Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e38382e302f32332d3234203d3e203437353833.roa
File:                     34352e31342e38382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          ITOS0CwJGBlgMzerQzNfufXzJfmJXNh/pqKLtLMGVqc=
Subject key identifier:   EC:59:2C:4C:31:0C:38:92:27:4C:C2:65:0D:53:79:02:5D:F3:04:AE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       209D230A57DFBB347240C2E8930EAD05AE02F7C1
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e38382e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:44:56 +0000
ROA not before:           Mon 27 Jan 2025 09:39:56 +0000
ROA not after:            Mon 26 Jan 2026 09:44:56 +0000
asID:                     47583
IP address blocks:        45.14.88.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:9d:23:0a:57:df:bb:34:72:40:c2:e8:93:0e:ad:05:ae:02:f7:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:39:56 2025 GMT
            Not After : Jan 26 09:44:56 2026 GMT
        Subject: CN=EC592C4C310C3892274CC2650D5379025DF304AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:92:93:88:76:e8:8e:89:77:0b:8d:6a:93:0b:
                    ac:45:e3:90:bd:de:0f:c2:1f:ec:93:f9:67:24:e7:
                    71:b3:38:2a:c6:18:bb:c1:20:44:05:9e:e4:25:64:
                    20:cd:3b:f4:60:c4:2a:d6:22:28:e8:c4:0e:07:ad:
                    40:37:7a:6b:3a:02:ab:30:31:dc:28:de:a3:24:12:
                    54:69:8d:14:7c:ab:ac:04:8e:af:9d:57:4a:3a:1b:
                    ef:ab:3b:ab:ee:e2:42:f3:39:48:40:17:99:69:e2:
                    00:91:b1:94:82:aa:33:e9:4d:aa:49:59:cf:f2:a9:
                    26:ca:65:b2:0a:bf:69:2b:94:b0:d8:97:4a:f9:73:
                    19:4e:e5:93:b0:b5:c2:31:9c:c0:bb:0e:d6:53:b5:
                    6a:1d:02:a8:51:2b:1f:69:2e:58:1d:9b:86:8b:6d:
                    38:3b:dc:92:92:d1:22:6c:61:a8:a2:60:f7:d6:ac:
                    b0:53:bb:56:7f:f4:97:16:71:06:48:2e:af:71:c2:
                    dc:4b:4b:67:30:67:51:f7:84:bf:2c:87:29:df:68:
                    16:94:49:07:18:20:7c:56:b2:a7:b8:7b:2a:8e:ca:
                    4a:8c:33:83:a3:cf:6c:49:8a:71:1f:a5:ed:68:6b:
                    2f:c1:31:54:46:fc:34:ae:7d:4b:9c:11:ab:33:12:
                    93:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:59:2C:4C:31:0C:38:92:27:4C:C2:65:0D:53:79:02:5D:F3:04:AE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e38382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:da:c2:e1:1e:ca:af:5e:fc:76:55:31:9a:ea:a1:94:9a:29:
         b5:35:a9:c8:a0:df:f9:94:a4:01:08:9a:89:6f:3c:9a:04:98:
         04:ac:59:c4:3c:d4:ec:08:c5:80:c5:e8:9e:c3:0e:e7:56:e2:
         4e:58:36:ad:a3:8d:a3:de:81:04:ac:65:1c:a0:d8:ff:2d:4d:
         20:d7:ca:df:2f:f4:38:c5:2c:0b:2b:e0:0c:fe:79:c3:99:6f:
         62:b8:df:7e:a6:27:5b:70:89:ee:a4:b6:8d:a4:7a:f3:4c:6a:
         80:db:c9:65:d8:1b:1e:dd:86:b7:22:39:aa:e4:48:3f:54:f1:
         ca:5b:d5:c3:e1:bd:dd:a3:8a:11:c1:47:bf:f9:2c:52:77:fe:
         0a:9a:1c:95:66:6c:8f:74:98:d3:29:75:28:42:44:0a:b1:8c:
         ea:8c:8e:fa:91:ae:e3:e2:61:d3:d3:d4:15:a4:86:0a:64:c8:
         59:33:28:20:09:8d:2b:7b:04:fd:16:2f:2b:7e:c5:ae:44:39:
         3a:fc:f1:42:45:e4:78:f4:21:ab:2c:aa:56:d3:40:72:3c:f3:
         a7:9e:13:87:13:54:3c:69:b0:a3:45:d0:36:63:68:14:ca:26:
         14:4a:7a:ac:85:11:2b:3f:61:29:ca:a8:e7:5a:61:40:d5:40:
         46:e1:93:cb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIJ0jClffuzRyQMLokw6tBa4C98EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTM5NTZaFw0yNjAxMjYwOTQ0NTZaMDMxMTAvBgNV
BAMTKEVDNTkyQzRDMzEwQzM4OTIyNzRDQzI2NTBENTM3OTAyNURGMzA0QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAkpOIduiOiXcLjWqTC6xF45C9
3g/CH+yT+Wck53GzOCrGGLvBIEQFnuQlZCDNO/RgxCrWIijoxA4HrUA3ems6Aqsw
Mdwo3qMkElRpjRR8q6wEjq+dV0o6G++rO6vu4kLzOUhAF5lp4gCRsZSCqjPpTapJ
Wc/yqSbKZbIKv2krlLDYl0r5cxlO5ZOwtcIxnMC7DtZTtWodAqhRKx9pLlgdm4aL
bTg73JKS0SJsYaiiYPfWrLBTu1Z/9JcWcQZILq9xwtxLS2cwZ1H3hL8shynfaBaU
SQcYIHxWsqe4eyqOykqMM4Ojz2xJinEfpe1oay/BMVRG/DSufUucEaszEpPPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7FksTDEMOJInTMJlDVN5Al3zBK4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzgzODJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtDlgw
DQYJKoZIhvcNAQELBQADggEBAD7awuEeyq9e/HZVMZrqoZSaKbU1qcig3/mUpAEI
molvPJoEmASsWcQ81OwIxYDF6J7DDudW4k5YNq2jjaPegQSsZRyg2P8tTSDXyt8v
9DjFLAsr4Az+ecOZb2K4336mJ1twie6kto2kevNMaoDbyWXYGx7dhrciOarkSD9U
8cpb1cPhvd2jihHBR7/5LFJ3/gqaHJVmbI90mNMpdShCRAqxjOqMjvqRruPiYdPT
1BWkhgpkyFkzKCAJjSt7BP0WLyt+xa5EOTr88UJF5Hj0IassqlbTQHI886eeE4cT
VDxpsKNF0DZjaBTKJhRKeqyFESs/YSnKqOdaYUDVQEbhk8s=
-----END CERTIFICATE-----