Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31392e302f32342d3234203d3e20383334.roa
File:                     34352e3133362e31392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          u4dZtBv1ke6S0T48BNeL6x0NyOhzkyBI13dbqVIsGDg=
Subject key identifier:   45:AE:92:3C:F3:88:2A:1E:CD:BB:4A:52:DB:29:EE:35:BE:33:1C:08
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       684EEB41F3DC89BA0F6578F679F4DC8D46E48280
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 16 Feb 2024 17:40:40 +0000
ROA not before:           Fri 16 Feb 2024 17:35:40 +0000
ROA not after:            Fri 14 Feb 2025 17:40:40 +0000
asID:                     834
IP address blocks:        45.136.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:4e:eb:41:f3:dc:89:ba:0f:65:78:f6:79:f4:dc:8d:46:e4:82:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 16 17:35:40 2024 GMT
            Not After : Feb 14 17:40:40 2025 GMT
        Subject: CN=45AE923CF3882A1ECDBB4A52DB29EE35BE331C08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f8:ab:3a:ba:8f:02:2f:33:a7:68:47:0f:7b:
                    99:1c:e0:2f:92:57:14:63:b9:2d:c5:c5:ab:92:ab:
                    f8:f0:1e:e2:04:c3:0f:68:61:8a:a6:5e:0d:54:ab:
                    35:d4:48:54:30:33:2d:43:31:de:10:25:d9:a8:ab:
                    2f:c8:0f:44:a1:3e:04:d0:67:81:e4:ad:dd:20:a1:
                    48:e7:8b:bd:61:59:ae:3c:b4:68:16:41:6a:3e:15:
                    2a:d3:fd:8c:f6:4f:2c:ab:15:61:f0:01:4b:ed:2d:
                    27:1d:73:40:9e:ad:50:23:41:62:c0:b2:39:29:4d:
                    1f:55:8a:e5:d4:41:e9:59:af:83:a0:79:61:d6:44:
                    bb:85:d7:2c:de:3e:47:0a:27:e5:35:02:7f:4a:5e:
                    10:76:ee:0e:4e:43:82:2e:43:10:cf:11:34:fc:97:
                    df:a3:79:57:b1:80:75:04:77:15:d2:a7:6c:d4:04:
                    98:08:36:fa:61:93:eb:1d:81:ce:fe:0d:08:8b:db:
                    ec:67:d3:d3:39:33:8e:1a:9b:ed:07:de:2f:49:96:
                    70:06:77:e3:0d:d6:92:22:91:9e:72:ee:16:96:63:
                    1d:87:c8:cf:a1:03:fc:94:b8:7d:b7:3a:3f:93:64:
                    51:cf:93:a7:5c:e4:22:dd:5d:e4:5a:fc:78:5b:e8:
                    ee:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AE:92:3C:F3:88:2A:1E:CD:BB:4A:52:DB:29:EE:35:BE:33:1C:08
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:f7:6f:c9:47:3a:86:dd:39:95:fc:24:25:28:c5:16:47:85:
         54:9c:7d:55:13:8c:c0:a5:47:50:40:f7:33:21:bb:69:eb:02:
         4c:d8:f4:ca:14:45:0f:84:6a:5c:a4:6b:80:25:ec:e6:0d:4f:
         6d:f7:1e:0a:9a:8c:8d:1b:b0:01:48:a3:c9:92:a4:8b:39:34:
         57:c5:c6:ac:e0:ff:23:66:02:8e:ac:f7:83:79:6c:9c:f2:80:
         c0:3e:1c:f1:b7:7b:c1:da:81:fe:fc:ac:d6:4b:60:e2:f4:eb:
         82:63:b3:17:47:37:0f:a7:0c:e5:e7:a9:b4:20:e2:60:e4:60:
         95:51:b5:7d:0e:35:de:3b:13:f4:ad:9e:78:09:f7:31:8d:0f:
         d8:8b:cf:cd:07:a6:f5:d6:31:c5:67:b3:5b:ef:10:82:db:16:
         b8:d5:f2:d1:ab:d9:72:ad:a4:96:af:1d:9a:5f:93:1d:51:d4:
         42:b9:dc:61:bd:97:a9:e8:a8:fe:69:31:0a:fb:6f:dd:6e:0d:
         58:3a:43:b7:90:a0:37:51:6c:2f:bc:52:e4:ef:0d:e7:61:c3:
         00:7c:31:c9:40:d6:c5:e7:f7:aa:e4:86:a1:06:ed:45:26:7d:
         78:b8:60:32:60:3a:53:93:a2:60:22:be:d8:52:bc:a7:22:f4:
         32:fb:71:9e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUaE7rQfPciboPZXj2efTcjUbkgoAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMTYxNzM1NDBaFw0yNTAyMTQxNzQwNDBaMDMxMTAvBgNV
BAMTKDQ1QUU5MjNDRjM4ODJBMUVDREJCNEE1MkRCMjlFRTM1QkUzMzFDMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb+Ks6uo8CLzOnaEcPe5kc4C+S
VxRjuS3FxauSq/jwHuIEww9oYYqmXg1UqzXUSFQwMy1DMd4QJdmoqy/ID0ShPgTQ
Z4Hkrd0goUjni71hWa48tGgWQWo+FSrT/Yz2TyyrFWHwAUvtLScdc0CerVAjQWLA
sjkpTR9ViuXUQelZr4OgeWHWRLuF1yzePkcKJ+U1An9KXhB27g5OQ4IuQxDPETT8
l9+jeVexgHUEdxXSp2zUBJgINvphk+sdgc7+DQiL2+xn09M5M44am+0H3i9JlnAG
d+MN1pIikZ5y7haWYx2HyM+hA/yUuH23Oj+TZFHPk6dc5CLdXeRa/Hhb6O6JAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQURa6SPPOIKh7Nu0pS2ynuNb4zHAgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMzM2MmUzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYgTMA0G
CSqGSIb3DQEBCwUAA4IBAQA992/JRzqG3TmV/CQlKMUWR4VUnH1VE4zApUdQQPcz
Ibtp6wJM2PTKFEUPhGpcpGuAJezmDU9t9x4KmoyNG7ABSKPJkqSLOTRXxcas4P8j
ZgKOrPeDeWyc8oDAPhzxt3vB2oH+/KzWS2Di9OuCY7MXRzcPpwzl56m0IOJg5GCV
UbV9DjXeOxP0rZ54CfcxjQ/Yi8/NB6b11jHFZ7Nb7xCC2xa41fLRq9lyraSWrx2a
X5MdUdRCudxhvZep6Kj+aTEK+2/dbg1YOkO3kKA3UWwvvFLk7w3nYcMAfDHJQNbF
5/eq5IahBu1FJn14uGAyYDpTk6JgIr7YUrynIvQy+3Ge
-----END CERTIFICATE-----