Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e38382e302f32332d3234203d3e203437353833.roa
File:                     34352e31342e38382e302f32332d3234203d3e203437353833.roa (raw, json)
Hash identifier:          Qd+i5LSYk4fsf1nb0gyFDrdAyk1+5mfZNOv3WGmA+t8=
Subject key identifier:   2C:22:21:23:4D:20:55:78:50:7D:EB:BD:23:E7:A5:8B:75:94:74:57
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       797FA46F3CC5C8A0A1F3E13A430B95AF17C5EB97
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e38382e302f32332d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:32 +0000
ROA not before:           Mon 26 Feb 2024 08:48:32 +0000
ROA not after:            Mon 24 Feb 2025 08:53:32 +0000
asID:                     47583
IP address blocks:        45.14.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:7f:a4:6f:3c:c5:c8:a0:a1:f3:e1:3a:43:0b:95:af:17:c5:eb:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:32 2024 GMT
            Not After : Feb 24 08:53:32 2025 GMT
        Subject: CN=2C2221234D205578507DEBBD23E7A58B75947457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e0:91:cf:ee:b9:f0:61:02:d8:13:6e:d2:f9:
                    99:87:bc:da:2c:de:f0:6d:33:8a:66:1c:ae:36:00:
                    c3:da:ca:e6:95:6f:8b:0e:41:18:bc:4d:74:50:a4:
                    2f:71:1b:ca:04:2a:e6:55:7e:5d:5a:3a:6f:19:d3:
                    81:f9:c0:fe:d7:0f:28:39:44:02:8f:8b:f8:1b:4f:
                    de:33:e2:07:05:45:4a:2b:9d:13:28:62:9f:bf:37:
                    82:c5:eb:bf:61:8c:ec:22:39:46:65:0b:0d:5a:13:
                    e9:45:c8:96:73:71:a7:e2:fb:9b:8b:96:9e:76:61:
                    a9:42:78:f0:26:d7:9b:a9:26:4e:31:df:87:23:7a:
                    c2:33:39:b7:47:3e:d6:58:03:2f:89:8c:66:29:e7:
                    6f:bc:ca:71:82:08:36:fd:5e:57:1f:28:79:1b:4d:
                    25:71:8d:7c:ab:07:c0:9b:d1:b7:6d:ea:39:c5:af:
                    47:6e:64:1d:4e:19:8e:03:09:59:e1:43:70:66:3a:
                    02:92:e4:93:c6:f8:fc:fb:05:38:8b:dd:0a:32:1e:
                    f1:da:40:f0:77:b3:c3:53:23:55:a3:0e:d5:a7:e3:
                    5b:5a:d4:42:39:be:af:9e:6b:e5:1c:df:3e:52:37:
                    d0:7c:96:f2:f6:84:07:58:a7:74:ad:69:9a:6e:77:
                    f5:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:22:21:23:4D:20:55:78:50:7D:EB:BD:23:E7:A5:8B:75:94:74:57
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e38382e302f32332d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:4d:97:7c:2a:69:7b:bf:25:f8:07:a8:35:a7:01:05:54:df:
         df:87:9d:8f:b2:c1:3e:15:cb:76:32:eb:6d:a5:bb:96:7e:a1:
         ca:ae:d1:78:df:72:ab:6a:37:04:03:78:df:38:4a:bd:d2:95:
         4b:f1:61:97:3a:ed:1e:36:bc:53:1d:47:48:9e:f7:6e:93:1d:
         d5:07:5f:d3:6d:04:92:4e:86:05:b2:a8:d7:6e:12:35:43:0b:
         9a:8a:e8:80:e1:97:ce:4b:17:bf:3d:7d:c6:ed:93:54:28:29:
         19:a0:fd:59:78:f3:68:2d:35:33:28:90:4d:db:35:41:ed:12:
         80:d6:83:c5:64:47:d2:f4:c2:04:99:b5:4d:fe:43:02:02:d3:
         d7:03:ad:d8:7a:f5:fd:69:75:e2:fd:71:87:39:9a:2f:36:78:
         9e:55:1f:05:2b:f7:d7:80:6b:46:c8:ea:88:a3:c7:6b:f8:f5:
         48:92:2e:bf:4f:0f:34:d0:47:83:eb:56:a1:69:9e:9e:d5:eb:
         27:09:60:7c:2f:a6:31:79:5c:02:d7:b5:15:6e:b6:9e:08:eb:
         6c:a4:72:bc:78:13:fa:bd:30:82:03:c2:26:a1:3a:db:47:ac:
         6f:9c:6f:3f:49:ce:b8:01:cc:c9:f7:64:cc:43:42:a1:47:22:
         0d:1b:37:59
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUeX+kbzzFyKCh8+E6QwuVrxfF65cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MzJaFw0yNTAyMjQwODUzMzJaMDMxMTAvBgNV
BAMTKDJDMjIyMTIzNEQyMDU1Nzg1MDdERUJCRDIzRTdBNThCNzU5NDc0NTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM4JHP7rnwYQLYE27S+ZmHvNos
3vBtM4pmHK42AMPayuaVb4sOQRi8TXRQpC9xG8oEKuZVfl1aOm8Z04H5wP7XDyg5
RAKPi/gbT94z4gcFRUornRMoYp+/N4LF679hjOwiOUZlCw1aE+lFyJZzcafi+5uL
lp52YalCePAm15upJk4x34cjesIzObdHPtZYAy+JjGYp52+8ynGCCDb9XlcfKHkb
TSVxjXyrB8Cb0bdt6jnFr0duZB1OGY4DCVnhQ3BmOgKS5JPG+Pz7BTiL3QoyHvHa
QPB3s8NTI1WjDtWn41ta1EI5vq+ea+Uc3z5SN9B8lvL2hAdYp3StaZpud/W9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQULCIhI00gVXhQfeu9I+eli3WUdFcwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzgzODJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEtDlgw
DQYJKoZIhvcNAQELBQADggEBAEBNl3wqaXu/JfgHqDWnAQVU39+HnY+ywT4Vy3Yy
622lu5Z+ocqu0XjfcqtqNwQDeN84Sr3SlUvxYZc67R42vFMdR0ie926THdUHX9Nt
BJJOhgWyqNduEjVDC5qK6IDhl85LF789fcbtk1QoKRmg/Vl482gtNTMokE3bNUHt
EoDWg8VkR9L0wgSZtU3+QwIC09cDrdh69f1pdeL9cYc5mi82eJ5VHwUr99eAa0bI
6oijx2v49UiSLr9PDzTQR4PrVqFpnp7V6ycJYHwvpjF5XALXtRVutp4I62ykcrx4
E/q9MIIDwiahOttHrG+cbz9JzrgBzMn3ZMxDQqFHIg0bN1k=
-----END CERTIFICATE-----