Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39302e302f32342d3234203d3e20383334.roa
File:                     34352e31342e39302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          APyGUNkjzJX5as5YSjFYNhcIbz1EVlVdPlO1pp7uhGA=
Subject key identifier:   EE:F4:E2:C4:22:8E:E6:D6:B8:C2:25:77:FC:98:C0:FB:8B:3C:E3:2B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       78664A0D8A379F9F4C78250F03AAFD3833B6765E
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 13 May 2025 21:46:14 +0000
ROA not before:           Tue 13 May 2025 21:41:14 +0000
ROA not after:            Tue 12 May 2026 21:46:14 +0000
asID:                     834
IP address blocks:        45.14.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:66:4a:0d:8a:37:9f:9f:4c:78:25:0f:03:aa:fd:38:33:b6:76:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 13 21:41:14 2025 GMT
            Not After : May 12 21:46:14 2026 GMT
        Subject: CN=EEF4E2C4228EE6D6B8C22577FC98C0FB8B3CE32B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d0:fb:46:03:42:ce:92:2b:d9:82:39:ae:28:
                    ea:7e:06:af:f9:74:47:e0:d4:7d:65:ce:ba:ca:eb:
                    4c:6d:df:58:ec:ca:2a:89:8c:09:90:73:66:00:cb:
                    b1:98:45:37:e4:dd:9d:04:e1:fb:5e:7e:52:c3:fd:
                    e5:be:7c:3d:d6:a0:fc:c0:ed:7b:be:41:c8:e7:8d:
                    5e:7c:26:29:72:98:6a:8d:64:80:ec:9a:d9:c5:da:
                    3f:c1:1a:f0:f9:23:18:5e:ad:43:47:be:28:6b:e7:
                    98:99:ab:32:e8:5b:1a:af:8c:a5:03:ae:a8:db:61:
                    80:39:8f:70:79:61:e7:13:a2:25:d8:69:4a:97:5a:
                    af:45:bd:44:51:46:5f:c7:70:15:19:b5:ae:bb:a5:
                    f8:00:12:77:af:22:89:b2:94:7f:b9:28:e1:ce:b5:
                    fd:e3:62:14:40:91:fc:de:8f:c9:ce:27:f2:c1:d2:
                    ed:e4:f7:d8:fc:69:2a:c3:1e:cd:0c:6e:bf:fc:b5:
                    38:a8:48:f7:de:9e:cc:65:5c:90:71:d4:f5:51:5b:
                    89:55:6a:9a:a0:fa:ba:57:7c:52:7f:1a:c6:1a:39:
                    af:d8:43:bc:12:04:20:3f:64:39:dc:4a:43:e1:32:
                    9d:b6:9d:02:86:9c:e1:bb:84:1c:28:45:4e:31:00:
                    6b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F4:E2:C4:22:8E:E6:D6:B8:C2:25:77:FC:98:C0:FB:8B:3C:E3:2B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:88:42:97:0f:b7:0c:38:8d:28:c8:7d:3e:4c:c7:be:e1:4d:
         78:e0:87:d2:e3:eb:a4:17:b1:2a:f8:e7:ba:15:2f:c2:ba:02:
         5b:c8:a6:f3:55:05:1c:2b:0c:7d:ce:b6:7e:89:53:e9:c3:98:
         28:66:6f:24:de:fb:9d:57:07:27:f3:c7:a9:fc:67:c2:c1:75:
         3a:22:af:58:a8:9b:4f:78:da:1f:36:25:6a:18:50:fd:7b:82:
         e7:c8:f2:76:3f:ca:6a:62:27:d0:c7:a3:47:e0:bc:2e:fe:6c:
         98:4c:31:ca:d9:99:61:b8:61:5b:30:54:58:9d:a9:c1:18:5e:
         b7:1a:15:58:bd:82:31:be:a2:57:87:ae:4d:fd:22:a3:bf:fa:
         56:a8:73:b2:52:4d:66:01:b7:ae:3e:2e:bd:c2:15:ae:e1:5b:
         39:ac:9a:78:f0:f4:21:45:0b:28:d0:b5:a4:7c:b7:d4:d2:38:
         1f:a4:b3:05:8a:b9:5b:12:90:09:16:16:45:16:24:b3:85:8b:
         bc:c5:f3:e1:d3:16:f5:c3:43:43:db:e1:76:34:1e:fd:a9:53:
         5a:8d:33:28:ef:97:5a:1f:b2:6e:85:fa:ce:fd:d8:63:98:6f:
         fc:59:dc:62:dd:d4:5b:aa:d3:05:7d:59:21:a4:bd:7f:d4:b8:
         7e:76:d2:50
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUeGZKDYo3n59MeCUPA6r9ODO2dl4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MTMyMTQxMTRaFw0yNjA1MTIyMTQ2MTRaMDMxMTAvBgNV
BAMTKEVFRjRFMkM0MjI4RUU2RDZCOEMyMjU3N0ZDOThDMEZCOEIzQ0UzMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC30PtGA0LOkivZgjmuKOp+Bq/5
dEfg1H1lzrrK60xt31jsyiqJjAmQc2YAy7GYRTfk3Z0E4fteflLD/eW+fD3WoPzA
7Xu+QcjnjV58JilymGqNZIDsmtnF2j/BGvD5IxherUNHvihr55iZqzLoWxqvjKUD
rqjbYYA5j3B5YecToiXYaUqXWq9FvURRRl/HcBUZta67pfgAEnevIomylH+5KOHO
tf3jYhRAkfzej8nOJ/LB0u3k99j8aSrDHs0Mbr/8tTioSPfensxlXJBx1PVRW4lV
apqg+rpXfFJ/GsYaOa/YQ7wSBCA/ZDncSkPhMp22nQKGnOG7hBwoRU4xAGs9AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU7vTixCKO5ta4wiV3/JjA+4s84yswHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzkzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0OWjANBgkq
hkiG9w0BAQsFAAOCAQEAAIhClw+3DDiNKMh9PkzHvuFNeOCH0uPrpBexKvjnuhUv
wroCW8im81UFHCsMfc62folT6cOYKGZvJN77nVcHJ/PHqfxnwsF1OiKvWKibT3ja
HzYlahhQ/XuC58jydj/KamIn0MejR+C8Lv5smEwxytmZYbhhWzBUWJ2pwRhetxoV
WL2CMb6iV4euTf0io7/6VqhzslJNZgG3rj4uvcIVruFbOayaePD0IUULKNC1pHy3
1NI4H6SzBYq5WxKQCRYWRRYks4WLvMXz4dMW9cNDQ9vhdjQe/alTWo0zKO+XWh+y
boX6zv3YY5hv/FncYt3UW6rTBX1ZIaS9f9S4fnbSUA==
-----END CERTIFICATE-----