Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa
File:                     34352e31342e39312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          8xYBNbAQh7dTHr6qM204MuS0b8YCZ6jdOT0fReeq9WY=
Subject key identifier:   69:F8:FD:EB:D9:C3:AF:D5:FF:97:4C:3D:E8:C7:21:53:5F:A0:D3:53
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       14D8BAA4104F99C9686D6BA3490754A612930114
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa
Signing time:             Wed 26 Jul 2023 09:55:14 +0000
ROA not before:           Wed 26 Jul 2023 09:50:14 +0000
ROA not after:            Wed 24 Jul 2024 09:55:14 +0000
asID:                     834
IP address blocks:        45.14.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:d8:ba:a4:10:4f:99:c9:68:6d:6b:a3:49:07:54:a6:12:93:01:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 26 09:50:14 2023 GMT
            Not After : Jul 24 09:55:14 2024 GMT
        Subject: CN=69F8FDEBD9C3AFD5FF974C3DE8C721535FA0D353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:73:21:8b:52:3f:82:49:b6:f8:2e:db:2d:3f:
                    96:2e:6c:15:6e:4c:0f:ab:80:2d:f5:e6:56:93:31:
                    96:a2:84:f4:15:3c:78:a7:9e:15:58:ec:a9:de:2c:
                    3c:38:32:5f:aa:5d:f6:0a:8d:8f:60:21:b0:b3:27:
                    22:3f:b9:8e:2b:a9:40:3a:2c:d6:45:0d:36:39:6f:
                    46:31:08:8f:fc:55:ed:7e:04:bb:9e:80:34:9f:ac:
                    2e:af:c5:24:9a:d0:2b:b7:7d:1d:ca:a9:51:dd:34:
                    b9:76:4d:ca:99:08:e9:1b:c1:c6:0e:c9:20:d2:35:
                    c5:a5:78:d1:36:78:a8:ad:99:3c:f1:17:12:72:ed:
                    43:55:f5:46:6a:0f:a4:69:f8:62:f9:d2:8a:03:5c:
                    b6:06:eb:63:27:ea:6c:32:02:9d:9c:b0:dd:dd:87:
                    e0:7c:11:af:7b:bd:45:7e:fe:dc:7a:2c:f1:13:a1:
                    7d:17:7b:f4:67:1e:22:49:06:39:e3:36:70:87:50:
                    e2:52:32:68:36:9e:17:64:32:b6:cf:51:ed:af:71:
                    59:68:78:00:82:af:8d:3f:65:02:ed:bb:d8:a5:74:
                    7e:00:ec:9a:1a:08:a3:23:23:c3:53:d0:21:ea:db:
                    16:ed:21:c4:ff:3f:94:79:ef:0f:f5:9a:7e:a2:bb:
                    99:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F8:FD:EB:D9:C3:AF:D5:FF:97:4C:3D:E8:C7:21:53:5F:A0:D3:53
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7a:61:2c:37:ed:b9:6e:ae:81:89:a7:63:0c:61:9c:71:af:
         88:0c:43:1d:f7:e9:ca:f3:21:b9:21:0f:ee:b1:5c:5c:78:cb:
         50:a0:5a:0a:a0:97:f3:2b:e0:03:2a:dd:72:66:18:74:f6:44:
         ea:94:b1:64:38:a6:b1:76:fe:5e:a7:f2:ac:3e:42:09:79:e7:
         2e:e0:2f:4c:35:91:08:c4:3e:33:70:e2:93:28:50:c6:eb:29:
         94:f6:71:f0:3c:69:e4:a6:93:e4:3a:5a:5b:34:66:3a:b5:a6:
         10:64:14:2b:9a:fa:1d:3b:2d:c4:8c:48:2c:86:72:13:ca:66:
         7c:3e:0e:62:e0:d2:17:66:ad:a7:84:42:a5:54:6a:93:56:a7:
         60:ad:c7:e0:19:1a:50:7c:42:38:79:d5:07:d1:f5:ec:4a:c2:
         df:40:e9:cc:76:c4:e8:cf:e1:7a:2d:a4:7c:06:eb:36:f0:db:
         82:98:7f:10:5a:b7:97:cd:93:d7:86:f3:0a:b7:66:e9:c6:f7:
         66:2d:b4:06:2f:ed:ab:67:7a:e6:6a:7f:1d:d1:4c:ce:61:ab:
         9e:e8:50:dd:1f:18:7d:c1:f7:84:f0:e4:1e:75:6d:c4:d9:9b:
         43:5d:75:a2:2c:f2:37:6b:d7:08:9f:70:54:fb:80:35:69:f8:
         a8:71:cf:e1
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUFNi6pBBPmclobWujSQdUphKTARQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA3MjYwOTUwMTRaFw0yNDA3MjQwOTU1MTRaMDMxMTAvBgNV
BAMTKDY5RjhGREVCRDlDM0FGRDVGRjk3NEMzREU4QzcyMTUzNUZBMEQzNTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBcyGLUj+CSbb4LtstP5YubBVu
TA+rgC315laTMZaihPQVPHinnhVY7KneLDw4Ml+qXfYKjY9gIbCzJyI/uY4rqUA6
LNZFDTY5b0YxCI/8Ve1+BLuegDSfrC6vxSSa0Cu3fR3KqVHdNLl2TcqZCOkbwcYO
ySDSNcWleNE2eKitmTzxFxJy7UNV9UZqD6Rp+GL50ooDXLYG62Mn6mwyAp2csN3d
h+B8Ea97vUV+/tx6LPEToX0Xe/RnHiJJBjnjNnCHUOJSMmg2nhdkMrbPUe2vcVlo
eACCr40/ZQLtu9ildH4A7JoaCKMjI8NT0CHq2xbtIcT/P5R57w/1mn6iu5njAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUafj969nDr9X/l0w96MchU1+g01MwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzkzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0OWzANBgkq
hkiG9w0BAQsFAAOCAQEALnphLDftuW6ugYmnYwxhnHGviAxDHffpyvMhuSEP7rFc
XHjLUKBaCqCX8yvgAyrdcmYYdPZE6pSxZDimsXb+XqfyrD5CCXnnLuAvTDWRCMQ+
M3DikyhQxusplPZx8Dxp5KaT5DpaWzRmOrWmEGQUK5r6HTstxIxILIZyE8pmfD4O
YuDSF2atp4RCpVRqk1anYK3H4BkaUHxCOHnVB9H17ErC30DpzHbE6M/hei2kfAbr
NvDbgph/EFq3l82T14bzCrdm6cb3Zi20Bi/tq2d65mp/HdFMzmGrnuhQ3R8YfcH3
hPDkHnVtxNmbQ111oizyN2vXCJ9wVPuANWn4qHHP4Q==
-----END CERTIFICATE-----