Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e392e3138382e302f32322d3234203d3e203437353833.roa
File:                     34352e392e3138382e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          WX0EVk25UeDATWMaW5iLpNS8hD//P4hkwFtWUSLO1Xw=
Subject key identifier:   AD:4E:E0:AA:12:C0:40:E7:40:06:DF:1A:28:EC:E6:7F:8F:DF:2C:94
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70801564B3A73684AD7029E17205B03F4AD61A98
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e392e3138382e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 27 Jan 2025 09:45:12 +0000
ROA not before:           Mon 27 Jan 2025 09:40:12 +0000
ROA not after:            Mon 26 Jan 2026 09:45:12 +0000
asID:                     47583
IP address blocks:        45.9.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:80:15:64:b3:a7:36:84:ad:70:29:e1:72:05:b0:3f:4a:d6:1a:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jan 27 09:40:12 2025 GMT
            Not After : Jan 26 09:45:12 2026 GMT
        Subject: CN=AD4EE0AA12C040E74006DF1A28ECE67F8FDF2C94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:10:80:93:0e:a2:b8:79:b6:7d:90:27:21:4c:
                    b8:f9:43:43:3b:55:23:be:13:2c:c0:24:df:73:f9:
                    a1:a7:f3:fc:3a:bd:ea:a9:e9:ce:4e:20:b7:2f:9a:
                    c9:50:41:46:a7:3e:f6:d2:92:2e:3f:6e:2e:ba:a2:
                    f3:4f:d4:cd:e7:97:64:53:35:2f:33:06:02:c1:fe:
                    46:ae:29:df:a1:65:8c:a3:76:80:81:85:4c:3f:0f:
                    19:1a:3b:dd:72:83:20:2e:07:ac:39:4d:5b:0d:8c:
                    3a:3b:88:f3:92:42:7e:f6:b8:99:e2:31:1c:cd:2e:
                    26:39:6f:5c:e7:8c:d8:a5:17:e7:87:cf:a2:c6:5b:
                    a4:d9:c1:5c:ee:6e:16:c2:88:55:2e:47:75:3c:b5:
                    12:7e:4a:ce:33:59:c5:1b:ef:64:01:35:66:3f:a9:
                    11:cb:3a:8d:16:e4:9f:90:b8:52:f1:0d:32:d5:95:
                    82:df:13:df:d7:81:55:74:80:84:f2:f0:93:4f:e6:
                    b0:5b:5d:81:2e:16:be:66:21:2b:d5:9b:60:30:de:
                    76:bf:92:bd:e4:29:59:b6:fc:da:01:c3:37:9e:96:
                    b0:cc:0f:a8:60:fb:7b:3a:e2:a1:b4:d4:3a:f6:17:
                    07:0b:a5:52:b0:e4:ae:ee:1c:75:a5:fa:c1:4a:0a:
                    fd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:4E:E0:AA:12:C0:40:E7:40:06:DF:1A:28:EC:E6:7F:8F:DF:2C:94
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e392e3138382e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:c4:85:e5:e0:48:d9:55:86:f6:7b:70:a6:3f:d7:c2:61:da:
         54:00:02:67:82:6b:a5:4e:8e:c6:b2:93:27:ee:0d:bc:0d:0c:
         65:b3:89:0f:11:de:37:2b:55:82:e9:3d:db:cc:e3:64:5a:b2:
         e0:dc:72:10:be:93:b2:86:94:61:41:58:a8:ec:b9:e5:1a:78:
         d4:16:b5:35:d7:66:05:d7:39:d1:aa:fa:8e:9c:5c:80:86:33:
         a7:25:5c:92:93:cf:a9:38:27:80:a7:9f:2d:70:de:e5:7f:f3:
         2f:a1:0b:e7:44:c2:22:e1:7c:9f:e8:64:9e:cb:03:20:e6:cc:
         8c:cc:b7:03:28:2e:ea:ef:3c:5a:d8:eb:42:7b:db:c3:b6:fa:
         49:e2:42:e7:cb:95:b7:4d:d0:e8:3c:e8:f3:f0:94:04:91:d8:
         f8:e2:67:bb:a4:ed:61:8d:89:44:40:e1:14:cb:59:53:b8:e5:
         ff:36:65:c7:36:3a:13:59:02:3f:0e:ed:36:61:77:95:bd:ce:
         08:d7:1b:a5:22:36:bc:c8:c3:c0:59:34:5d:c7:f3:e1:1f:51:
         fc:82:5f:43:b7:3e:37:88:ce:02:0d:4c:ec:70:0b:cd:fb:52:
         01:51:64:a3:1d:20:4c:7c:bf:e9:67:7c:87:12:26:6e:72:cf:
         ec:18:5c:fb
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUcIAVZLOnNoStcCnhcgWwP0rWGpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTAxMjcwOTQwMTJaFw0yNjAxMjYwOTQ1MTJaMDMxMTAvBgNV
BAMTKEFENEVFMEFBMTJDMDQwRTc0MDA2REYxQTI4RUNFNjdGOEZERjJDOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiEICTDqK4ebZ9kCchTLj5Q0M7
VSO+EyzAJN9z+aGn8/w6veqp6c5OILcvmslQQUanPvbSki4/bi66ovNP1M3nl2RT
NS8zBgLB/kauKd+hZYyjdoCBhUw/DxkaO91ygyAuB6w5TVsNjDo7iPOSQn72uJni
MRzNLiY5b1znjNilF+eHz6LGW6TZwVzubhbCiFUuR3U8tRJ+Ss4zWcUb72QBNWY/
qRHLOo0W5J+QuFLxDTLVlYLfE9/XgVV0gITy8JNP5rBbXYEuFr5mISvVm2Aw3na/
kr3kKVm2/NoBwzeelrDMD6hg+3s64qG01Dr2FwcLpVKw5K7uHHWl+sFKCv3fAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUrU7gqhLAQOdABt8aKOzmf4/fLJQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkyZTMxMzgzODJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDM0MzczNTM4MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItCbww
DQYJKoZIhvcNAQELBQADggEBACbEheXgSNlVhvZ7cKY/18Jh2lQAAmeCa6VOjsay
kyfuDbwNDGWziQ8R3jcrVYLpPdvM42RasuDcchC+k7KGlGFBWKjsueUaeNQWtTXX
ZgXXOdGq+o6cXICGM6clXJKTz6k4J4Cnny1w3uV/8y+hC+dEwiLhfJ/oZJ7LAyDm
zIzMtwMoLurvPFrY60J728O2+kniQufLlbdN0Og86PPwlASR2PjiZ7uk7WGNiURA
4RTLWVO45f82Zcc2OhNZAj8O7TZhd5W9zgjXG6UiNrzIw8BZNF3H8+EfUfyCX0O3
PjeIzgINTOxwC837UgFRZKMdIEx8v+lnfIcSJm5yz+wYXPs=
-----END CERTIFICATE-----