Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31362e302f32322d3332203d3e203531313637.roa
File:                     34352e3133362e31362e302f32322d3332203d3e203531313637.roa (raw, json)
Hash identifier:          GgVp4BMPoohfxZMv1N4lbwgWcbVl68WMTCgjqLfqUz8=
Subject key identifier:   92:B9:50:6B:59:FA:36:8D:89:C0:1A:C6:D0:A6:82:0D:C9:30:68:C5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       53E46AE119EEE18C441739B54C464FAF5E233717
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31362e302f32322d3332203d3e203531313637.roa
Signing time:             Thu 01 May 2025 20:46:11 +0000
ROA not before:           Thu 01 May 2025 20:41:11 +0000
ROA not after:            Thu 30 Apr 2026 20:46:11 +0000
asID:                     51167
IP address blocks:        45.136.16.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e4:6a:e1:19:ee:e1:8c:44:17:39:b5:4c:46:4f:af:5e:23:37:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May  1 20:41:11 2025 GMT
            Not After : Apr 30 20:46:11 2026 GMT
        Subject: CN=92B9506B59FA368D89C01AC6D0A6820DC93068C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d9:2a:fb:be:f1:f5:56:01:3e:f9:70:78:57:
                    3d:05:c4:21:51:26:f4:ee:86:98:8b:92:a7:95:0e:
                    5b:f4:df:3f:fd:53:85:84:6a:e5:a3:28:89:d5:86:
                    15:7c:8e:bb:a5:c7:25:49:da:6d:8a:45:90:da:8d:
                    ba:46:b4:77:a7:47:29:e2:2e:e2:74:2c:68:c6:a0:
                    34:ff:ef:8a:ce:21:df:47:9f:7d:70:e8:2d:6e:7f:
                    18:f1:0b:be:90:de:dc:53:12:48:f7:4d:8a:ba:df:
                    ca:4e:83:99:b2:30:91:81:22:cd:09:3b:e6:2f:dd:
                    ed:56:e9:98:b2:86:80:67:c9:01:6a:dd:52:ec:8b:
                    0e:8a:44:2c:f6:61:4f:2d:4e:7a:42:cc:11:a8:7a:
                    f6:e7:e6:8f:12:44:7e:fb:08:50:e1:49:b5:06:79:
                    0e:ef:ac:0f:5f:39:f1:1c:75:6d:ce:a9:43:68:30:
                    2d:08:ca:5a:5c:1b:c2:39:36:a4:bb:49:32:3b:0b:
                    10:c5:92:e6:78:21:43:3a:0d:a1:a6:c7:c6:24:d1:
                    e5:43:12:cd:24:4c:a9:ba:60:9f:e8:49:86:94:8e:
                    b0:99:e3:30:0b:f9:36:50:c1:19:32:f3:d1:70:37:
                    22:b0:84:63:b6:24:c5:3a:11:bf:36:78:c1:cd:e2:
                    e1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B9:50:6B:59:FA:36:8D:89:C0:1A:C6:D0:A6:82:0D:C9:30:68:C5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31362e302f32322d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:01:f6:ff:bb:4e:42:cc:e7:c4:b8:13:c0:da:62:21:8e:5d:
         53:d0:b1:22:c0:e7:f4:78:5a:a5:28:31:d6:fb:32:2c:41:b1:
         ec:7d:e2:14:74:55:1f:32:70:a0:b6:45:30:06:24:c1:5f:7f:
         c9:ff:32:ac:06:33:ac:e4:70:33:69:70:06:f6:d2:5d:61:a6:
         8d:af:37:08:c3:9d:7f:83:90:f3:63:b6:a0:2e:4b:fe:02:f1:
         12:b8:11:9a:24:f4:a1:2c:cc:67:69:73:df:2b:46:c1:d6:bb:
         a3:03:9c:e6:9a:02:9b:54:81:5c:71:57:36:7a:d8:61:77:8d:
         ad:ee:9d:c5:fd:15:00:cf:3e:ed:b4:1b:b5:3d:3c:e6:4d:56:
         f3:ff:9a:58:e6:c4:1d:a2:56:54:6a:78:c0:6c:dd:de:d4:a3:
         89:cf:5e:b6:6d:3f:4e:1f:e5:4d:f9:c6:99:50:dd:34:ba:5f:
         6f:d3:c3:fc:4e:7d:a9:3d:8f:a1:4a:f4:76:43:08:ce:e3:38:
         e8:06:6b:41:31:23:d8:2d:bf:20:c0:5d:f4:8d:74:86:ad:f4:
         24:1a:5b:65:9a:b5:b7:e9:8d:54:05:4f:95:a7:f3:e1:37:31:
         69:78:f7:5e:7a:25:3f:5c:78:70:2b:69:7e:4b:ab:dc:11:b5:
         c9:7d:1c:19
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUU+Rq4Rnu4YxEFzm1TEZPr14jNxcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MDEyMDQxMTFaFw0yNjA0MzAyMDQ2MTFaMDMxMTAvBgNV
BAMTKDkyQjk1MDZCNTlGQTM2OEQ4OUMwMUFDNkQwQTY4MjBEQzkzMDY4QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC82Sr7vvH1VgE++XB4Vz0FxCFR
JvTuhpiLkqeVDlv03z/9U4WEauWjKInVhhV8jrulxyVJ2m2KRZDajbpGtHenRyni
LuJ0LGjGoDT/74rOId9Hn31w6C1ufxjxC76Q3txTEkj3TYq638pOg5myMJGBIs0J
O+Yv3e1W6ZiyhoBnyQFq3VLsiw6KRCz2YU8tTnpCzBGoevbn5o8SRH77CFDhSbUG
eQ7vrA9fOfEcdW3OqUNoMC0IylpcG8I5NqS7STI7CxDFkuZ4IUM6DaGmx8Yk0eVD
Es0kTKm6YJ/oSYaUjrCZ4zAL+TZQwRky89FwNyKwhGO2JMU6Eb82eMHN4uEJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkrlQa1n6No2JwBrG0KaCDckwaMUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMzM2MmUzMTM2
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2I
EDANBgkqhkiG9w0BAQsFAAOCAQEAAwH2/7tOQsznxLgTwNpiIY5dU9CxIsDn9Hha
pSgx1vsyLEGx7H3iFHRVHzJwoLZFMAYkwV9/yf8yrAYzrORwM2lwBvbSXWGmja83
CMOdf4OQ82O2oC5L/gLxErgRmiT0oSzMZ2lz3ytGwda7owOc5poCm1SBXHFXNnrY
YXeNre6dxf0VAM8+7bQbtT085k1W8/+aWObEHaJWVGp4wGzd3tSjic9etm0/Th/l
TfnGmVDdNLpfb9PD/E59qT2PoUr0dkMIzuM46AZrQTEj2C2/IMBd9I10hq30JBpb
ZZq1t+mNVAVPlafz4TcxaXj3XnolP1x4cCtpfkur3BG1yX0cGQ==
-----END CERTIFICATE-----