Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32342d3234203d3e20383334.roa
File:                     34352e39342e35362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          o7SiZAn13v3OKJ70wN7bdI+qE5jhhWZmd5cXviuDdFw=
Subject key identifier:   1F:68:96:11:FB:CA:1A:BA:D0:10:41:07:D0:62:B0:8E:3D:A9:E4:8F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0347F930E9BD50B5F6A26AF6C8EE26530553716C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32342d3234203d3e20383334.roa
Signing time:             Mon 10 Jun 2024 10:42:55 +0000
ROA not before:           Mon 10 Jun 2024 10:37:55 +0000
ROA not after:            Mon 09 Jun 2025 10:42:55 +0000
asID:                     834
IP address blocks:        45.94.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:47:f9:30:e9:bd:50:b5:f6:a2:6a:f6:c8:ee:26:53:05:53:71:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 10 10:37:55 2024 GMT
            Not After : Jun  9 10:42:55 2025 GMT
        Subject: CN=1F689611FBCA1ABAD0104107D062B08E3DA9E48F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6a:9f:52:55:54:24:a2:8b:0f:f3:a7:df:3d:
                    ec:d6:41:89:00:50:d0:06:9e:6c:74:22:aa:9a:01:
                    08:36:32:47:27:1a:1c:e3:6a:9a:94:48:05:8f:56:
                    44:6f:05:eb:bc:21:f1:d3:03:95:62:75:49:aa:fb:
                    b3:a5:e5:ce:8d:bc:b0:d8:e5:6d:53:46:40:21:43:
                    ac:3a:08:95:f3:e4:a4:59:22:23:f3:60:b6:05:f5:
                    87:5e:bd:bc:1c:d9:b9:1d:ec:8d:cb:50:db:41:99:
                    5f:3c:32:18:05:f5:98:7e:69:df:55:c6:43:66:cd:
                    e5:98:91:81:e0:7a:96:49:b4:03:08:f4:61:8a:66:
                    1f:2c:67:8a:52:9e:10:1b:58:b3:45:11:75:b2:5a:
                    17:24:b9:12:58:6c:20:67:47:aa:ab:8c:c0:08:4a:
                    80:11:e2:35:30:d0:7e:a2:e9:f0:08:51:4c:92:4a:
                    91:67:7a:01:16:cc:8d:49:c1:23:fb:db:db:ac:1e:
                    5e:a3:19:f1:3c:62:10:c8:9b:00:1c:a7:ff:35:d3:
                    88:37:90:cb:57:83:ee:7f:98:c5:74:0c:c2:51:b9:
                    5e:83:b2:26:85:3a:d2:ac:1c:6f:96:45:db:a3:2d:
                    df:1a:8d:2d:f4:f5:c9:df:ac:13:ea:c2:24:04:d1:
                    67:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:68:96:11:FB:CA:1A:BA:D0:10:41:07:D0:62:B0:8E:3D:A9:E4:8F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:36:2b:3f:f5:31:7f:9a:99:5e:19:dd:35:e5:ab:26:07:62:
         d5:8f:e7:f9:c2:ab:3f:14:39:5b:a8:03:f1:22:c6:66:0f:29:
         4e:b3:21:81:ef:83:e4:6b:cf:91:c2:61:c3:79:fa:01:14:db:
         72:8a:11:40:a0:99:f7:52:03:fc:e3:f0:b8:8e:ff:3b:bb:5c:
         1f:04:d9:59:c8:59:a4:a6:a9:94:13:8c:48:38:6d:48:53:ac:
         3f:75:ac:4e:6d:11:e4:59:7a:d9:cd:cb:4f:a0:2a:6a:26:b4:
         e2:51:64:ab:f6:ea:5e:62:1e:f8:ce:ae:7f:5d:8f:91:d9:52:
         6c:c7:2c:17:66:cc:31:d4:6d:00:52:f8:c0:68:8c:ea:cb:5d:
         df:05:b4:b8:29:2a:fc:61:5a:69:00:3c:a4:90:44:cb:03:cc:
         83:32:c3:93:1c:79:a2:2e:48:9b:ce:a8:6f:50:4c:f3:ac:73:
         4f:7a:12:78:58:93:99:4e:af:5b:92:cf:22:4b:66:de:2a:27:
         00:b0:4e:e9:26:22:2d:10:7a:af:54:85:a1:ad:5c:3f:07:4e:
         02:e0:a4:0d:fe:50:46:f5:f8:d3:72:58:4c:6f:a3:91:d1:9b:
         6d:7b:65:c6:4b:bc:a9:8f:9e:ca:97:91:6d:33:ff:f2:1e:35:
         89:56:19:aa
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUA0f5MOm9ULX2omr2yO4mUwVTcWwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTAxMDM3NTVaFw0yNTA2MDkxMDQyNTVaMDMxMTAvBgNV
BAMTKDFGNjg5NjExRkJDQTFBQkFEMDEwNDEwN0QwNjJCMDhFM0RBOUU0OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtap9SVVQkoosP86ffPezWQYkA
UNAGnmx0IqqaAQg2MkcnGhzjapqUSAWPVkRvBeu8IfHTA5VidUmq+7Ol5c6NvLDY
5W1TRkAhQ6w6CJXz5KRZIiPzYLYF9Ydevbwc2bkd7I3LUNtBmV88MhgF9Zh+ad9V
xkNmzeWYkYHgepZJtAMI9GGKZh8sZ4pSnhAbWLNFEXWyWhckuRJYbCBnR6qrjMAI
SoAR4jUw0H6i6fAIUUySSpFnegEWzI1JwSP729usHl6jGfE8YhDImwAcp/8104g3
kMtXg+5/mMV0DMJRuV6DsiaFOtKsHG+WRdujLd8ajS309cnfrBPqwiQE0Wd1AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUH2iWEfvKGrrQEEEH0GKwjj2p5I8wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1eODANBgkq
hkiG9w0BAQsFAAOCAQEAWjYrP/Uxf5qZXhndNeWrJgdi1Y/n+cKrPxQ5W6gD8SLG
Zg8pTrMhge+D5GvPkcJhw3n6ARTbcooRQKCZ91ID/OPwuI7/O7tcHwTZWchZpKap
lBOMSDhtSFOsP3WsTm0R5Fl62c3LT6Aqaia04lFkq/bqXmIe+M6uf12PkdlSbMcs
F2bMMdRtAFL4wGiM6std3wW0uCkq/GFaaQA8pJBEywPMgzLDkxx5oi5Im86ob1BM
86xzT3oSeFiTmU6vW5LPIktm3ionALBO6SYiLRB6r1SFoa1cPwdOAuCkDf5QRvX4
03JYTG+jkdGbbXtlxku8qY+eypeRbTP/8h41iVYZqg==
-----END CERTIFICATE-----