Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38372e382e302f32322d3234203d3e20323031333431.roa
File:                     34352e38372e382e302f32322d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          VsrZzu5hJjXTYWJUPIAQGNTo9dS9cKVz2t6T8NY3Loc=
Subject key identifier:   96:1D:41:DA:FA:D9:19:22:46:55:75:A9:D8:B7:75:E6:75:E0:5F:3F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       54BD3463CCCDEBE826E3AF71D57791B783748427
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38372e382e302f32322d3234203d3e20323031333431.roa
Signing time:             Thu 01 Aug 2024 15:04:31 +0000
ROA not before:           Thu 01 Aug 2024 14:59:31 +0000
ROA not after:            Thu 31 Jul 2025 15:04:31 +0000
asID:                     201341
IP address blocks:        45.87.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:bd:34:63:cc:cd:eb:e8:26:e3:af:71:d5:77:91:b7:83:74:84:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug  1 14:59:31 2024 GMT
            Not After : Jul 31 15:04:31 2025 GMT
        Subject: CN=961D41DAFAD91922465575A9D8B775E675E05F3F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:94:ca:7e:32:24:09:79:18:49:3b:80:5d:46:
                    e0:10:88:fc:e9:78:83:cf:11:2b:e4:9a:ba:5b:46:
                    11:76:fe:cb:2e:50:4e:85:f5:f9:dc:1f:21:11:54:
                    af:5b:7b:ad:99:59:a6:f6:15:3a:54:d1:85:f5:01:
                    4e:4e:53:64:5e:9c:aa:45:92:7e:81:8f:67:4a:4d:
                    0d:4f:73:71:72:27:a5:1f:07:94:b7:b6:74:a9:fc:
                    85:df:81:ee:da:76:41:35:91:68:21:ba:4a:da:d2:
                    ec:da:b1:fc:09:4d:26:4b:b6:cb:b2:59:d4:b5:01:
                    6d:95:9b:27:cd:91:4b:eb:65:22:10:7e:ee:a1:60:
                    06:3a:8a:01:5d:3a:9a:3b:9e:99:2a:f8:80:ab:46:
                    7d:f7:2f:40:7f:9f:c8:7e:60:9f:30:90:be:91:37:
                    d6:a9:5c:6c:86:25:4f:21:65:cf:4d:59:cc:69:84:
                    fd:21:9c:dc:e6:5d:1d:95:7d:6e:83:64:c9:36:85:
                    42:fb:1f:e7:38:06:68:ec:25:00:6d:dc:73:14:a6:
                    67:a8:00:c0:e5:6c:1a:18:9d:4c:5e:f5:71:2c:6b:
                    66:2f:cd:c0:97:ce:6b:30:9d:b3:2d:02:6c:bc:db:
                    a0:12:e6:20:18:b2:e2:84:1b:6d:50:e1:22:ac:28:
                    b3:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:1D:41:DA:FA:D9:19:22:46:55:75:A9:D8:B7:75:E6:75:E0:5F:3F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38372e382e302f32322d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:1b:3f:9e:14:82:55:3a:20:af:00:a0:9c:f9:5d:ee:d8:f4:
         0d:29:ad:a0:cc:34:e5:90:b4:bd:e9:30:e0:97:d4:bf:be:57:
         4a:04:6a:cf:db:ef:62:c1:7b:b3:2c:7b:be:4d:8a:9a:aa:d0:
         67:ce:7d:cb:99:53:a1:65:85:11:18:8c:a4:a3:4a:63:5a:c6:
         d9:23:a7:45:d3:27:a2:4f:c0:c9:6e:37:63:e1:6e:c3:96:1e:
         21:be:dd:17:26:2e:d2:f5:47:ec:d9:8d:16:49:98:93:1c:a6:
         ea:1b:fd:7d:a0:40:c9:40:c4:5d:eb:e1:3d:a0:a3:19:d6:dd:
         c0:20:ae:53:f8:d6:c4:16:f4:d2:43:27:9d:1d:49:4d:4f:9b:
         31:94:49:b1:fa:c1:15:ef:69:b3:8c:50:0a:3b:d9:07:80:c4:
         10:5d:91:9b:8a:55:ea:e0:90:fa:a2:3a:b7:0f:71:3e:57:f0:
         f9:f8:21:61:2e:0f:7e:02:09:55:98:8b:84:40:27:22:cd:e2:
         9f:5f:97:c6:49:81:09:37:26:96:f2:70:50:29:d0:15:6c:f5:
         3c:d6:ae:8f:a9:18:15:e5:ee:97:57:f5:a4:34:2a:1c:f4:01:
         b6:bc:b3:a9:91:45:ae:e6:38:d5:17:7e:bb:86:9d:8b:32:99:
         a6:c7:6b:4f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVL00Y8zN6+gm469x1XeRt4N0hCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MDExNDU5MzFaFw0yNTA3MzExNTA0MzFaMDMxMTAvBgNV
BAMTKDk2MUQ0MURBRkFEOTE5MjI0NjU1NzVBOUQ4Qjc3NUU2NzVFMDVGM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtlMp+MiQJeRhJO4BdRuAQiPzp
eIPPESvkmrpbRhF2/ssuUE6F9fncHyERVK9be62ZWab2FTpU0YX1AU5OU2RenKpF
kn6Bj2dKTQ1Pc3FyJ6UfB5S3tnSp/IXfge7adkE1kWghukra0uzasfwJTSZLtsuy
WdS1AW2VmyfNkUvrZSIQfu6hYAY6igFdOpo7npkq+ICrRn33L0B/n8h+YJ8wkL6R
N9apXGyGJU8hZc9NWcxphP0hnNzmXR2VfW6DZMk2hUL7H+c4BmjsJQBt3HMUpmeo
AMDlbBoYnUxe9XEsa2YvzcCXzmswnbMtAmy826AS5iAYsuKEG21Q4SKsKLNFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUlh1B2vrZGSJGVXWp2Ld15nXgXz8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNzJlMzgyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItVwgw
DQYJKoZIhvcNAQELBQADggEBADUbP54UglU6IK8AoJz5Xe7Y9A0praDMNOWQtL3p
MOCX1L++V0oEas/b72LBe7Mse75Nipqq0GfOfcuZU6FlhREYjKSjSmNaxtkjp0XT
J6JPwMluN2PhbsOWHiG+3RcmLtL1R+zZjRZJmJMcpuob/X2gQMlAxF3r4T2goxnW
3cAgrlP41sQW9NJDJ50dSU1PmzGUSbH6wRXvabOMUAo72QeAxBBdkZuKVergkPqi
OrcPcT5X8Pn4IWEuD34CCVWYi4RAJyLN4p9fl8ZJgQk3JpbycFAp0BVs9TzWro+p
GBXl7pdX9aQ0Khz0Aba8s6mRRa7mONUXfruGnYsymabHa08=
-----END CERTIFICATE-----