Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38322e32302e302f32322d3232203d3e20323033303230.roa
File:                     34352e38322e32302e302f32322d3232203d3e20323033303230.roa (raw, json)
Hash identifier:          haprrNEjQpjN75Dg6XcUep+Lquv6NZplHkNu84C1SsI=
Subject key identifier:   3C:07:BE:C0:E0:9A:06:DF:FB:AD:21:B1:B9:B6:00:FE:79:67:B2:D4
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       317A9EE9796DC96C352FD8F468ACF73E372D3296
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38322e32302e302f32322d3232203d3e20323033303230.roa
Signing time:             Wed 14 Aug 2024 08:01:48 +0000
ROA not before:           Wed 14 Aug 2024 07:56:48 +0000
ROA not after:            Wed 13 Aug 2025 08:01:48 +0000
asID:                     203020
IP address blocks:        45.82.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:7a:9e:e9:79:6d:c9:6c:35:2f:d8:f4:68:ac:f7:3e:37:2d:32:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 14 07:56:48 2024 GMT
            Not After : Aug 13 08:01:48 2025 GMT
        Subject: CN=3C07BEC0E09A06DFFBAD21B1B9B600FE7967B2D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3d:34:d8:59:e1:93:39:32:16:c0:46:e4:e3:
                    26:07:2a:3b:8d:b7:89:9b:15:fe:b2:e2:04:ab:ea:
                    43:bd:06:a2:44:26:05:8b:46:0c:d4:ad:01:5f:af:
                    ad:4c:df:a5:b5:cb:76:a7:79:04:84:6b:8f:c9:e8:
                    e2:f1:32:bc:87:5d:3f:e4:0b:13:91:51:af:00:4c:
                    5e:5d:a7:f9:f3:4f:da:85:e4:e4:30:39:8e:b9:4e:
                    c4:28:f0:b1:ba:45:8f:91:2a:c4:f0:92:0a:d5:de:
                    36:b8:f8:8e:29:21:62:db:8f:b4:f1:93:92:e1:b9:
                    e6:66:22:12:b4:f4:f6:6f:ca:57:7a:5e:46:89:07:
                    eb:c6:ac:3c:70:14:d3:bf:36:a7:e2:92:b2:69:50:
                    93:fb:6e:22:62:33:55:f3:62:ff:0c:be:9c:e2:b9:
                    42:4e:18:d7:96:b7:55:46:bc:14:fa:13:4e:c1:e5:
                    f7:5b:88:c2:59:0d:98:3c:ce:81:3d:b5:1c:94:1b:
                    65:39:14:d2:01:05:b0:24:7a:22:d0:3c:14:b5:13:
                    ed:ac:0c:13:5f:51:18:24:6b:7c:56:f0:b5:9b:52:
                    ae:8e:e0:60:7e:69:c4:4d:23:a0:05:ed:c7:84:f3:
                    37:c2:50:62:65:28:42:f0:10:fe:b8:64:1c:d3:8f:
                    6d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:07:BE:C0:E0:9A:06:DF:FB:AD:21:B1:B9:B6:00:FE:79:67:B2:D4
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38322e32302e302f32322d3232203d3e20323033303230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:1e:81:e3:d3:3b:9e:1f:f2:c4:89:12:9b:fb:43:71:8b:0a:
         7b:d9:48:6a:ea:fa:f9:c6:55:4b:e2:4c:c6:6f:f2:1b:84:73:
         9f:be:a0:7c:eb:88:d5:d7:21:ff:4f:59:d6:89:56:b9:2b:ee:
         b1:54:ff:f0:e6:c5:72:ca:2c:05:0e:7e:90:88:a7:64:da:d4:
         75:a4:d8:a1:10:4a:32:9f:bf:b4:09:f2:f2:80:f5:30:e0:74:
         84:d7:b5:37:e5:69:ea:08:75:ca:15:f8:c5:42:69:97:dd:a2:
         05:52:b9:68:99:de:65:68:73:68:3f:a1:c9:d9:ec:8c:ad:b6:
         08:07:cc:a2:5f:3a:ee:e1:07:ac:88:9d:ef:a0:73:12:25:a5:
         55:e2:8b:cb:58:0a:9f:83:3a:02:df:eb:d4:14:63:b2:f2:49:
         05:73:63:73:e7:2d:0c:46:b4:36:11:8d:7d:b2:57:61:a7:5e:
         41:25:71:db:47:ca:c5:1b:ad:31:30:7c:fb:f0:f6:e5:60:c2:
         89:1f:b1:99:0a:5a:53:14:fd:fe:c2:2b:01:d7:bb:ae:5a:1a:
         f7:e1:78:6d:4d:65:d6:e4:41:58:c6:33:fb:9d:f4:2e:ef:1f:
         aa:e1:61:49:73:40:24:3b:02:7e:3b:38:e2:00:20:3b:08:2e:
         4b:6b:03:5d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMXqe6XltyWw1L9j0aKz3PjctMpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MTQwNzU2NDhaFw0yNTA4MTMwODAxNDhaMDMxMTAvBgNV
BAMTKDNDMDdCRUMwRTA5QTA2REZGQkFEMjFCMUI5QjYwMEZFNzk2N0IyRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJPTTYWeGTOTIWwEbk4yYHKjuN
t4mbFf6y4gSr6kO9BqJEJgWLRgzUrQFfr61M36W1y3aneQSEa4/J6OLxMryHXT/k
CxORUa8ATF5dp/nzT9qF5OQwOY65TsQo8LG6RY+RKsTwkgrV3ja4+I4pIWLbj7Tx
k5LhueZmIhK09PZvyld6XkaJB+vGrDxwFNO/NqfikrJpUJP7biJiM1XzYv8Mvpzi
uUJOGNeWt1VGvBT6E07B5fdbiMJZDZg8zoE9tRyUG2U5FNIBBbAkeiLQPBS1E+2s
DBNfURgka3xW8LWbUq6O4GB+acRNI6AF7ceE8zfCUGJlKELwEP64ZBzTj23tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUPAe+wOCaBt/7rSGxubYA/nlnstQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzMjJlMzIzMDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMyMzAzMzMwMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1S
FDANBgkqhkiG9w0BAQsFAAOCAQEAKx6B49M7nh/yxIkSm/tDcYsKe9lIaur6+cZV
S+JMxm/yG4Rzn76gfOuI1dch/09Z1olWuSvusVT/8ObFcsosBQ5+kIinZNrUdaTY
oRBKMp+/tAny8oD1MOB0hNe1N+Vp6gh1yhX4xUJpl92iBVK5aJneZWhzaD+hydns
jK22CAfMol867uEHrIid76BzEiWlVeKLy1gKn4M6At/r1BRjsvJJBXNjc+ctDEa0
NhGNfbJXYadeQSVx20fKxRutMTB8+/D25WDCiR+xmQpaUxT9/sIrAde7rloa9+F4
bU1l1uRBWMYz+530Lu8fquFhSXNAJDsCfjs44gAgOwguS2sDXQ==
-----END CERTIFICATE-----