Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa
File:                     34352e31342e39312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cA5aLG57DTm8hwvRAmNSmDCgBbnROChNLo9tNris474=
Subject key identifier:   AF:4D:8A:45:1C:03:0B:38:8F:0F:CB:EF:6D:AB:A2:3C:92:DC:67:6F
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4A67337C890E61B73E490674FFA5A6746DAD34A9
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa
Signing time:             Wed 28 May 2025 10:46:31 +0000
ROA not before:           Wed 28 May 2025 10:41:31 +0000
ROA not after:            Wed 27 May 2026 10:46:31 +0000
asID:                     834
IP address blocks:        45.14.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:67:33:7c:89:0e:61:b7:3e:49:06:74:ff:a5:a6:74:6d:ad:34:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 28 10:41:31 2025 GMT
            Not After : May 27 10:46:31 2026 GMT
        Subject: CN=AF4D8A451C030B388F0FCBEF6DABA23C92DC676F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:28:f0:61:30:fb:8b:d1:00:8a:48:47:4c:9d:
                    d2:bd:3a:14:6d:5a:9c:54:66:44:09:86:cf:e5:0b:
                    ee:54:6c:00:69:a3:5b:45:57:85:e8:af:f2:5d:0b:
                    d9:4b:2d:93:90:77:eb:d8:8b:46:32:19:22:fc:f9:
                    e6:cc:35:f3:e9:b0:ff:69:96:b1:bf:87:5f:05:17:
                    eb:d8:5b:50:e4:e2:62:de:bb:23:73:f8:43:dc:a7:
                    9a:21:74:ee:b4:ae:86:80:d3:80:28:a7:f2:47:9d:
                    80:78:14:d2:db:8a:86:10:05:bd:f8:73:02:5f:7c:
                    94:6b:04:5a:a7:9c:5b:b8:42:fe:9d:3c:ab:ef:a0:
                    6a:50:df:aa:4f:65:d4:9c:2e:7c:91:79:4b:81:75:
                    d6:a6:ba:7d:e3:39:cb:6e:5c:47:31:54:a0:9c:04:
                    c3:76:d5:54:cd:b7:1a:5f:54:f1:f3:a6:7a:9e:9b:
                    97:de:95:ff:7e:06:b4:59:14:d4:a1:b4:20:07:1c:
                    d3:c0:88:92:40:b8:74:73:22:37:09:a9:cf:50:95:
                    20:1c:56:a8:8f:94:43:21:79:bf:c2:2d:eb:1d:00:
                    74:a3:43:fa:bf:64:41:a7:85:11:46:b5:f9:97:14:
                    b1:45:32:a6:b3:cc:2d:f4:fe:e6:b5:a4:d2:ef:1d:
                    9d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:4D:8A:45:1C:03:0B:38:8F:0F:CB:EF:6D:AB:A2:3C:92:DC:67:6F
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31342e39312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:56:20:50:fa:84:68:e2:2b:74:ac:12:3b:e1:30:5d:95:64:
         b7:89:18:b8:dd:82:73:cb:c1:e2:19:ef:28:d2:0d:3a:6f:37:
         85:ac:da:27:b6:64:92:76:af:3d:26:9c:fd:26:81:6b:ec:10:
         6f:66:5a:46:78:5c:e6:6c:c0:46:60:29:4e:f0:c3:40:cd:b8:
         5f:a5:4d:21:9a:08:92:bf:d4:b4:64:48:df:64:b6:74:03:67:
         29:f7:fd:62:10:3c:06:03:a8:5a:10:f5:a0:14:56:fe:c3:1e:
         22:d2:f4:46:c7:95:27:95:27:11:10:26:06:af:1f:75:f4:1e:
         80:66:53:04:1c:77:f3:bd:18:f9:17:45:99:b8:6d:b4:d2:32:
         90:2a:a0:e0:11:50:8a:8e:b7:e3:c1:b8:49:cd:3f:66:cb:1a:
         d5:7e:dd:f2:07:e4:4b:88:d2:39:c8:90:43:c9:8c:da:f1:77:
         1d:d4:60:f9:51:cb:31:9d:80:b8:b6:58:c0:b3:3b:e3:68:49:
         52:cd:97:1e:2a:d3:d7:60:90:74:5a:19:28:2a:e8:51:22:9a:
         d3:2e:be:e9:5e:74:3e:03:a4:7c:d8:a7:86:67:15:d2:43:4e:
         db:ab:12:ed:08:b3:42:50:e5:82:b9:c4:f7:91:53:45:cf:43:
         a3:91:a9:d2
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUSmczfIkOYbc+SQZ0/6WmdG2tNKkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjgxMDQxMzFaFw0yNjA1MjcxMDQ2MzFaMDMxMTAvBgNV
BAMTKEFGNEQ4QTQ1MUMwMzBCMzg4RjBGQ0JFRjZEQUJBMjNDOTJEQzY3NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEKPBhMPuL0QCKSEdMndK9OhRt
WpxUZkQJhs/lC+5UbABpo1tFV4Xor/JdC9lLLZOQd+vYi0YyGSL8+ebMNfPpsP9p
lrG/h18FF+vYW1Dk4mLeuyNz+EPcp5ohdO60roaA04Aop/JHnYB4FNLbioYQBb34
cwJffJRrBFqnnFu4Qv6dPKvvoGpQ36pPZdScLnyReUuBddamun3jOctuXEcxVKCc
BMN21VTNtxpfVPHzpnqem5felf9+BrRZFNShtCAHHNPAiJJAuHRzIjcJqc9QlSAc
VqiPlEMheb/CLesdAHSjQ/q/ZEGnhRFGtfmXFLFFMqazzC30/ua1pNLvHZ21AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUr02KRRwDCziPD8vvbauiPJLcZ28wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNDJlMzkzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0OWzANBgkq
hkiG9w0BAQsFAAOCAQEANlYgUPqEaOIrdKwSO+EwXZVkt4kYuN2Cc8vB4hnvKNIN
Om83hazaJ7ZkknavPSac/SaBa+wQb2ZaRnhc5mzARmApTvDDQM24X6VNIZoIkr/U
tGRI32S2dANnKff9YhA8BgOoWhD1oBRW/sMeItL0RseVJ5UnERAmBq8fdfQegGZT
BBx3870Y+RdFmbhttNIykCqg4BFQio6348G4Sc0/Zssa1X7d8gfkS4jSOciQQ8mM
2vF3HdRg+VHLMZ2AuLZYwLM742hJUs2XHirT12CQdFoZKCroUSKa0y6+6V50PgOk
fNinhmcV0kNO26sS7QizQlDlgrnE95FTRc9Do5Gp0g==
-----END CERTIFICATE-----