Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31362e302f32322d3332203d3e203531313637.roa
File:                     34352e3133362e31362e302f32322d3332203d3e203531313637.roa (raw, json)
Hash identifier:          Y2ykIxWQ5xn+1xOSO5ZBzgfV4wu+MD8622F3CJV92ac=
Subject key identifier:   DB:CB:F8:D9:11:77:E7:DE:F0:C7:D8:BC:32:0F:2A:DD:C3:CD:39:E2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       16C45F34382916B5295C776B119A5318322402CD
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31362e302f32322d3332203d3e203531313637.roa
Signing time:             Thu 30 May 2024 20:38:59 +0000
ROA not before:           Thu 30 May 2024 20:33:59 +0000
ROA not after:            Thu 29 May 2025 20:38:59 +0000
asID:                     51167
IP address blocks:        45.136.16.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:c4:5f:34:38:29:16:b5:29:5c:77:6b:11:9a:53:18:32:24:02:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 30 20:33:59 2024 GMT
            Not After : May 29 20:38:59 2025 GMT
        Subject: CN=DBCBF8D91177E7DEF0C7D8BC320F2ADDC3CD39E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7d:1d:aa:c9:e9:67:aa:35:f5:d8:ac:aa:60:
                    1c:7c:0c:3b:9c:1b:e3:58:9a:1f:76:19:f4:03:2c:
                    29:4e:ec:a1:9e:d6:2a:be:95:a6:cd:02:55:20:3c:
                    f0:03:77:e1:a0:4d:36:94:6e:51:f9:88:cc:34:c3:
                    2e:8b:18:33:f3:6f:fb:bd:c7:06:f7:69:1a:41:d0:
                    31:c5:14:22:5d:96:da:d9:1d:7b:1f:b9:72:9e:c5:
                    bf:58:df:30:44:d7:33:dc:f8:b2:97:80:61:ca:61:
                    bb:f6:dd:0a:f5:ed:3e:af:2b:90:5a:3c:5b:db:a6:
                    bc:51:2f:1f:8d:36:cd:1b:8b:6d:00:ae:ee:ed:1a:
                    25:71:af:39:ef:f2:ad:a0:42:3b:cd:b9:77:8e:65:
                    5a:02:ce:35:2b:5d:40:76:82:4f:03:dd:a5:bb:e3:
                    bd:56:e8:c1:45:9c:66:2f:07:43:3b:e2:90:d0:69:
                    0f:7d:e2:ea:2f:49:7f:29:0f:76:2f:99:dd:40:31:
                    76:24:ac:12:e1:69:dd:0b:77:24:05:9e:8a:8f:15:
                    ef:14:81:2e:cb:2f:ed:e7:6a:b8:dd:87:f3:07:c1:
                    00:05:a6:73:ec:ba:79:8b:7a:50:5a:0a:90:95:81:
                    54:cf:39:bd:cd:23:40:87:f5:3a:18:cf:d9:8a:38:
                    f5:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:CB:F8:D9:11:77:E7:DE:F0:C7:D8:BC:32:0F:2A:DD:C3:CD:39:E2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3133362e31362e302f32322d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:96:63:e2:cf:62:2e:db:45:48:82:22:b0:c6:6d:0c:2a:8c:
         64:72:4e:79:91:2e:0c:5f:88:34:6b:9f:db:8f:78:59:4e:0d:
         2c:bf:29:f2:99:cd:92:0f:b0:bb:63:15:4f:70:49:9a:97:cb:
         e8:23:63:ff:36:c8:5b:46:44:46:1d:a1:08:9d:2b:8f:02:5e:
         89:c8:7f:f1:f9:bc:5e:54:88:66:9b:61:52:7c:57:50:65:c7:
         ed:c3:38:b6:60:fa:ae:0f:b7:4f:20:eb:7e:a6:00:81:8b:02:
         1b:03:43:d1:b1:13:85:f9:51:ea:e4:b1:5c:41:7e:8a:e8:4b:
         d4:c7:0b:38:14:90:4a:e2:91:fc:03:76:7d:7c:4b:da:3c:f8:
         53:d1:81:b4:55:70:ca:a5:5b:ee:72:b7:a5:29:c1:66:a3:04:
         85:6f:91:8c:c2:5d:b2:ea:40:16:27:22:41:2a:34:27:87:40:
         a6:8e:44:9a:b8:64:b0:ed:71:dc:28:6f:85:9d:87:28:05:17:
         e9:f8:88:c2:ef:ac:10:84:ea:b8:15:41:5c:60:71:58:18:67:
         01:58:af:3a:cd:1b:d2:ef:6f:5e:e2:34:83:59:c1:4c:bf:23:
         4f:5a:bf:76:57:b8:de:7d:e8:33:58:21:09:92:0e:2c:4c:25:
         5a:a4:3e:9a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFsRfNDgpFrUpXHdrEZpTGDIkAs0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA1MzAyMDMzNTlaFw0yNTA1MjkyMDM4NTlaMDMxMTAvBgNV
BAMTKERCQ0JGOEQ5MTE3N0U3REVGMEM3RDhCQzMyMEYyQUREQzNDRDM5RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJfR2qyelnqjX12KyqYBx8DDuc
G+NYmh92GfQDLClO7KGe1iq+labNAlUgPPADd+GgTTaUblH5iMw0wy6LGDPzb/u9
xwb3aRpB0DHFFCJdltrZHXsfuXKexb9Y3zBE1zPc+LKXgGHKYbv23Qr17T6vK5Ba
PFvbprxRLx+NNs0bi20Aru7tGiVxrznv8q2gQjvNuXeOZVoCzjUrXUB2gk8D3aW7
471W6MFFnGYvB0M74pDQaQ994uovSX8pD3Yvmd1AMXYkrBLhad0LdyQFnoqPFe8U
gS7LL+3narjdh/MHwQAFpnPsunmLelBaCpCVgVTPOb3NI0CH9ToYz9mKOPX7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU28v42RF3597wx9i8Mg8q3cPNOeIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMzM2MmUzMTM2
MmUzMDJmMzIzMjJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi2I
EDANBgkqhkiG9w0BAQsFAAOCAQEAlZZj4s9iLttFSIIisMZtDCqMZHJOeZEuDF+I
NGuf2494WU4NLL8p8pnNkg+wu2MVT3BJmpfL6CNj/zbIW0ZERh2hCJ0rjwJeich/
8fm8XlSIZpthUnxXUGXH7cM4tmD6rg+3TyDrfqYAgYsCGwND0bEThflR6uSxXEF+
iuhL1McLOBSQSuKR/AN2fXxL2jz4U9GBtFVwyqVb7nK3pSnBZqMEhW+RjMJdsupA
FiciQSo0J4dApo5EmrhksO1x3ChvhZ2HKAUX6fiIwu+sEITquBVBXGBxWBhnAViv
Os0b0u9vXuI0g1nBTL8jT1q/dle43n3oM1ghCZIOLEwlWqQ+mg==
-----END CERTIFICATE-----