Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3235302e302f32342d3332203d3e203531313637.roa
File:                     34352e38352e3235302e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          0lBfcEW5cw9/e52xnVAEEk4yN7xknflAvCzPOxSCxTU=
Subject key identifier:   C9:A5:33:D2:2A:52:09:FA:09:95:7E:50:88:16:7E:A1:EB:05:2D:E0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       6584582AEF6259437FA6B7BA14E6E159801CBA6A
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3235302e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 27 Sep 2023 13:40:11 +0000
ROA not before:           Wed 27 Sep 2023 13:35:11 +0000
ROA not after:            Wed 25 Sep 2024 13:40:11 +0000
asID:                     51167
IP address blocks:        45.85.250.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:84:58:2a:ef:62:59:43:7f:a6:b7:ba:14:e6:e1:59:80:1c:ba:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 13:35:11 2023 GMT
            Not After : Sep 25 13:40:11 2024 GMT
        Subject: CN=C9A533D22A5209FA09957E5088167EA1EB052DE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e6:29:32:77:45:35:70:70:8f:cc:e3:ed:9e:
                    df:18:21:2f:44:2a:d1:40:8b:cf:95:fa:dd:94:e2:
                    1d:b4:c2:74:e7:9d:b0:a7:bd:8e:8b:b3:e9:cd:57:
                    1e:2e:e9:78:ca:ef:fb:4d:a3:13:79:d8:5e:05:97:
                    e7:13:57:70:1c:04:2e:0b:35:30:f1:70:2c:2c:05:
                    2b:f3:88:b0:f1:5a:c6:b9:7a:e1:d5:9d:0d:34:6a:
                    55:5a:6b:3e:29:8c:13:00:56:12:64:bd:9e:b4:e2:
                    f6:b9:36:5e:9f:ff:0f:18:a6:86:6f:6c:a7:c8:09:
                    e2:34:07:30:76:e9:31:ef:7d:20:2b:63:f2:af:ae:
                    a1:d7:bc:1b:1e:3a:41:67:0c:50:de:18:b3:d5:2c:
                    1b:b8:b8:d7:be:c4:ea:8a:70:b1:ae:28:6b:ad:0c:
                    14:dd:1a:e0:e3:48:46:9f:57:e2:27:ae:eb:ca:25:
                    4e:16:16:24:bc:42:4a:e1:57:61:aa:3a:ad:97:92:
                    93:c8:d6:46:1b:32:33:90:e9:c0:ba:cc:8c:50:df:
                    21:79:d0:c9:de:df:bc:74:ef:4a:78:99:19:d1:23:
                    49:d8:bf:81:1c:44:be:29:ac:f9:e7:ed:27:34:81:
                    35:a9:75:2e:53:fe:f5:57:16:69:c3:93:86:5e:8d:
                    88:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:A5:33:D2:2A:52:09:FA:09:95:7E:50:88:16:7E:A1:EB:05:2D:E0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3235302e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:82:65:31:ab:d9:d9:48:b4:74:71:55:b6:af:99:2a:ae:6d:
         c9:62:3a:1e:35:0c:24:87:f9:f0:99:cb:41:71:b9:6b:e8:98:
         48:d5:be:9b:f4:b4:13:87:5a:b0:ac:07:b5:cd:29:14:d4:94:
         48:e5:78:41:a8:54:1d:27:82:5c:e8:f1:50:b2:e3:a5:ab:4f:
         52:af:fc:3a:67:c1:74:1a:dd:dd:28:55:77:d8:37:8b:8d:0d:
         47:85:e5:50:9e:6e:ad:33:e8:cb:b7:f9:8d:87:35:09:39:31:
         7a:ed:aa:e6:0d:ab:d1:cc:31:57:10:db:9c:d0:ef:cd:f7:69:
         33:e3:b2:9b:ce:ab:38:80:d6:d8:39:f4:80:cf:ce:f6:4c:5e:
         45:12:b0:3d:7d:30:1d:5e:72:8a:c0:80:83:d4:64:39:dd:27:
         6f:99:b8:ab:15:da:c9:14:2e:81:d5:0a:59:14:e7:1c:b5:9a:
         bc:28:c9:51:12:1a:77:7c:9e:07:3d:89:73:a3:15:0d:14:72:
         8c:c2:8d:3c:e0:44:cc:f7:5f:66:16:1e:ed:42:de:e4:c7:82:
         fa:17:ff:e5:57:19:72:b7:97:91:1a:3e:2f:6a:d5:10:66:25:
         35:03:6b:f8:71:24:30:80:61:c6:ec:d3:94:9a:ff:f0:3a:5f:
         7c:d1:a8:15
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZYRYKu9iWUN/pre6FObhWYAcumowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxMzM1MTFaFw0yNDA5MjUxMzQwMTFaMDMxMTAvBgNV
BAMTKEM5QTUzM0QyMkE1MjA5RkEwOTk1N0U1MDg4MTY3RUExRUIwNTJERTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ5ikyd0U1cHCPzOPtnt8YIS9E
KtFAi8+V+t2U4h20wnTnnbCnvY6Ls+nNVx4u6XjK7/tNoxN52F4Fl+cTV3AcBC4L
NTDxcCwsBSvziLDxWsa5euHVnQ00alVaaz4pjBMAVhJkvZ604va5Nl6f/w8YpoZv
bKfICeI0BzB26THvfSArY/KvrqHXvBseOkFnDFDeGLPVLBu4uNe+xOqKcLGuKGut
DBTdGuDjSEafV+InruvKJU4WFiS8QkrhV2GqOq2XkpPI1kYbMjOQ6cC6zIxQ3yF5
0Mne37x070p4mRnRI0nYv4EcRL4prPnn7Sc0gTWpdS5T/vVXFmnDk4ZejYjTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyaUz0ipSCfoJlX5QiBZ+oesFLeAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNTJlMzIzNTMw
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1V
+jANBgkqhkiG9w0BAQsFAAOCAQEAAYJlMavZ2Ui0dHFVtq+ZKq5tyWI6HjUMJIf5
8JnLQXG5a+iYSNW+m/S0E4dasKwHtc0pFNSUSOV4QahUHSeCXOjxULLjpatPUq/8
OmfBdBrd3ShVd9g3i40NR4XlUJ5urTPoy7f5jYc1CTkxeu2q5g2r0cwxVxDbnNDv
zfdpM+Oym86rOIDW2Dn0gM/O9kxeRRKwPX0wHV5yisCAg9RkOd0nb5m4qxXayRQu
gdUKWRTnHLWavCjJURIad3yeBz2Jc6MVDRRyjMKNPOBEzPdfZhYe7ULe5MeC+hf/
5VcZcreXkRo+L2rVEGYlNQNr+HEkMIBhxuzTlJr/8DpffNGoFQ==
-----END CERTIFICATE-----