Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38382e3232332e302f32342d3332203d3e203531313637.roa
File:                     34352e38382e3232332e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          LC3tEoeJdFt6pNs2xu6mQxYMEhmIYLBQ8DYdFvJGVHc=
Subject key identifier:   96:1C:66:B8:22:01:E4:DC:E1:D6:DA:C8:E6:9B:5D:CF:26:DD:FA:33
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3E2C53DCF8FCCC8AE4F2F3C60C7F139F853F9A91
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38382e3232332e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 28 Aug 2024 14:04:44 +0000
ROA not before:           Wed 28 Aug 2024 13:59:44 +0000
ROA not after:            Wed 27 Aug 2025 14:04:44 +0000
asID:                     51167
IP address blocks:        45.88.223.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:2c:53:dc:f8:fc:cc:8a:e4:f2:f3:c6:0c:7f:13:9f:85:3f:9a:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:44 2024 GMT
            Not After : Aug 27 14:04:44 2025 GMT
        Subject: CN=961C66B82201E4DCE1D6DAC8E69B5DCF26DDFA33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0f:12:86:00:f4:05:80:65:a4:0e:a9:ff:01:
                    03:16:69:78:7e:7a:94:29:9e:6f:35:30:a4:ae:99:
                    88:e7:1e:b5:e8:a6:6b:0c:6d:42:ca:05:87:91:d8:
                    45:30:ee:8b:cc:9a:96:d2:e8:91:62:c6:8d:e4:61:
                    ac:eb:f5:8f:b7:f3:ca:4e:c2:f9:71:05:ff:16:68:
                    31:f5:8a:7c:a1:87:b0:8f:bc:38:b4:1a:c3:a2:85:
                    b0:ec:a5:f9:e6:9e:48:25:f6:c9:b2:f8:8a:6c:64:
                    7e:7b:97:95:cd:86:c8:77:d6:67:d3:b3:81:c3:77:
                    16:ff:e0:90:54:a1:a1:45:f0:1c:3e:2d:8a:3f:97:
                    a1:5e:3e:b7:bd:c6:29:f2:f0:ec:60:5d:ff:02:6b:
                    af:c9:83:6a:40:42:04:5d:ea:e1:84:fa:49:34:91:
                    78:7f:e2:a6:1b:a5:92:64:e9:30:f8:cc:8a:de:54:
                    f6:46:e1:9e:3a:71:e9:d6:cf:ff:88:65:88:67:17:
                    59:7e:ac:df:55:62:f0:ee:a3:d5:a3:9c:d3:14:00:
                    43:f0:4b:f5:9a:78:79:de:94:d2:d1:4d:66:12:d9:
                    19:ba:21:04:ad:8c:4f:64:99:40:66:49:36:aa:85:
                    dc:e0:eb:20:97:86:e8:1b:fe:79:b7:6e:3c:35:9e:
                    98:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:1C:66:B8:22:01:E4:DC:E1:D6:DA:C8:E6:9B:5D:CF:26:DD:FA:33
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38382e3232332e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:e0:2c:39:9b:e9:c4:19:f5:a5:fd:c6:8b:c5:d8:be:60:2e:
         1d:e6:5d:18:b5:37:62:86:e8:3b:52:42:e5:b6:51:66:64:77:
         07:bb:55:3b:65:aa:e3:a9:37:a0:ea:40:52:55:05:ff:52:19:
         cd:f2:8e:5a:12:13:59:66:cd:98:8b:d0:60:69:d1:4c:90:4e:
         0c:bf:97:24:13:c6:bd:a7:e2:0a:6e:c7:43:6d:dd:d1:48:9c:
         5b:64:60:f0:4b:55:07:05:dc:0d:24:3e:c6:86:18:d8:ce:f1:
         6f:bf:8b:9e:41:68:4f:96:3d:f2:fc:7c:08:d7:55:26:b6:c4:
         8b:e4:44:f7:87:2b:38:8e:73:98:4a:79:7f:a2:6d:ac:7e:e2:
         25:43:30:5c:20:38:55:37:de:96:15:8f:92:d4:e9:93:e7:97:
         04:9a:26:00:87:ae:17:c1:94:99:b4:ea:cf:10:ef:5b:0c:2f:
         10:40:24:ed:99:41:9d:4f:38:35:0e:ce:16:a4:11:15:e7:2f:
         d3:24:b9:51:4c:97:b1:ec:8c:d5:a3:07:70:67:40:5a:9e:8f:
         f8:76:41:b6:68:30:cf:07:15:b7:34:b1:c6:b6:25:44:48:69:
         97:c9:25:48:52:f5:6b:f3:4a:52:c9:4f:aa:5d:bd:23:80:00:
         21:93:2a:f2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPixT3Pj8zIrk8vPGDH8Tn4U/mpEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDRaFw0yNTA4MjcxNDA0NDRaMDMxMTAvBgNV
BAMTKDk2MUM2NkI4MjIwMUU0RENFMUQ2REFDOEU2OUI1RENGMjZEREZBMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrDxKGAPQFgGWkDqn/AQMWaXh+
epQpnm81MKSumYjnHrXopmsMbULKBYeR2EUw7ovMmpbS6JFixo3kYazr9Y+388pO
wvlxBf8WaDH1inyhh7CPvDi0GsOihbDspfnmnkgl9smy+IpsZH57l5XNhsh31mfT
s4HDdxb/4JBUoaFF8Bw+LYo/l6FePre9xiny8OxgXf8Ca6/Jg2pAQgRd6uGE+kk0
kXh/4qYbpZJk6TD4zIreVPZG4Z46cenWz/+IZYhnF1l+rN9VYvDuo9WjnNMUAEPw
S/WaeHnelNLRTWYS2Rm6IQStjE9kmUBmSTaqhdzg6yCXhugb/nm3bjw1npjnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUlhxmuCIB5Nzh1trI5ptdzybd+jMwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzODJlMzIzMjMz
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
3zANBgkqhkiG9w0BAQsFAAOCAQEAOeAsOZvpxBn1pf3Gi8XYvmAuHeZdGLU3Yobo
O1JC5bZRZmR3B7tVO2Wq46k3oOpAUlUF/1IZzfKOWhITWWbNmIvQYGnRTJBODL+X
JBPGvafiCm7HQ23d0UicW2Rg8EtVBwXcDSQ+xoYY2M7xb7+LnkFoT5Y98vx8CNdV
JrbEi+RE94crOI5zmEp5f6JtrH7iJUMwXCA4VTfelhWPktTpk+eXBJomAIeuF8GU
mbTqzxDvWwwvEEAk7ZlBnU84NQ7OFqQRFecv0yS5UUyXseyM1aMHcGdAWp6P+HZB
tmgwzwcVtzSxxrYlREhpl8klSFL1a/NKUslPql29I4AAIZMq8g==
-----END CERTIFICATE-----