Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa
File:                     34352e31342e39312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          jhqbE1XA5D6z5/aFoQndO6lux4ozwd5IhV5vTeqPZQU=
Subject key identifier:   0E:0F:70:64:8A:14:EA:64:39:5C:2A:B0:CA:48:68:F8:40:2E:29:FD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5B66C30CD30EC30F81579766CD3C0B2A17905162
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa
Signing time:             Wed 26 Jun 2024 10:04:06 +0000
ROA not before:           Wed 26 Jun 2024 09:59:06 +0000
ROA not after:            Wed 25 Jun 2025 10:04:06 +0000
asID:                     834
IP address blocks:        45.14.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:66:c3:0c:d3:0e:c3:0f:81:57:97:66:cd:3c:0b:2a:17:90:51:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 26 09:59:06 2024 GMT
            Not After : Jun 25 10:04:06 2025 GMT
        Subject: CN=0E0F70648A14EA64395C2AB0CA4868F8402E29FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:34:c6:cb:e7:a9:e9:55:ce:49:0e:a4:eb:ae:
                    af:83:be:34:26:09:fa:72:b5:b1:a7:ee:e1:96:7b:
                    94:01:80:9a:2b:32:36:e9:69:09:00:03:7d:68:25:
                    66:22:31:96:15:58:dd:91:2a:26:e5:45:87:b4:89:
                    76:fb:08:51:4e:14:0f:a3:69:1e:5f:b6:92:4c:33:
                    84:99:8e:0e:63:42:67:58:3d:4c:1c:af:79:05:72:
                    3d:3a:d5:0e:15:a7:7b:6c:c2:d8:52:0b:63:0c:89:
                    7e:52:49:a7:f4:22:21:d1:53:a5:b8:35:ad:84:c6:
                    50:9a:cf:ee:b9:01:a2:1e:a6:56:40:66:bb:07:43:
                    e3:d6:61:4b:82:fa:e2:46:10:52:6a:55:73:72:fa:
                    d8:be:33:3a:d7:8c:b7:aa:5c:d9:60:21:c8:5e:e9:
                    c2:ae:37:e7:a9:f0:bb:16:ea:a3:f3:9c:c8:c4:8c:
                    69:d7:4c:5d:eb:46:70:6d:84:ce:7b:9c:88:c3:48:
                    3d:a3:04:09:75:2a:f3:81:74:6c:78:01:13:9b:a4:
                    e3:8a:03:7d:af:55:24:1c:f5:bc:c9:8f:08:83:2b:
                    07:d2:e1:4e:93:14:b7:52:49:94:5b:fa:88:14:1a:
                    b7:13:3a:f1:17:dd:3d:5e:8e:80:3a:80:73:96:0e:
                    fe:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:0F:70:64:8A:14:EA:64:39:5C:2A:B0:CA:48:68:F8:40:2E:29:FD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:9d:93:ee:61:4b:21:e3:91:59:e9:48:05:74:2c:38:cd:56:
         55:43:fd:41:c0:3c:16:4e:31:6e:51:63:c7:a3:14:1b:fb:10:
         76:12:56:53:51:3e:69:38:b0:3b:b4:e3:07:20:00:60:1b:65:
         45:9f:67:53:b0:90:2a:6b:3e:ea:d7:bb:35:be:5e:38:2d:6d:
         08:69:c2:0b:98:3d:1c:1a:bd:8e:e2:9a:99:f9:ba:a6:69:19:
         fc:ec:64:2d:85:1c:a4:53:84:30:8e:53:03:fe:1a:1a:74:00:
         5c:f3:ff:15:8e:8d:8a:06:5b:72:19:c6:15:03:96:74:c0:c7:
         69:94:80:7d:93:f4:5f:cd:e7:76:32:35:87:78:73:08:5d:0d:
         73:75:0d:84:23:44:fc:0a:d0:fe:15:2a:ff:c0:5f:55:0f:aa:
         db:6f:5c:fe:a1:a1:3a:f6:f5:a5:29:c8:f8:20:71:7d:89:d6:
         8e:87:00:ac:71:f7:d6:59:50:b5:25:55:9e:0e:9f:25:bd:c2:
         4a:e3:6a:1e:3a:13:3d:af:c0:e7:f9:e5:8b:cf:a5:bd:20:50:
         11:2d:fd:b5:04:87:d8:22:7b:2d:db:26:19:f7:a2:dd:de:70:
         e2:fc:ff:eb:17:20:1e:aa:89:a8:45:c8:9e:59:42:86:15:51:
         1a:6f:b9:40
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUW2bDDNMOww+BV5dmzTwLKheQUWIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MjYwOTU5MDZaFw0yNTA2MjUxMDA0MDZaMDMxMTAvBgNV
BAMTKDBFMEY3MDY0OEExNEVBNjQzOTVDMkFCMENBNDg2OEY4NDAyRTI5RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhNMbL56npVc5JDqTrrq+DvjQm
CfpytbGn7uGWe5QBgJorMjbpaQkAA31oJWYiMZYVWN2RKiblRYe0iXb7CFFOFA+j
aR5ftpJMM4SZjg5jQmdYPUwcr3kFcj061Q4Vp3tswthSC2MMiX5SSaf0IiHRU6W4
Na2ExlCaz+65AaIeplZAZrsHQ+PWYUuC+uJGEFJqVXNy+ti+MzrXjLeqXNlgIche
6cKuN+ep8LsW6qPznMjEjGnXTF3rRnBthM57nIjDSD2jBAl1KvOBdGx4ARObpOOK
A32vVSQc9bzJjwiDKwfS4U6TFLdSSZRb+ogUGrcTOvEX3T1ejoA6gHOWDv6rAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUDg9wZIoU6mQ5XCqwykho+EAuKf0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzkzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0OWzANBgkq
hkiG9w0BAQsFAAOCAQEAVZ2T7mFLIeORWelIBXQsOM1WVUP9QcA8Fk4xblFjx6MU
G/sQdhJWU1E+aTiwO7TjByAAYBtlRZ9nU7CQKms+6te7Nb5eOC1tCGnCC5g9HBq9
juKamfm6pmkZ/OxkLYUcpFOEMI5TA/4aGnQAXPP/FY6NigZbchnGFQOWdMDHaZSA
fZP0X83ndjI1h3hzCF0Nc3UNhCNE/ArQ/hUq/8BfVQ+q229c/qGhOvb1pSnI+CBx
fYnWjocArHH31llQtSVVng6fJb3CSuNqHjoTPa/A5/nli8+lvSBQES39tQSH2CJ7
LdsmGfei3d5w4vz/6xcgHqqJqEXInllChhVRGm+5QA==
-----END CERTIFICATE-----