Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3235302e302f32342d3332203d3e203531313637.roa
File:                     34352e38352e3235302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          UbHPuF37E0kHesg/9m2zQo4ylB4yaCza7/GDXo5gQ0A=
Subject key identifier:   A2:0D:5A:C6:F7:3B:77:9B:DF:A5:44:DA:E3:F4:A4:1C:D1:68:EA:89
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6C3EB3523AFD7ED0ABFF7383BFEE632D191E898B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3235302e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 28 Aug 2024 14:04:44 +0000
ROA not before:           Wed 28 Aug 2024 13:59:44 +0000
ROA not after:            Wed 27 Aug 2025 14:04:44 +0000
asID:                     51167
IP address blocks:        45.85.250.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 13:21:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:3e:b3:52:3a:fd:7e:d0:ab:ff:73:83:bf:ee:63:2d:19:1e:89:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:44 2024 GMT
            Not After : Aug 27 14:04:44 2025 GMT
        Subject: CN=A20D5AC6F73B779BDFA544DAE3F4A41CD168EA89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:9c:4c:94:3e:fe:bc:4d:53:6a:9e:75:56:05:
                    43:ad:5d:ca:ce:fb:c1:5c:3a:8e:6e:9d:24:73:75:
                    9f:32:48:ed:e3:02:cd:5f:7a:26:91:30:1a:b9:8e:
                    86:11:6c:15:5c:01:da:c4:5e:11:f2:ba:26:40:94:
                    b5:5b:44:4c:95:ab:4e:27:f9:04:a7:f6:1f:c4:87:
                    37:d7:7d:ce:ff:48:f1:71:bb:4e:db:04:33:a8:05:
                    5c:06:61:55:7e:f8:49:b4:0f:df:5e:66:da:ac:b1:
                    1d:31:fb:69:4e:d6:1e:19:03:c2:77:90:26:de:d9:
                    11:64:b4:01:ab:87:6c:d0:95:8c:a7:4b:d2:34:e1:
                    15:ce:29:93:65:02:b3:a1:6f:16:a1:45:fb:d4:95:
                    b4:84:09:8c:f2:8e:8b:24:af:1b:04:4e:0d:d5:60:
                    11:35:b8:ca:ff:af:15:60:9a:b7:1a:c5:60:76:cb:
                    e1:59:bd:da:65:df:76:8d:e3:63:5d:30:f5:8c:d5:
                    a3:41:09:65:1a:e2:16:c5:7a:a9:b8:c9:69:58:d4:
                    1c:33:db:ef:16:91:eb:cd:6a:ce:a1:c4:87:26:3f:
                    ff:86:51:60:c2:26:4a:4f:1e:5c:66:16:0e:be:2a:
                    13:40:2d:fe:78:de:e9:5f:60:1c:22:60:92:dc:a3:
                    8b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:0D:5A:C6:F7:3B:77:9B:DF:A5:44:DA:E3:F4:A4:1C:D1:68:EA:89
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3235302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e2:41:9e:a1:8b:11:37:90:5e:d6:6b:90:4a:a9:1a:a3:8f:
         dd:d9:21:e8:72:ad:93:e4:73:34:2d:e0:f8:33:b9:1c:2e:d4:
         73:29:0d:6b:0b:69:a7:05:d1:c4:e1:9d:02:5c:ce:83:e2:04:
         8d:d8:07:c0:6f:c0:9a:de:e7:f5:c4:c1:d4:b3:e4:20:fc:e1:
         ed:08:1d:d4:09:84:fe:77:77:cc:b9:97:e1:ce:ae:14:48:83:
         37:71:03:49:eb:2c:4f:53:e4:fa:63:dd:3c:51:22:96:33:23:
         aa:52:a9:f1:00:b8:24:f9:c6:ce:b9:5d:8f:a9:6a:3e:ab:e2:
         d4:26:64:03:77:b2:5f:20:f7:99:39:2e:16:d6:97:da:32:a7:
         e5:fa:3e:66:6a:ab:59:0b:3c:7a:74:ae:a4:10:6b:49:f9:95:
         00:1d:28:cf:1a:97:22:74:21:6b:94:fb:53:12:c9:e6:08:8f:
         5f:ed:cb:61:81:a9:f3:cf:1f:f6:fc:8b:d1:39:76:10:06:c6:
         c7:0b:60:fe:34:b6:5c:34:6d:7c:9a:c7:70:ba:63:15:21:18:
         f0:21:1b:03:c0:67:a3:c6:d5:d3:ff:2f:28:6b:2a:01:8d:53:
         f3:21:0a:f3:52:09:78:4f:6c:80:be:21:26:e9:7e:d1:4d:f2:
         2f:75:a6:63
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbD6zUjr9ftCr/3ODv+5jLRkeiYswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDRaFw0yNTA4MjcxNDA0NDRaMDMxMTAvBgNV
BAMTKEEyMEQ1QUM2RjczQjc3OUJERkE1NDREQUUzRjRBNDFDRDE2OEVBODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtnEyUPv68TVNqnnVWBUOtXcrO
+8FcOo5unSRzdZ8ySO3jAs1feiaRMBq5joYRbBVcAdrEXhHyuiZAlLVbREyVq04n
+QSn9h/EhzfXfc7/SPFxu07bBDOoBVwGYVV++Em0D99eZtqssR0x+2lO1h4ZA8J3
kCbe2RFktAGrh2zQlYynS9I04RXOKZNlArOhbxahRfvUlbSECYzyjoskrxsETg3V
YBE1uMr/rxVgmrcaxWB2y+FZvdpl33aN42NdMPWM1aNBCWUa4hbFeqm4yWlY1Bwz
2+8WkevNas6hxIcmP/+GUWDCJkpPHlxmFg6+KhNALf543ulfYBwiYJLco4u9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUog1axvc7d5vfpUTa4/SkHNFo6okwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNTJlMzIzNTMw
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1V
+jANBgkqhkiG9w0BAQsFAAOCAQEALuJBnqGLETeQXtZrkEqpGqOP3dkh6HKtk+Rz
NC3g+DO5HC7UcykNawtppwXRxOGdAlzOg+IEjdgHwG/Amt7n9cTB1LPkIPzh7Qgd
1AmE/nd3zLmX4c6uFEiDN3EDSessT1Pk+mPdPFEiljMjqlKp8QC4JPnGzrldj6lq
Pqvi1CZkA3eyXyD3mTkuFtaX2jKn5fo+ZmqrWQs8enSupBBrSfmVAB0ozxqXInQh
a5T7UxLJ5giPX+3LYYGp888f9vyL0Tl2EAbGxwtg/jS2XDRtfJrHcLpjFSEY8CEb
A8Bno8bV0/8vKGsqAY1T8yEK81IJeE9sgL4hJul+0U3yL3WmYw==
-----END CERTIFICATE-----