Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38382e3232332e302f32342d3332203d3e203531313637.roa
File:                     34352e38382e3232332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          0Vc+VHT2WiSKGfgae4u0XrhS9/EpUNDvNi0tM5y2dSk=
Subject key identifier:   89:62:DD:A3:24:EC:37:BD:8F:A6:D6:03:88:8D:D9:75:34:41:44:F2
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       78137236EF6D6D5591042D0C6D9B2CEF763890BC
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38382e3232332e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 27 Sep 2023 13:40:10 +0000
ROA not before:           Wed 27 Sep 2023 13:35:10 +0000
ROA not after:            Wed 25 Sep 2024 13:40:10 +0000
asID:                     51167
IP address blocks:        45.88.223.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:13:72:36:ef:6d:6d:55:91:04:2d:0c:6d:9b:2c:ef:76:38:90:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 13:35:10 2023 GMT
            Not After : Sep 25 13:40:10 2024 GMT
        Subject: CN=8962DDA324EC37BD8FA6D603888DD975344144F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f8:ad:b9:78:50:cf:ca:70:e4:fa:f0:f3:7d:
                    f5:9f:72:03:63:df:08:a8:3c:9e:e1:02:4e:64:8a:
                    02:00:84:e3:c5:13:62:1a:ef:b0:1e:58:6a:07:dc:
                    d5:fb:5e:c8:16:90:c2:dd:8e:62:3f:31:58:52:49:
                    2f:ae:a1:1f:a4:87:a1:ac:f0:ee:10:6c:30:a1:52:
                    f9:80:85:39:b7:82:7e:05:59:2e:61:ef:75:d4:50:
                    ed:0f:2b:e0:ca:df:94:30:1d:72:f2:af:a6:e8:c9:
                    ec:8b:21:ff:de:63:74:f9:58:d7:d9:56:a9:7d:e2:
                    95:35:11:26:cf:d4:6b:9f:9a:6f:6c:bb:94:1f:89:
                    84:f9:46:48:60:fb:6a:35:8a:c2:ab:0a:c5:2e:a2:
                    08:19:51:93:b4:40:7e:0f:c5:65:d4:ba:78:e2:c0:
                    03:8d:c2:0b:e6:a9:ec:a0:91:d6:44:a1:13:42:fd:
                    47:67:c8:b8:3f:94:14:8b:37:a1:73:6d:13:91:0e:
                    c2:29:73:c3:41:db:e7:d1:a0:e1:0a:7c:27:4f:f3:
                    73:74:85:72:c4:1e:3b:70:84:44:44:66:b6:4a:bd:
                    ca:96:ae:c9:46:21:e0:62:31:15:76:09:54:7d:45:
                    84:60:c2:c0:96:ac:72:cb:f5:a3:7d:76:81:4f:85:
                    3c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:62:DD:A3:24:EC:37:BD:8F:A6:D6:03:88:8D:D9:75:34:41:44:F2
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38382e3232332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:e6:ef:f8:b4:10:6a:74:81:94:95:ed:d9:ff:d8:38:87:5c:
         95:c1:8a:69:c6:93:2e:8d:3f:5f:91:c9:48:26:e2:1c:b2:2d:
         13:c6:28:3d:93:71:82:07:31:75:7f:7c:e3:93:d8:e8:c4:f8:
         75:8c:6e:4a:12:20:51:e6:be:94:65:92:91:aa:5b:b8:99:c1:
         94:03:78:73:29:34:e5:0a:41:87:a1:7c:74:6e:2e:e7:7f:d3:
         01:54:f4:10:9d:dc:13:3f:8f:c6:ca:9f:35:4f:61:e6:ad:b4:
         df:96:50:94:91:19:3a:18:bd:47:16:34:5b:90:09:09:9c:fe:
         30:d8:a4:a9:5a:93:b5:d2:47:e1:23:10:98:da:23:1a:2f:6c:
         04:6d:35:2e:d0:20:01:59:8e:0a:98:97:f5:97:33:5f:0e:0b:
         3e:86:84:80:4b:0b:25:4b:f0:67:29:c9:a5:d7:f7:84:ad:8b:
         bd:40:3f:61:7e:7a:c4:20:84:9f:5f:8c:de:7d:67:72:0d:96:
         a0:28:95:e8:6f:04:d0:06:26:e3:ef:ed:09:e3:4a:cf:4a:2c:
         c5:ba:57:31:fa:23:d2:8d:96:92:68:fa:d6:8b:e7:a7:cc:3c:
         f3:f7:0f:ad:79:1f:f3:7d:7b:9a:23:31:3d:71:5a:03:c4:94:
         ab:2e:75:4a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeBNyNu9tbVWRBC0MbZss73Y4kLwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxMzM1MTBaFw0yNDA5MjUxMzQwMTBaMDMxMTAvBgNV
BAMTKDg5NjJEREEzMjRFQzM3QkQ4RkE2RDYwMzg4OEREOTc1MzQ0MTQ0RjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS+K25eFDPynDk+vDzffWfcgNj
3wioPJ7hAk5kigIAhOPFE2Ia77AeWGoH3NX7XsgWkMLdjmI/MVhSSS+uoR+kh6Gs
8O4QbDChUvmAhTm3gn4FWS5h73XUUO0PK+DK35QwHXLyr6boyeyLIf/eY3T5WNfZ
Vql94pU1ESbP1Gufmm9su5QfiYT5Rkhg+2o1isKrCsUuoggZUZO0QH4PxWXUunji
wAONwgvmqeygkdZEoRNC/UdnyLg/lBSLN6FzbRORDsIpc8NB2+fRoOEKfCdP83N0
hXLEHjtwhEREZrZKvcqWrslGIeBiMRV2CVR9RYRgwsCWrHLL9aN9doFPhTzFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiWLdoyTsN72PptYDiI3ZdTRBRPIwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzODJlMzIzMjMz
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
3zANBgkqhkiG9w0BAQsFAAOCAQEAeObv+LQQanSBlJXt2f/YOIdclcGKacaTLo0/
X5HJSCbiHLItE8YoPZNxggcxdX9845PY6MT4dYxuShIgUea+lGWSkapbuJnBlAN4
cyk05QpBh6F8dG4u53/TAVT0EJ3cEz+PxsqfNU9h5q2035ZQlJEZOhi9RxY0W5AJ
CZz+MNikqVqTtdJH4SMQmNojGi9sBG01LtAgAVmOCpiX9ZczXw4LPoaEgEsLJUvw
ZynJpdf3hK2LvUA/YX56xCCEn1+M3n1ncg2WoCiV6G8E0AYm4+/tCeNKz0osxbpX
Mfoj0o2Wkmj61ovnp8w88/cPrXkf8317miMxPXFaA8SUqy51Sg==
-----END CERTIFICATE-----