Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e33302e302f32342d3332203d3e203531313637.roa
File:                     34352e38302e33302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          8I2ILgPu7bOa2g4Quu6RBlp6g+GULkqW0suqavQJOmU=
Subject key identifier:   64:C2:41:5D:00:2A:7E:C8:C6:23:E9:5A:8A:19:6C:A4:77:9D:0E:63
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4140E8BFA3A80D0DAC8CCC061D44616CB3B2F312
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e33302e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 10 Sep 2025 12:47:33 +0000
ROA not before:           Wed 10 Sep 2025 12:42:33 +0000
ROA not after:            Wed 09 Sep 2026 12:47:33 +0000
asID:                     51167
IP address blocks:        45.80.30.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:40:e8:bf:a3:a8:0d:0d:ac:8c:cc:06:1d:44:61:6c:b3:b2:f3:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 10 12:42:33 2025 GMT
            Not After : Sep  9 12:47:33 2026 GMT
        Subject: CN=64C2415D002A7EC8C623E95A8A196CA4779D0E63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fe:65:02:ea:08:94:ca:c6:0d:7b:52:c2:85:
                    9e:5c:d8:01:7e:d2:4f:fd:79:17:6e:76:c0:a5:a1:
                    12:b4:79:08:ef:b4:c7:63:bc:68:3f:d9:0a:7b:ac:
                    fd:73:12:8f:07:dc:08:7d:01:13:5e:a4:5e:f0:15:
                    e4:65:32:b8:0d:a1:03:75:d9:5d:81:b2:4f:da:01:
                    1e:92:88:c5:e3:8f:87:ab:d5:cc:32:96:07:e1:93:
                    1e:c7:87:a2:b1:f9:ad:9e:9e:14:f8:a7:e9:38:fd:
                    f8:82:01:7c:4c:14:f6:5f:41:e7:ec:c7:7d:37:40:
                    75:96:a2:ce:8b:d3:df:d0:55:91:1f:7c:47:25:28:
                    83:3b:fa:e7:f0:26:f1:43:d8:7b:48:a6:de:2c:0a:
                    42:2c:bb:43:0c:47:7a:54:09:11:be:67:aa:ac:e7:
                    39:d3:4e:ae:c9:45:13:5e:7d:37:38:14:66:ac:9e:
                    59:f1:be:8e:42:10:77:02:c4:0c:79:55:c7:b2:9d:
                    7b:c1:aa:f0:dd:f2:d9:ea:73:b5:5f:93:0e:7f:d7:
                    b3:dc:ea:56:15:d3:75:15:d2:f1:a9:e3:90:21:ff:
                    cb:dd:01:66:cf:08:27:2a:b2:95:23:da:4e:fb:80:
                    14:17:2d:02:16:5a:76:ac:fe:4c:20:12:5e:13:c5:
                    04:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:C2:41:5D:00:2A:7E:C8:C6:23:E9:5A:8A:19:6C:A4:77:9D:0E:63
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e33302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ab:c3:9f:b5:40:62:d4:a6:f9:5e:1d:d8:d1:4e:ca:01:1a:
         fa:91:7c:ac:6d:9d:18:52:4a:c7:2e:c4:8a:73:42:1d:f5:0b:
         4f:fc:34:a1:41:e7:e7:8b:bb:dd:92:9e:b1:ed:32:33:a1:ef:
         5f:a4:b3:bb:9e:6d:bd:a9:5e:1e:eb:97:90:5b:a3:8f:62:67:
         2a:f3:99:f7:f6:5c:59:10:36:1f:a9:69:1b:e1:d9:db:2b:cd:
         2c:04:3b:69:2a:49:27:89:c5:ed:69:af:10:40:f3:0e:50:46:
         eb:48:2b:17:ff:f5:c8:43:79:7b:b2:9b:d1:14:5f:8b:93:12:
         59:89:64:8b:cb:9b:8a:17:dc:25:f6:1b:ac:7c:f6:eb:9c:6e:
         7b:50:de:b7:a3:3b:53:b8:cb:12:4e:bc:93:db:89:1a:d9:7e:
         f6:e1:07:aa:c6:5f:34:aa:b0:b9:2f:4f:27:59:ac:a0:67:0a:
         2d:c9:c5:80:ce:06:e5:b2:55:ee:d6:37:98:cf:51:07:58:83:
         03:e9:70:25:d8:8f:39:7c:44:a9:9e:4f:1a:3e:02:0c:dd:c4:
         20:1e:b8:88:05:04:73:d6:b7:19:e7:1a:56:fd:26:38:b5:9a:
         1a:cb:a2:6c:c6:bb:4b:15:61:c2:dc:2b:e2:9e:e0:d3:fd:2d:
         29:f0:80:68
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUQUDov6OoDQ2sjMwGHURhbLOy8xIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA5MTAxMjQyMzNaFw0yNjA5MDkxMjQ3MzNaMDMxMTAvBgNV
BAMTKDY0QzI0MTVEMDAyQTdFQzhDNjIzRTk1QThBMTk2Q0E0Nzc5RDBFNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3/mUC6giUysYNe1LChZ5c2AF+
0k/9eRdudsCloRK0eQjvtMdjvGg/2Qp7rP1zEo8H3Ah9ARNepF7wFeRlMrgNoQN1
2V2Bsk/aAR6SiMXjj4er1cwylgfhkx7Hh6Kx+a2enhT4p+k4/fiCAXxMFPZfQefs
x303QHWWos6L09/QVZEffEclKIM7+ufwJvFD2HtIpt4sCkIsu0MMR3pUCRG+Z6qs
5znTTq7JRRNefTc4FGasnlnxvo5CEHcCxAx5VceynXvBqvDd8tnqc7Vfkw5/17Pc
6lYV03UV0vGp45Ah/8vdAWbPCCcqspUj2k77gBQXLQIWWnas/kwgEl4TxQTpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZMJBXQAqfsjGI+laihlspHedDmMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzMDJlMzMzMDJl
MzAyZjMyMzQyZDMzMzIyMDNkM2UyMDM1MzEzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUB4w
DQYJKoZIhvcNAQELBQADggEBAHGrw5+1QGLUpvleHdjRTsoBGvqRfKxtnRhSSscu
xIpzQh31C0/8NKFB5+eLu92SnrHtMjOh71+ks7uebb2pXh7rl5Bbo49iZyrzmff2
XFkQNh+paRvh2dsrzSwEO2kqSSeJxe1prxBA8w5QRutIKxf/9chDeXuym9EUX4uT
ElmJZIvLm4oX3CX2G6x89uucbntQ3rejO1O4yxJOvJPbiRrZfvbhB6rGXzSqsLkv
TydZrKBnCi3JxYDOBuWyVe7WN5jPUQdYgwPpcCXYjzl8RKmeTxo+AgzdxCAeuIgF
BHPWtxnnGlb9Jji1mhrLomzGu0sVYcLcK+Ke4NP9LSnwgGg=
-----END CERTIFICATE-----