Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3234392e302f32342d3332203d3e203531313637.roa
File:                     34352e38352e3234392e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          JAKn4U2A6Mu+/3LgBoftPtBgk5WJ4AiJW9nNTpx2Cr0=
Subject key identifier:   DA:C3:81:24:C8:AB:2B:61:2D:F0:6B:C3:E7:FA:2A:94:C5:FC:27:76
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0934EBCBEBDAB484F26542A0DDCF1276E1A500E5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3234392e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 28 Aug 2024 14:04:44 +0000
ROA not before:           Wed 28 Aug 2024 13:59:44 +0000
ROA not after:            Wed 27 Aug 2025 14:04:44 +0000
asID:                     51167
IP address blocks:        45.85.249.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:34:eb:cb:eb:da:b4:84:f2:65:42:a0:dd:cf:12:76:e1:a5:00:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:44 2024 GMT
            Not After : Aug 27 14:04:44 2025 GMT
        Subject: CN=DAC38124C8AB2B612DF06BC3E7FA2A94C5FC2776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:17:44:ab:94:77:a2:c9:fa:e8:53:61:ea:8b:
                    26:a7:28:05:b3:63:4d:38:71:d5:2a:c4:43:55:3c:
                    35:45:9e:8a:45:69:61:91:bd:15:98:d2:22:44:27:
                    a0:c8:21:9a:af:b6:6c:b8:61:00:df:2d:fa:86:d6:
                    22:f2:1b:c0:2a:ff:cc:83:af:be:64:72:48:93:bb:
                    0e:99:d8:26:f8:85:67:31:c4:09:d3:9a:05:f1:10:
                    aa:5c:7d:92:a4:15:94:c8:74:17:d1:a4:0f:09:05:
                    fe:f9:b0:c2:e4:19:20:23:f1:a8:34:57:24:63:22:
                    70:fa:5f:16:84:04:b0:c9:fc:ab:88:9a:11:6c:b9:
                    c8:fb:bf:08:f9:a1:6a:5a:0b:07:e2:a4:dd:e5:af:
                    03:67:1a:9e:3f:8c:41:ad:5a:f2:d1:1c:74:37:bd:
                    83:e2:ae:a3:28:c7:75:a7:4b:b6:85:7f:06:da:ef:
                    af:68:c6:27:8d:5d:1e:01:39:09:08:9d:05:49:cf:
                    cf:52:fe:d6:ec:15:99:ce:b4:41:49:ce:80:ae:03:
                    98:3c:8f:66:87:c7:e4:ea:44:31:2f:8f:a2:b0:f7:
                    e2:4d:c9:05:46:d1:50:fb:b7:4f:a1:21:4c:11:6b:
                    99:45:46:98:c5:f2:ae:58:43:f0:f4:d4:14:e8:c1:
                    5b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C3:81:24:C8:AB:2B:61:2D:F0:6B:C3:E7:FA:2A:94:C5:FC:27:76
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3234392e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ac:4c:1b:75:6e:b9:36:19:64:a8:bb:17:b8:67:aa:72:4e:
         8f:00:c3:dd:4c:1c:fe:8b:86:fe:2d:5e:e1:a0:0c:fa:1d:01:
         7e:ad:24:19:0f:94:9f:59:70:89:9b:7e:3b:1e:fd:12:95:b2:
         06:56:2c:2b:d4:d6:8e:e8:c6:1f:e2:28:78:4c:43:25:86:f7:
         62:4e:6d:cf:7f:47:67:83:51:91:54:81:b2:58:e4:a7:39:20:
         19:08:32:89:b0:e3:69:de:f3:37:aa:d6:ff:01:eb:15:87:82:
         c6:15:08:97:5d:9f:d0:2e:96:09:3e:5b:35:ed:f5:a9:83:a3:
         6b:be:09:55:cd:24:32:43:39:0f:d3:53:0f:0b:a9:74:5c:4e:
         c4:b3:38:4c:00:60:46:4a:54:ad:62:17:3a:98:30:6e:2b:15:
         a3:52:87:2c:26:20:d0:aa:c1:22:65:fb:44:00:ff:19:e8:0a:
         5c:40:5a:5c:0d:12:bd:2d:9d:a2:bb:b6:82:22:76:00:d2:7a:
         4b:f6:64:39:fe:23:b8:c7:59:a3:ea:9d:c2:56:11:6c:50:ee:
         19:23:4f:ff:d4:07:67:c4:0b:05:f5:26:5a:22:ac:5c:5d:15:
         00:b9:d2:f8:86:36:dd:84:0e:c6:85:15:01:55:69:6a:cc:4f:
         f4:83:7b:4e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCTTry+vatITyZUKg3c8SduGlAOUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDRaFw0yNTA4MjcxNDA0NDRaMDMxMTAvBgNV
BAMTKERBQzM4MTI0QzhBQjJCNjEyREYwNkJDM0U3RkEyQTk0QzVGQzI3NzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxF0SrlHeiyfroU2HqiyanKAWz
Y004cdUqxENVPDVFnopFaWGRvRWY0iJEJ6DIIZqvtmy4YQDfLfqG1iLyG8Aq/8yD
r75kckiTuw6Z2Cb4hWcxxAnTmgXxEKpcfZKkFZTIdBfRpA8JBf75sMLkGSAj8ag0
VyRjInD6XxaEBLDJ/KuImhFsucj7vwj5oWpaCwfipN3lrwNnGp4/jEGtWvLRHHQ3
vYPirqMox3WnS7aFfwba769oxieNXR4BOQkInQVJz89S/tbsFZnOtEFJzoCuA5g8
j2aHx+TqRDEvj6Kw9+JNyQVG0VD7t0+hIUwRa5lFRpjF8q5YQ/D01BTowVsrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU2sOBJMirK2Et8GvD5/oqlMX8J3YwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNTJlMzIzNDM5
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1V
+TANBgkqhkiG9w0BAQsFAAOCAQEAiqxMG3VuuTYZZKi7F7hnqnJOjwDD3Uwc/ouG
/i1e4aAM+h0Bfq0kGQ+Un1lwiZt+Ox79EpWyBlYsK9TWjujGH+IoeExDJYb3Yk5t
z39HZ4NRkVSBsljkpzkgGQgyibDjad7zN6rW/wHrFYeCxhUIl12f0C6WCT5bNe31
qYOja74JVc0kMkM5D9NTDwupdFxOxLM4TABgRkpUrWIXOpgwbisVo1KHLCYg0KrB
ImX7RAD/GegKXEBaXA0SvS2doru2giJ2ANJ6S/ZkOf4juMdZo+qdwlYRbFDuGSNP
/9QHZ8QLBfUmWiKsXF0VALnS+IY23YQOxoUVAVVpasxP9IN7Tg==
-----END CERTIFICATE-----