Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e3138392e302f32342d3234203d3e20383334.roa
File:                     34352e3135322e3138392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ucgjH/032ZWMVnMOlw9aO1LpT9tQb/Go5MU8PNS+ov8=
Subject key identifier:   E5:5C:4D:60:21:F8:8D:16:7C:4D:BD:26:5A:AA:64:4F:F0:F1:38:92
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       44E4FA34C2AEA343C9327965BA24EA4EA5CF9194
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e3138392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 23 Aug 2024 06:27:55 +0000
ROA not before:           Fri 23 Aug 2024 06:22:55 +0000
ROA not after:            Fri 22 Aug 2025 06:27:55 +0000
asID:                     834
IP address blocks:        45.152.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 05:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:e4:fa:34:c2:ae:a3:43:c9:32:79:65:ba:24:ea:4e:a5:cf:91:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 23 06:22:55 2024 GMT
            Not After : Aug 22 06:27:55 2025 GMT
        Subject: CN=E55C4D6021F88D167C4DBD265AAA644FF0F13892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:ef:d7:81:f8:9b:12:cc:82:50:22:12:b7:
                    30:6b:00:8f:fe:46:d6:28:f6:09:c4:a3:07:b7:b7:
                    1e:92:53:79:cc:65:9c:f5:6a:5f:f1:07:af:ce:1e:
                    74:a5:21:5d:a0:88:2e:a1:e1:32:0a:58:43:22:d2:
                    67:4e:92:c7:7e:40:21:ca:8f:8b:4d:eb:32:bc:de:
                    2c:56:46:64:c5:d6:18:bf:de:f5:f9:11:d7:81:e5:
                    e0:66:64:13:07:10:d0:31:17:48:0b:76:0c:7b:54:
                    c6:a2:2d:7f:6d:d0:61:17:c4:a2:01:58:34:a5:e3:
                    e7:fa:0b:f8:a0:c6:b1:50:79:53:79:fe:14:8d:e6:
                    b2:68:08:f2:ef:8d:8e:64:05:ca:e7:07:8b:ae:10:
                    fb:79:5c:df:bc:e6:96:cb:c6:60:7e:8c:a7:10:be:
                    51:f5:d1:11:3f:d3:ed:d5:7d:93:0d:a4:58:a2:e1:
                    ee:5e:5c:a2:62:b0:48:13:85:72:44:3f:ab:89:f2:
                    1c:d5:d0:d6:5c:13:f4:74:2f:57:6e:be:4a:5b:2f:
                    aa:7b:72:f9:9d:c1:b2:cf:77:3b:45:18:0f:b4:e5:
                    7b:0b:39:18:63:77:57:65:10:5c:14:f7:3a:56:c5:
                    b4:1b:c5:dc:6b:af:3c:91:ce:cd:d6:71:fd:70:70:
                    40:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:5C:4D:60:21:F8:8D:16:7C:4D:BD:26:5A:AA:64:4F:F0:F1:38:92
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e3135322e3138392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:11:96:ab:e5:e1:a9:5f:57:5d:91:10:b1:ba:2e:57:7d:25:
         5b:08:df:e0:b6:f7:4f:3f:96:95:77:d8:81:15:d1:f9:3d:48:
         ca:fd:e8:37:6a:64:2a:09:4f:29:8b:06:e1:0a:ee:1f:05:5d:
         a4:0d:a5:45:33:74:85:b8:27:a8:bb:f0:33:03:1b:b8:33:08:
         20:07:d8:c1:eb:87:2c:a2:35:d3:61:75:70:b0:fe:e8:93:a9:
         37:f4:6d:74:fd:0a:4f:46:3d:c1:25:f8:c5:8e:8b:1b:fa:b1:
         18:0a:77:83:da:fd:c6:bc:5d:1d:02:a5:b1:d1:bf:b2:51:d9:
         cb:72:aa:52:d2:cd:4b:85:a2:b8:f1:29:f9:9b:86:b6:21:6e:
         4a:1c:92:72:29:cf:38:65:f8:0c:b4:39:b8:de:2a:1c:d4:cd:
         42:14:0b:77:6d:8d:b1:84:60:1a:1d:14:fa:9e:46:82:70:c1:
         72:31:78:49:db:10:8e:ab:ae:a1:81:90:56:8e:94:30:59:de:
         2a:ad:74:82:5d:27:d2:34:28:15:40:4f:cb:fb:17:c4:e1:c9:
         87:99:99:dd:dc:7a:ca:66:37:f0:2f:62:7b:55:3d:ab:91:4f:
         f9:0c:14:84:c4:52:0e:1c:72:3e:19:0e:a9:90:cb:75:44:8b:
         53:59:11:1b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUROT6NMKuo0PJMnlluiTqTqXPkZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjMwNjIyNTVaFw0yNTA4MjIwNjI3NTVaMDMxMTAvBgNV
BAMTKEU1NUM0RDYwMjFGODhEMTY3QzREQkQyNjVBQUE2NDRGRjBGMTM4OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb9+/XgfibEsyCUCIStzBrAI/+
RtYo9gnEowe3tx6SU3nMZZz1al/xB6/OHnSlIV2giC6h4TIKWEMi0mdOksd+QCHK
j4tN6zK83ixWRmTF1hi/3vX5EdeB5eBmZBMHENAxF0gLdgx7VMaiLX9t0GEXxKIB
WDSl4+f6C/igxrFQeVN5/hSN5rJoCPLvjY5kBcrnB4uuEPt5XN+85pbLxmB+jKcQ
vlH10RE/0+3VfZMNpFii4e5eXKJisEgThXJEP6uJ8hzV0NZcE/R0L1duvkpbL6p7
cvmdwbLPdztFGA+05XsLORhjd1dlEFwU9zpWxbQbxdxrrzyRzs3Wcf1wcECvAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU5VxNYCH4jRZ8Tb0mWqpkT/DxOJIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzNTMyMmUzMTM4
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtmL0w
DQYJKoZIhvcNAQELBQADggEBABMRlqvl4alfV12RELG6Lld9JVsI3+C2908/lpV3
2IEV0fk9SMr96DdqZCoJTymLBuEK7h8FXaQNpUUzdIW4J6i78DMDG7gzCCAH2MHr
hyyiNdNhdXCw/uiTqTf0bXT9Ck9GPcEl+MWOixv6sRgKd4Pa/ca8XR0CpbHRv7JR
2ctyqlLSzUuForjxKfmbhrYhbkocknIpzzhl+Ay0ObjeKhzUzUIUC3dtjbGEYBod
FPqeRoJwwXIxeEnbEI6rrqGBkFaOlDBZ3iqtdIJdJ9I0KBVAT8v7F8ThyYeZmd3c
espmN/AvYntVPauRT/kMFITEUg4ccj4ZDqmQy3VEi1NZERs=
-----END CERTIFICATE-----