Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38372e382e302f32322d3234203d3e20323031333431.roa
File:                     34352e38372e382e302f32322d3234203d3e20323031333431.roa (raw, json)
Hash identifier:          9gB9LCCFJJGmfCbYaFSOV9O/lEyw7eBjhCJPU96ZsFY=
Subject key identifier:   BF:8E:78:8B:1D:C2:FD:81:2F:D8:AE:AD:CC:DB:4F:B3:63:F2:4E:AD
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5A86B21B9424A6D5A1A2F8D6112919B4A5366DD6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38372e382e302f32322d3234203d3e20323031333431.roa
Signing time:             Thu 31 Aug 2023 14:08:13 +0000
ROA not before:           Thu 31 Aug 2023 14:03:13 +0000
ROA not after:            Thu 29 Aug 2024 14:08:13 +0000
asID:                     201341
IP address blocks:        45.87.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:86:b2:1b:94:24:a6:d5:a1:a2:f8:d6:11:29:19:b4:a5:36:6d:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 31 14:03:13 2023 GMT
            Not After : Aug 29 14:08:13 2024 GMT
        Subject: CN=BF8E788B1DC2FD812FD8AEADCCDB4FB363F24EAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:57:65:7d:a8:68:a3:91:a3:bc:73:c9:77:94:
                    3e:c6:90:44:29:a8:9e:38:fe:96:0f:a2:cf:11:ac:
                    a3:79:00:7a:ae:76:3c:2d:eb:1f:f5:70:ed:83:a1:
                    da:24:22:f4:b8:be:cb:8d:37:8a:66:27:2e:78:5d:
                    8b:2f:04:9a:12:01:fc:55:0e:f7:00:c2:25:fe:66:
                    7e:63:7f:2b:b4:7b:46:e3:e0:c5:7e:8b:3c:5b:96:
                    4e:63:4c:50:dd:69:68:ce:e1:d1:ed:5e:32:22:dc:
                    3b:19:cb:88:0a:53:3b:42:1f:47:6c:8e:8d:b2:b0:
                    36:f5:e6:7d:48:a4:fb:ff:6b:97:31:5d:20:ff:eb:
                    c7:1f:38:4a:74:d0:23:10:f5:b9:49:ec:b6:0c:4d:
                    01:5e:2a:86:9b:26:dc:ed:07:70:bb:f9:39:dc:c4:
                    44:41:9e:47:df:1c:a1:fc:fe:a0:eb:15:e2:6d:86:
                    f6:6d:38:68:44:f2:a6:26:29:9f:30:85:0c:4d:7c:
                    73:cf:1b:19:d7:d6:5f:cc:34:d7:4f:93:0b:21:0b:
                    16:f8:98:e6:eb:f9:24:fe:09:6b:bb:87:1b:f0:18:
                    28:cb:e5:35:55:46:31:41:41:0b:6d:86:1f:b5:5c:
                    41:3c:4c:84:53:71:0c:1a:a1:99:fe:e8:d8:97:07:
                    15:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8E:78:8B:1D:C2:FD:81:2F:D8:AE:AD:CC:DB:4F:B3:63:F2:4E:AD
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38372e382e302f32322d3234203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:84:00:00:68:4e:ba:33:83:da:25:65:35:10:0e:d7:a2:3a:
         0e:ee:be:a7:ca:6a:01:a9:43:a0:fe:19:82:8b:83:c4:aa:42:
         e7:71:ed:5d:f5:06:e8:74:05:9e:ac:3f:53:d7:db:66:43:ec:
         b8:70:8d:96:94:f5:b9:29:ad:ae:89:bb:cb:20:80:df:21:a3:
         b6:f9:24:bf:ef:c8:30:97:8e:47:9e:b1:96:f7:7f:2b:8a:bf:
         52:d4:b9:97:c8:98:91:e2:1b:ce:ff:a7:ff:59:5a:e6:e6:7d:
         c4:9a:59:4e:ff:40:3d:70:74:f6:b4:6c:88:07:53:75:16:fa:
         4e:09:cf:45:38:77:e7:33:45:d3:fe:82:fc:ed:78:3b:d1:c2:
         85:0b:7c:dc:89:fd:f2:a3:ff:2d:e3:3c:ae:00:16:9e:39:51:
         57:df:ce:30:7f:af:fc:bd:9b:31:3e:e4:a6:25:46:1d:56:75:
         56:d0:5f:4e:3d:38:35:e1:37:bf:db:55:4e:4d:e2:96:08:f7:
         83:4f:49:86:40:29:a4:5f:61:24:e8:27:ec:26:6e:64:1d:5c:
         7d:d8:6d:a5:15:f9:98:92:17:b6:00:b0:8a:15:5b:36:b6:89:
         69:a7:a2:54:af:eb:dc:8a:ef:0b:52:36:ff:f6:15:e1:1b:17:
         bb:1d:db:d3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWoayG5QkptWhovjWESkZtKU2bdYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MzExNDAzMTNaFw0yNDA4MjkxNDA4MTNaMDMxMTAvBgNV
BAMTKEJGOEU3ODhCMURDMkZEODEyRkQ4QUVBRENDREI0RkIzNjNGMjRFQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4V2V9qGijkaO8c8l3lD7GkEQp
qJ44/pYPos8RrKN5AHqudjwt6x/1cO2DodokIvS4vsuNN4pmJy54XYsvBJoSAfxV
DvcAwiX+Zn5jfyu0e0bj4MV+izxblk5jTFDdaWjO4dHtXjIi3DsZy4gKUztCH0ds
jo2ysDb15n1IpPv/a5cxXSD/68cfOEp00CMQ9blJ7LYMTQFeKoabJtztB3C7+Tnc
xERBnkffHKH8/qDrFeJthvZtOGhE8qYmKZ8whQxNfHPPGxnX1l/MNNdPkwshCxb4
mObr+ST+CWu7hxvwGCjL5TVVRjFBQQtthh+1XEE8TIRTcQwaoZn+6NiXBxWDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUv454ix3C/YEv2K6tzNtPs2PyTq0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNzJlMzgyZTMw
MmYzMjMyMmQzMjM0MjAzZDNlMjAzMjMwMzEzMzM0MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItVwgw
DQYJKoZIhvcNAQELBQADggEBAC+EAABoTrozg9olZTUQDteiOg7uvqfKagGpQ6D+
GYKLg8SqQudx7V31Buh0BZ6sP1PX22ZD7LhwjZaU9bkpra6Ju8sggN8ho7b5JL/v
yDCXjkeesZb3fyuKv1LUuZfImJHiG87/p/9ZWubmfcSaWU7/QD1wdPa0bIgHU3UW
+k4Jz0U4d+czRdP+gvzteDvRwoULfNyJ/fKj/y3jPK4AFp45UVffzjB/r/y9mzE+
5KYlRh1WdVbQX049ODXhN7/bVU5N4pYI94NPSYZAKaRfYSToJ+wmbmQdXH3YbaUV
+ZiSF7YAsIoVWza2iWmnolSv69yK7wtSNv/2FeEbF7sd29M=
-----END CERTIFICATE-----