Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39302e302f32342d3234203d3e20383334.roa
File:                     34352e31342e39302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          2mh19JYivu1osXkfPwQCp/hwbdo4x3cUtlI/zMG1CUM=
Subject key identifier:   EE:4E:32:F3:41:F4:34:6B:D2:23:88:71:33:43:9E:69:BF:72:80:6D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       599EC79E38263A58C255749E79FCBF392AB59B14
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 11 Jun 2024 21:03:52 +0000
ROA not before:           Tue 11 Jun 2024 20:58:52 +0000
ROA not after:            Tue 10 Jun 2025 21:03:52 +0000
asID:                     834
IP address blocks:        45.14.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:9e:c7:9e:38:26:3a:58:c2:55:74:9e:79:fc:bf:39:2a:b5:9b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 11 20:58:52 2024 GMT
            Not After : Jun 10 21:03:52 2025 GMT
        Subject: CN=EE4E32F341F4346BD223887133439E69BF72806D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:31:46:d3:5b:67:cf:38:9c:67:a2:01:49:63:
                    ca:f8:e8:41:ee:38:fe:92:b9:46:b4:84:7c:e3:4e:
                    ed:d1:2c:25:8b:a1:94:2b:c2:c3:43:f8:b7:a4:1b:
                    51:01:3c:c8:19:be:e1:07:cc:8d:f5:e9:fb:dd:54:
                    90:25:49:23:bc:ac:c9:cf:fb:e6:f2:46:46:4e:c6:
                    e6:bf:4a:95:28:fa:9e:d3:78:73:ee:a8:3c:94:da:
                    5e:24:7d:37:e1:af:e1:f9:64:8e:06:ee:7d:04:5e:
                    81:1c:6c:f1:19:ca:ce:af:6c:12:49:72:fc:8f:52:
                    35:d2:15:f7:07:23:65:77:a1:e2:f8:8b:f4:a6:d4:
                    6f:4b:dd:3f:c5:6a:ab:c0:22:83:2a:bd:1e:9b:1e:
                    b5:cc:be:22:81:b0:a9:c6:60:78:71:f5:ef:55:65:
                    87:cd:f2:57:97:ad:7d:20:57:7c:e2:a7:33:5b:d7:
                    2f:b9:57:b6:a4:0d:af:f7:32:e6:b1:47:0f:c2:cf:
                    fc:1c:00:21:1f:20:5b:50:fa:69:fc:65:3c:fc:6d:
                    c1:8c:ee:dd:d0:e9:ce:65:7d:05:ae:c1:e3:fd:3d:
                    24:79:ba:29:95:76:0a:88:e1:bf:a2:33:5e:7e:59:
                    91:b9:ac:26:25:e4:c2:97:6d:8f:71:a3:27:35:42:
                    63:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:4E:32:F3:41:F4:34:6B:D2:23:88:71:33:43:9E:69:BF:72:80:6D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f2:3c:9c:b1:09:1b:19:55:b9:01:8f:e4:74:9b:15:6d:66:
         00:a4:cc:66:50:e9:5d:9e:66:35:35:08:b0:05:11:db:3e:53:
         1b:ad:5e:2c:66:7a:89:27:2e:9a:96:9f:8b:e3:8b:94:31:d0:
         31:b7:08:50:1c:00:3d:e6:b9:a1:b3:4f:a1:71:41:3f:55:28:
         8a:51:7f:9c:1d:36:6a:33:5f:40:40:b3:b8:b5:33:95:b8:78:
         16:9b:bc:99:43:4b:d7:4a:cf:e3:c5:f0:d9:12:0a:9b:9d:6b:
         da:13:52:20:13:d9:e8:fa:24:c7:3b:d8:a5:a3:30:50:3e:45:
         9e:4d:00:40:e3:5f:c3:14:11:43:3e:33:4f:ed:c8:55:83:e7:
         db:1a:a0:5d:92:9b:29:f4:51:8b:65:3c:50:45:4f:cf:0c:db:
         5b:64:f4:f2:3b:ee:ac:c7:c3:ff:53:a3:30:fd:30:7a:e4:9d:
         83:7e:db:d7:fe:f0:5d:0e:84:e7:e1:85:75:20:88:04:35:86:
         a2:81:ed:a0:1f:a6:19:b6:d8:61:39:a6:69:db:fe:42:53:b4:
         01:f7:8c:68:22:85:e2:db:65:76:61:7a:20:60:af:38:ce:8b:
         36:56:44:b3:80:f3:68:1a:59:96:12:e5:01:c7:1f:1e:55:4e:
         39:5e:ae:3f
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUWZ7HnjgmOljCVXSeefy/OSq1mxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MTEyMDU4NTJaFw0yNTA2MTAyMTAzNTJaMDMxMTAvBgNV
BAMTKEVFNEUzMkYzNDFGNDM0NkJEMjIzODg3MTMzNDM5RTY5QkY3MjgwNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXMUbTW2fPOJxnogFJY8r46EHu
OP6SuUa0hHzjTu3RLCWLoZQrwsND+LekG1EBPMgZvuEHzI316fvdVJAlSSO8rMnP
++byRkZOxua/SpUo+p7TeHPuqDyU2l4kfTfhr+H5ZI4G7n0EXoEcbPEZys6vbBJJ
cvyPUjXSFfcHI2V3oeL4i/Sm1G9L3T/FaqvAIoMqvR6bHrXMviKBsKnGYHhx9e9V
ZYfN8leXrX0gV3zipzNb1y+5V7akDa/3MuaxRw/Cz/wcACEfIFtQ+mn8ZTz8bcGM
7t3Q6c5lfQWuweP9PSR5uimVdgqI4b+iM15+WZG5rCYl5MKXbY9xoyc1QmOfAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU7k4y80H0NGvSI4hxM0Oeab9ygG0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzkzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0OWjANBgkq
hkiG9w0BAQsFAAOCAQEAL/I8nLEJGxlVuQGP5HSbFW1mAKTMZlDpXZ5mNTUIsAUR
2z5TG61eLGZ6iScumpafi+OLlDHQMbcIUBwAPea5obNPoXFBP1UoilF/nB02ajNf
QECzuLUzlbh4Fpu8mUNL10rP48Xw2RIKm51r2hNSIBPZ6PokxzvYpaMwUD5Fnk0A
QONfwxQRQz4zT+3IVYPn2xqgXZKbKfRRi2U8UEVPzwzbW2T08jvurMfD/1OjMP0w
euSdg37b1/7wXQ6E5+GFdSCIBDWGooHtoB+mGbbYYTmmadv+QlO0AfeMaCKF4ttl
dmF6IGCvOM6LNlZEs4DzaBpZlhLlAccfHlVOOV6uPw==
-----END CERTIFICATE-----