Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e3130302e302f32322d3234203d3e203437353833.roa
File:                     34352e39332e3130302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          Xj3vF6WH9YQYuyNP7FFJxnvfUDsVH9Ew1UImEilVD0c=
Subject key identifier:   E3:F3:D3:B1:CB:09:FD:A5:4B:51:59:62:BC:27:BB:4C:74:8D:05:0E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       765EEDB1E28A2D3BA95152DDBB1DA4418E4454A5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e3130302e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:22 +0000
ROA not before:           Mon 26 Feb 2024 08:48:22 +0000
ROA not after:            Mon 24 Feb 2025 08:53:22 +0000
asID:                     47583
IP address blocks:        45.93.100.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:5e:ed:b1:e2:8a:2d:3b:a9:51:52:dd:bb:1d:a4:41:8e:44:54:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:22 2024 GMT
            Not After : Feb 24 08:53:22 2025 GMT
        Subject: CN=E3F3D3B1CB09FDA54B515962BC27BB4C748D050E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d9:c2:80:f2:f8:ba:b4:3d:48:c9:d9:f1:86:
                    67:8b:3a:b5:74:db:74:bb:ab:8b:3c:95:b6:93:31:
                    b1:d7:d5:3e:42:fd:a9:62:0e:9f:8d:86:0d:5b:03:
                    55:eb:7f:ea:be:f0:0a:60:6b:fb:5b:72:0f:0d:9c:
                    06:b8:61:51:e2:4f:c5:9e:78:b3:be:f2:d6:51:ea:
                    53:cf:2c:44:f3:74:b1:6f:ba:40:f6:d4:b9:b5:31:
                    a9:f6:70:2e:cd:50:da:9b:c5:b5:54:72:eb:78:d2:
                    8a:22:2b:e0:4e:74:80:65:bc:49:b7:b2:b1:85:18:
                    c3:47:23:a4:cc:17:41:3c:75:6a:32:d1:81:fd:67:
                    83:ad:fd:58:6b:32:d9:7a:f4:fe:ad:92:ab:2e:de:
                    91:50:ef:e5:bf:b2:19:7b:32:bf:07:af:25:78:0c:
                    e7:54:b7:9f:87:d7:c6:2f:f6:ea:8f:a2:6f:89:16:
                    b7:b1:d1:be:24:6b:93:ef:42:88:2a:5a:71:e8:05:
                    03:d4:ee:b0:87:21:d4:70:70:1a:0c:c4:dc:4e:8c:
                    45:c9:68:52:e7:b1:35:89:41:2b:b6:d7:95:3c:bd:
                    be:27:01:d6:a2:97:7e:46:f8:b6:04:3e:e9:58:e3:
                    3e:44:9b:bf:be:51:d5:f1:10:59:8b:bb:8f:f1:15:
                    7a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F3:D3:B1:CB:09:FD:A5:4B:51:59:62:BC:27:BB:4C:74:8D:05:0E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e3130302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:d1:0b:67:e9:df:67:c3:49:b0:ff:85:c5:4e:ea:42:c7:af:
         e3:e3:4b:1d:0f:04:50:0e:a5:23:68:c5:84:20:86:a2:c4:73:
         61:97:4d:1c:a2:9a:87:d8:e0:95:4d:1d:17:d9:61:e9:f6:e4:
         90:d8:6f:dc:fd:a1:06:1c:0a:e2:69:e7:35:7e:94:b5:93:ca:
         d6:0f:2c:b0:fa:66:2f:6c:3a:a1:45:e9:9c:d5:08:19:75:d7:
         45:8d:b2:63:24:f5:fd:13:b9:69:c8:61:41:e5:d0:86:27:c5:
         cc:ce:1f:8c:26:e9:bb:45:75:be:8c:48:a1:97:c1:a9:14:9c:
         6e:0b:e4:c1:e0:1a:bb:60:bd:d1:4e:4c:d4:2b:68:9a:a5:40:
         03:ca:b7:59:13:86:1b:52:2f:8e:01:83:b6:df:83:ca:cc:7b:
         00:fb:f9:cc:13:6b:5b:0b:d6:37:64:1c:17:83:f9:6a:11:c1:
         3a:a7:65:5c:37:8f:65:7d:47:08:fb:68:85:70:63:26:7d:7c:
         d6:bd:6d:e2:8b:ab:fc:1a:5a:33:31:69:ad:98:33:1a:4a:74:
         a7:9f:32:a7:9b:6b:87:85:10:a1:c5:c7:a3:53:79:b6:4e:c1:
         92:b3:c6:1e:1b:dd:b9:fb:46:17:09:8c:d7:3d:c5:b2:c0:4a:
         7d:2a:1b:bb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdl7tseKKLTupUVLdux2kQY5EVKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MjJaFw0yNTAyMjQwODUzMjJaMDMxMTAvBgNV
BAMTKEUzRjNEM0IxQ0IwOUZEQTU0QjUxNTk2MkJDMjdCQjRDNzQ4RDA1MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS2cKA8vi6tD1IydnxhmeLOrV0
23S7q4s8lbaTMbHX1T5C/aliDp+Nhg1bA1Xrf+q+8Apga/tbcg8NnAa4YVHiT8We
eLO+8tZR6lPPLETzdLFvukD21Lm1Man2cC7NUNqbxbVUcut40ooiK+BOdIBlvEm3
srGFGMNHI6TMF0E8dWoy0YH9Z4Ot/VhrMtl69P6tkqsu3pFQ7+W/shl7Mr8HryV4
DOdUt5+H18Yv9uqPom+JFrex0b4ka5PvQogqWnHoBQPU7rCHIdRwcBoMxNxOjEXJ
aFLnsTWJQSu215U8vb4nAdail35G+LYEPulY4z5Em7++UdXxEFmLu4/xFXrFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4/PTscsJ/aVLUVlivCe7THSNBQ4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzMzJlMzEzMDMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1d
ZDANBgkqhkiG9w0BAQsFAAOCAQEAOdELZ+nfZ8NJsP+FxU7qQsev4+NLHQ8EUA6l
I2jFhCCGosRzYZdNHKKah9jglU0dF9lh6fbkkNhv3P2hBhwK4mnnNX6UtZPK1g8s
sPpmL2w6oUXpnNUIGXXXRY2yYyT1/RO5achhQeXQhifFzM4fjCbpu0V1voxIoZfB
qRScbgvkweAau2C90U5M1CtomqVAA8q3WROGG1IvjgGDtt+Dysx7APv5zBNrWwvW
N2QcF4P5ahHBOqdlXDePZX1HCPtohXBjJn181r1t4our/BpaMzFprZgzGkp0p58y
p5trh4UQocXHo1N5tk7BkrPGHhvduftGFwmM1z3FssBKfSobuw==
-----END CERTIFICATE-----