Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133322e37322e302f32342d3234203d3e203633343733.roa
File:                     34352e3133322e37322e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          p2MP2USP8B2siJQOebFkfevm1GVGeep/FVhrLWkwUeU=
Subject key identifier:   98:80:AB:97:B4:FA:78:02:DA:26:FC:95:44:7D:78:C6:66:BB:70:94
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6ECB02669FE23F8E8079CD7EE1ED6018DC9E3925
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133322e37322e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 04 Nov 2024 10:05:26 +0000
ROA not before:           Mon 04 Nov 2024 10:00:26 +0000
ROA not after:            Mon 03 Nov 2025 10:05:26 +0000
asID:                     63473
IP address blocks:        45.132.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:cb:02:66:9f:e2:3f:8e:80:79:cd:7e:e1:ed:60:18:dc:9e:39:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  4 10:00:26 2024 GMT
            Not After : Nov  3 10:05:26 2025 GMT
        Subject: CN=9880AB97B4FA7802DA26FC95447D78C666BB7094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7f:f5:cd:63:63:47:8c:57:b4:e5:ba:76:0c:
                    82:a2:8b:c2:62:c8:f8:c5:5d:43:94:ba:fd:5e:3f:
                    4a:b3:1d:ca:9d:6e:58:db:0d:f2:41:9d:ca:61:36:
                    02:aa:41:1e:94:d6:f5:52:98:1c:dc:80:19:7a:99:
                    5b:6b:a1:c9:ea:b5:c1:68:da:82:5b:cb:e4:c5:f3:
                    a8:91:99:af:ac:2b:20:e0:08:e3:b0:5d:fc:39:eb:
                    78:57:e2:fd:af:7b:e6:19:6d:cd:db:6a:b3:a7:b0:
                    b4:a7:34:78:37:04:84:f5:1d:21:12:ba:0c:b8:37:
                    dc:ed:a2:ab:0b:df:5a:f4:e6:35:25:02:8d:ce:93:
                    b9:92:2d:bc:23:db:ba:b8:28:d4:80:18:e7:73:dc:
                    88:eb:9a:a0:91:0d:b8:23:21:fa:f9:17:36:48:1c:
                    e4:67:83:17:10:d6:6c:ad:6e:a3:2d:99:50:86:43:
                    3d:64:8a:91:d3:30:2c:bc:66:23:2d:42:38:2f:eb:
                    c8:ab:20:83:4d:ee:c3:de:c5:6b:0f:d4:6e:7f:ec:
                    44:94:8e:ab:93:30:11:47:92:86:84:bd:80:47:16:
                    f5:30:dc:18:d6:bf:8c:0a:7c:da:d6:98:7c:94:a2:
                    2c:08:95:b9:ff:7b:74:4c:de:1d:f3:2d:68:1e:cb:
                    77:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:80:AB:97:B4:FA:78:02:DA:26:FC:95:44:7D:78:C6:66:BB:70:94
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133322e37322e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:2c:1e:9a:2c:15:2c:32:7d:9d:d9:90:fb:96:6e:ca:d7:e2:
         d1:3a:03:6b:35:65:c3:2d:27:6f:87:24:ac:e5:b8:3d:ed:76:
         34:19:89:94:11:d1:f5:74:a1:00:2f:32:41:49:8a:93:69:1c:
         9b:a5:fb:94:0d:12:d3:dc:e9:bd:a1:63:90:db:4d:ac:37:b4:
         29:a9:8a:3a:d9:40:7a:73:e4:33:06:0a:79:38:32:2c:14:91:
         f8:cd:21:af:a4:01:75:10:1c:b4:da:58:2c:52:b1:87:f6:05:
         ee:c0:b4:8c:c2:61:65:8b:13:1b:27:b3:3a:68:7a:c5:6e:02:
         75:82:9e:b5:43:73:a6:78:62:a4:f0:1b:5f:ad:f7:3c:c6:cd:
         9a:b9:bf:02:5a:9d:53:b1:42:e8:10:43:24:07:da:5f:2e:43:
         a3:d0:61:c0:4b:ef:56:cd:22:c0:13:9a:6b:6f:f4:fe:76:c0:
         b6:d5:26:d3:c8:59:f4:1b:c7:88:58:90:eb:76:eb:88:b2:6f:
         42:db:83:10:56:2e:d2:c0:c5:16:2a:f4:1a:1e:7a:99:8f:6a:
         86:f6:49:49:69:1a:99:6f:6a:4d:1f:9b:90:50:5e:b1:7d:87:
         d8:a9:15:11:f8:bf:c5:7a:0f:84:6b:6a:58:35:84:33:2a:d7:
         ba:5c:7f:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbssCZp/iP46Aec1+4e1gGNyeOSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDExMDQxMDAwMjZaFw0yNTExMDMxMDA1MjZaMDMxMTAvBgNV
BAMTKDk4ODBBQjk3QjRGQTc4MDJEQTI2RkM5NTQ0N0Q3OEM2NjZCQjcwOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuf/XNY2NHjFe05bp2DIKii8Ji
yPjFXUOUuv1eP0qzHcqdbljbDfJBncphNgKqQR6U1vVSmBzcgBl6mVtrocnqtcFo
2oJby+TF86iRma+sKyDgCOOwXfw563hX4v2ve+YZbc3barOnsLSnNHg3BIT1HSES
ugy4N9ztoqsL31r05jUlAo3Ok7mSLbwj27q4KNSAGOdz3IjrmqCRDbgjIfr5FzZI
HORngxcQ1mytbqMtmVCGQz1kipHTMCy8ZiMtQjgv68irIINN7sPexWsP1G5/7ESU
jquTMBFHkoaEvYBHFvUw3BjWv4wKfNrWmHyUoiwIlbn/e3RM3h3zLWgey3fzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmICrl7T6eALaJvyVRH14xma7cJQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMzMyMmUzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2E
SDANBgkqhkiG9w0BAQsFAAOCAQEAmSwemiwVLDJ9ndmQ+5Zuytfi0ToDazVlwy0n
b4ckrOW4Pe12NBmJlBHR9XShAC8yQUmKk2kcm6X7lA0S09zpvaFjkNtNrDe0KamK
OtlAenPkMwYKeTgyLBSR+M0hr6QBdRActNpYLFKxh/YF7sC0jMJhZYsTGyezOmh6
xW4CdYKetUNzpnhipPAbX633PMbNmrm/AlqdU7FC6BBDJAfaXy5Do9BhwEvvVs0i
wBOaa2/0/nbAttUm08hZ9BvHiFiQ63briLJvQtuDEFYu0sDFFir0Gh56mY9qhvZJ
SWkamW9qTR+bkFBesX2H2KkVEfi/xXoPhGtqWDWEMyrXulx/pQ==
-----END CERTIFICATE-----