Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38312e302f32342d3332203d3e20313336373837.roa
File:                     34352e31312e38312e302f32342d3332203d3e20313336373837.roa (raw, json)
Hash identifier:          MsMs+P66alEKN6UiyIUdyQ7pHnti7ILtiPfHB8V4uKY=
Subject key identifier:   B9:53:77:DB:FD:54:FF:7C:CB:A7:E1:20:4E:BC:25:53:45:BE:CF:45
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5A56219151A82E24E29D8CAC90EE5F3C095EF0E7
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38312e302f32342d3332203d3e20313336373837.roa
Signing time:             Wed 27 Sep 2023 13:40:12 +0000
ROA not before:           Wed 27 Sep 2023 13:35:12 +0000
ROA not after:            Wed 25 Sep 2024 13:40:12 +0000
asID:                     136787
IP address blocks:        45.11.81.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:56:21:91:51:a8:2e:24:e2:9d:8c:ac:90:ee:5f:3c:09:5e:f0:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 13:35:12 2023 GMT
            Not After : Sep 25 13:40:12 2024 GMT
        Subject: CN=B95377DBFD54FF7CCBA7E1204EBC255345BECF45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ce:8d:67:5a:ab:27:0a:64:bb:40:e3:a9:df:
                    c3:b9:87:8d:29:47:41:26:d9:03:75:ba:27:74:65:
                    05:95:d8:9c:57:24:f0:b6:72:3b:4d:0a:9f:0a:8c:
                    a6:90:b7:bf:90:93:d1:2c:a9:64:29:c4:6f:9c:7e:
                    f5:f6:2f:6b:33:98:9c:33:70:55:e0:fb:bc:3f:f9:
                    b7:04:f2:e4:93:9e:07:a1:ce:ab:2e:e9:02:8f:8a:
                    ae:0e:5a:67:c6:12:d3:bb:bd:3c:d6:5a:d8:1d:73:
                    f6:bc:9c:4c:bf:65:32:34:05:eb:e4:3c:cc:09:ab:
                    42:3b:c4:cd:77:4b:57:cb:63:e2:da:4b:33:5d:95:
                    2f:da:10:bc:a8:6c:dd:d6:eb:a4:b7:70:b9:5c:b1:
                    4e:c3:b5:a9:5b:c8:2c:08:bd:d9:d5:93:fa:3f:07:
                    75:c3:9a:94:e5:76:11:a3:26:f4:b2:ad:ad:27:24:
                    4d:12:3b:21:2e:48:91:8a:59:f3:ac:8c:ea:ae:19:
                    41:40:70:13:7a:5e:49:f6:c2:93:cb:9e:a8:47:e8:
                    5a:e6:13:58:54:7b:4c:b2:ae:d8:e5:46:d0:e6:b9:
                    b8:5f:eb:12:a6:ef:c3:2a:f9:a3:3f:e0:14:96:bb:
                    88:d3:28:d1:fe:94:bd:2b:4e:d5:41:8c:22:b5:d5:
                    89:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:53:77:DB:FD:54:FF:7C:CB:A7:E1:20:4E:BC:25:53:45:BE:CF:45
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38312e302f32342d3332203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:ff:87:8f:f6:a4:af:bc:2a:e4:b2:5f:75:64:0a:54:bf:1f:
         a5:31:95:75:ff:19:f6:61:c5:f8:92:ee:5b:d1:9b:92:bf:9a:
         dc:07:1a:97:8e:1f:8f:19:63:ac:8a:23:be:74:fe:d8:8b:2b:
         59:64:b2:51:fd:92:be:c9:08:b1:20:c2:a5:c1:74:bd:ce:c8:
         5c:46:77:c8:ad:c8:ce:93:20:cd:b9:fd:2c:08:dc:e8:5a:1e:
         5c:86:30:59:7e:cd:40:86:f8:51:82:ce:b7:d1:86:ef:2b:3c:
         ae:09:71:8a:c0:74:3d:59:03:a6:b0:05:a0:12:08:65:6c:cc:
         6d:78:fa:87:62:f5:61:f3:88:b5:1a:83:e9:4c:db:f9:53:9d:
         c9:73:13:b1:63:ad:39:77:9a:8f:d6:7d:0f:9c:7a:ec:cc:31:
         56:60:9c:63:26:8d:c8:f0:7e:7a:c5:aa:c8:94:1d:70:24:2f:
         c4:c7:e1:fc:90:88:60:bd:27:81:78:5a:73:cb:16:fc:76:34:
         8c:06:12:3c:18:d1:4b:ba:24:a4:da:07:6d:63:a0:b4:a5:31:
         f7:fd:0d:e9:66:c9:0e:ca:52:5c:26:ea:01:54:ce:ff:90:bf:
         56:38:bf:3c:59:04:3b:74:5b:86:31:81:05:63:5c:2b:75:70:
         bc:93:7d:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWlYhkVGoLiTinYyskO5fPAle8OcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxMzM1MTJaFw0yNDA5MjUxMzQwMTJaMDMxMTAvBgNV
BAMTKEI5NTM3N0RCRkQ1NEZGN0NDQkE3RTEyMDRFQkMyNTUzNDVCRUNGNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDzo1nWqsnCmS7QOOp38O5h40p
R0Em2QN1uid0ZQWV2JxXJPC2cjtNCp8KjKaQt7+Qk9EsqWQpxG+cfvX2L2szmJwz
cFXg+7w/+bcE8uSTngehzqsu6QKPiq4OWmfGEtO7vTzWWtgdc/a8nEy/ZTI0Bevk
PMwJq0I7xM13S1fLY+LaSzNdlS/aELyobN3W66S3cLlcsU7DtalbyCwIvdnVk/o/
B3XDmpTldhGjJvSyra0nJE0SOyEuSJGKWfOsjOquGUFAcBN6Xkn2wpPLnqhH6Frm
E1hUe0yyrtjlRtDmubhf6xKm78Mq+aM/4BSWu4jTKNH+lL0rTtVBjCK11YkbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuVN32/1U/3zLp+EgTrwlU0W+z0UwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMTJlMzgzMTJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
UTANBgkqhkiG9w0BAQsFAAOCAQEAHv+Hj/akr7wq5LJfdWQKVL8fpTGVdf8Z9mHF
+JLuW9Gbkr+a3Acal44fjxljrIojvnT+2IsrWWSyUf2SvskIsSDCpcF0vc7IXEZ3
yK3IzpMgzbn9LAjc6FoeXIYwWX7NQIb4UYLOt9GG7ys8rglxisB0PVkDprAFoBII
ZWzMbXj6h2L1YfOItRqD6Uzb+VOdyXMTsWOtOXeaj9Z9D5x67MwxVmCcYyaNyPB+
esWqyJQdcCQvxMfh/JCIYL0ngXhac8sW/HY0jAYSPBjRS7okpNoHbWOgtKUx9/0N
6WbJDspSXCbqAVTO/5C/Vji/PFkEO3RbhjGBBWNcK3VwvJN9gQ==
-----END CERTIFICATE-----