Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38342e33382e302f32342d3234203d3e20323039383534.roa
File:                     34352e38342e33382e302f32342d3234203d3e20323039383534.roa (raw, json)
Hash identifier:          fy05RJUSVlKAXNIZjH/q3aRmbGHnCGLyE4E1MLNsp0g=
Subject key identifier:   AC:C8:78:0B:AE:07:36:D9:16:59:56:43:7C:F8:F7:CF:94:6F:A3:5B
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6EC9DC948A877119B8FA693B6979AF2FDDE3E53F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38342e33382e302f32342d3234203d3e20323039383534.roa
Signing time:             Wed 20 Mar 2024 08:21:56 +0000
ROA not before:           Wed 20 Mar 2024 08:16:56 +0000
ROA not after:            Wed 19 Mar 2025 08:21:56 +0000
asID:                     209854
IP address blocks:        45.84.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:c9:dc:94:8a:87:71:19:b8:fa:69:3b:69:79:af:2f:dd:e3:e5:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Mar 20 08:16:56 2024 GMT
            Not After : Mar 19 08:21:56 2025 GMT
        Subject: CN=ACC8780BAE0736D9165956437CF8F7CF946FA35B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:2d:98:d1:43:2c:69:9f:b9:a5:7c:a5:78:fb:
                    7a:c9:88:72:f6:9b:15:b4:3e:33:39:83:31:1d:a1:
                    f1:f4:a7:db:07:06:9e:73:4c:98:d9:37:6b:72:37:
                    1a:c1:c7:52:be:39:27:76:3d:11:b9:07:4c:b7:36:
                    24:bb:d4:44:cd:f3:6f:12:93:8e:db:3b:0e:fe:7b:
                    1a:ce:ea:35:15:a7:29:e2:a3:ff:6b:90:cd:f6:56:
                    5e:b8:17:26:04:31:0c:b2:71:fa:67:88:1b:73:17:
                    ef:23:ca:3e:d3:39:41:13:33:6f:4a:61:d2:7d:85:
                    5c:18:b1:c4:46:a8:77:9a:04:cb:4d:be:0a:60:10:
                    24:51:fb:c1:9d:4b:ff:59:ef:88:58:f0:cb:0e:33:
                    80:a2:e7:b8:df:df:11:4f:86:a5:b9:e5:83:da:76:
                    cc:14:f5:65:fe:b4:57:55:a8:21:03:9a:6e:7d:70:
                    51:54:3d:7c:c6:8f:1b:60:67:f7:7d:9e:6e:22:6d:
                    39:0f:c6:6d:cc:c2:ff:9c:31:7a:cd:c1:e3:22:7b:
                    41:44:df:2e:64:d7:2a:55:f9:05:e9:c5:b2:58:49:
                    48:d9:54:59:0f:d3:54:77:a2:44:e1:17:e0:a6:12:
                    f1:03:b0:ea:df:2c:f7:0c:87:e0:56:60:3a:77:e5:
                    43:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C8:78:0B:AE:07:36:D9:16:59:56:43:7C:F8:F7:CF:94:6F:A3:5B
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38342e33382e302f32342d3234203d3e20323039383534.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:54:d8:66:b1:1d:c9:43:62:ad:b6:bb:a1:72:05:80:65:60:
         fc:91:95:2f:10:ee:28:b8:80:98:d0:81:ea:63:5b:57:f3:a1:
         6b:c2:ae:ca:b4:b4:82:a7:54:5a:8b:e2:fd:36:d3:ea:5b:7b:
         1f:84:fc:42:42:80:18:7d:13:9c:c4:6b:12:56:47:f2:5d:bd:
         f9:34:b9:62:bb:56:b6:f6:f2:ad:92:24:79:2f:e3:fa:be:36:
         a4:bc:47:71:82:79:26:bc:a7:17:ec:25:87:9e:56:66:e8:7b:
         1e:99:ef:fa:82:07:84:c4:be:d6:93:4d:24:d5:73:63:2d:2e:
         1e:e7:61:56:4e:0f:c3:0e:e0:20:22:58:4f:37:75:08:01:a5:
         24:e9:c1:e8:d4:8c:89:7f:b9:54:be:18:2e:64:a4:0a:c2:a0:
         e6:7c:a1:cb:38:32:00:7f:71:10:1e:63:b5:b3:28:4e:02:89:
         49:28:6a:3a:d8:42:6a:da:9b:a8:97:52:21:6e:05:2a:68:c5:
         e4:54:d3:09:b0:1a:c7:3c:b1:6a:d5:fd:41:29:04:e2:77:da:
         a3:1e:c3:b3:93:9f:c9:04:cd:f3:bb:a3:bf:63:80:ee:e1:03:
         8e:8b:de:6c:14:73:ee:0f:8b:0e:39:25:89:93:57:04:97:e0:
         d9:de:31:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbsnclIqHcRm4+mk7aXmvL93j5T8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAzMjAwODE2NTZaFw0yNTAzMTkwODIxNTZaMDMxMTAvBgNV
BAMTKEFDQzg3ODBCQUUwNzM2RDkxNjU5NTY0MzdDRjhGN0NGOTQ2RkEzNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsLZjRQyxpn7mlfKV4+3rJiHL2
mxW0PjM5gzEdofH0p9sHBp5zTJjZN2tyNxrBx1K+OSd2PRG5B0y3NiS71ETN828S
k47bOw7+exrO6jUVpynio/9rkM32Vl64FyYEMQyycfpniBtzF+8jyj7TOUETM29K
YdJ9hVwYscRGqHeaBMtNvgpgECRR+8GdS/9Z74hY8MsOM4Ci57jf3xFPhqW55YPa
dswU9WX+tFdVqCEDmm59cFFUPXzGjxtgZ/d9nm4ibTkPxm3Mwv+cMXrNweMie0FE
3y5k1ypV+QXpxbJYSUjZVFkP01R3okThF+CmEvEDsOrfLPcMh+BWYDp35UMLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrMh4C64HNtkWWVZDfPj3z5Rvo1swHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNDJlMzMzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTM4MzUzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1U
JjANBgkqhkiG9w0BAQsFAAOCAQEAJVTYZrEdyUNirba7oXIFgGVg/JGVLxDuKLiA
mNCB6mNbV/Oha8KuyrS0gqdUWovi/TbT6lt7H4T8QkKAGH0TnMRrElZH8l29+TS5
YrtWtvbyrZIkeS/j+r42pLxHcYJ5JrynF+wlh55WZuh7Hpnv+oIHhMS+1pNNJNVz
Yy0uHudhVk4Pww7gICJYTzd1CAGlJOnB6NSMiX+5VL4YLmSkCsKg5nyhyzgyAH9x
EB5jtbMoTgKJSShqOthCatqbqJdSIW4FKmjF5FTTCbAaxzyxatX9QSkE4nfaox7D
s5OfyQTN87ujv2OA7uEDjovebBRz7g+LDjkliZNXBJfg2d4x/Q==
-----END CERTIFICATE-----