8yKQMw7nl0G3rNDxesSnQax9jst
BuU2IFGRpU3lOwKEBv70hDtmJBHjHHzyvcpN8y8DTzW9vLz9Wq3VG0T8ewW1mWJ5
WyT0AF2zPiykF5LQav95Qp5HRcBY3Cjh55OdfnvF8jy/PbJmEsUnYQmffGZqBTYI
11jUpIgiW641aDPi+BrXGR+X/7Miqnn7BSa+ke4GjCQsakuSS7mGkF6wNgpfYV9l
abFM4nZFrjMJIqTNvaOllMMA7tTQpwP+3GBWAb14Ghy3Pzk5+Q==
-----END CERTIFICATE-----