Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e35322e302f32322d3234203d3e20323033303631.roa
File:                     34352e39332e35322e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          1lyL3U76TvszMqbjXkwxF5sAXbeMmrxGzhr0eVg3NMU=
Subject key identifier:   7F:D9:83:7F:FD:EC:92:D7:3E:F4:0F:AB:08:A5:2F:2E:B4:A2:51:AA
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       74850F7143878E53C08E954A931FE5994AD3B51F
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e35322e302f32322d3234203d3e20323033303631.roa
Signing time:             Wed 28 Aug 2024 14:04:43 +0000
ROA not before:           Wed 28 Aug 2024 13:59:43 +0000
ROA not after:            Wed 27 Aug 2025 14:04:43 +0000
asID:                     203061
IP address blocks:        45.93.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:85:0f:71:43:87:8e:53:c0:8e:95:4a:93:1f:e5:99:4a:d3:b5:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 28 13:59:43 2024 GMT
            Not After : Aug 27 14:04:43 2025 GMT
        Subject: CN=7FD9837FFDEC92D73EF40FAB08A52F2EB4A251AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:92:8e:95:19:b1:35:5b:46:22:f1:5e:5e:1d:
                    1e:7c:aa:1b:52:43:95:64:7b:e8:5e:3d:d5:31:94:
                    ab:d6:51:e1:4a:2a:aa:ed:65:04:be:f8:76:03:41:
                    e1:ff:a8:94:8d:86:69:7c:cd:2b:20:c4:38:ff:92:
                    d8:33:92:60:a6:f3:e5:7b:2e:bf:eb:1d:21:26:31:
                    18:48:c2:33:8c:3b:68:95:60:3e:54:ac:a8:0d:c1:
                    f9:1f:d2:44:49:09:40:46:86:09:3c:7a:5c:4e:75:
                    e3:43:c1:fb:12:c8:06:4f:9e:a5:a5:26:ee:12:5c:
                    11:fe:f0:f9:cd:23:2a:f8:b4:6f:e0:8f:3c:f9:b8:
                    b0:5b:ef:8a:a8:09:97:a0:76:5e:e7:4f:eb:73:6f:
                    fe:52:b9:6c:d4:cd:16:bc:a4:61:36:a8:e1:fb:8b:
                    87:f7:52:01:42:74:97:8c:cb:76:ef:9b:d8:1f:6e:
                    35:dd:55:93:b4:4a:46:f1:36:2a:f3:a3:98:00:93:
                    e5:29:f6:3c:04:f4:85:43:b2:9f:0f:90:3f:f3:c5:
                    b2:86:0a:1c:ca:b1:fd:ff:0f:5e:64:1f:a3:57:a3:
                    a1:00:ca:2b:99:63:84:1a:4c:84:24:4b:45:08:fe:
                    78:83:c4:bb:02:12:1f:91:18:0b:0d:eb:73:35:a0:
                    4f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D9:83:7F:FD:EC:92:D7:3E:F4:0F:AB:08:A5:2F:2E:B4:A2:51:AA
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e35322e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:51:02:d7:7d:21:3e:72:15:62:00:10:68:f8:2e:43:2e:5f:
         58:5b:0d:cd:13:27:f4:8c:a3:91:dd:d9:f5:cd:9b:a0:95:e2:
         02:39:76:95:93:09:ee:1c:54:8b:f0:cc:0a:2b:3f:5b:a6:ee:
         c2:77:0c:9e:ad:eb:66:7b:5d:6a:a7:17:69:da:47:0f:c9:22:
         a6:64:b1:02:1f:a9:41:fa:fe:40:c4:31:a2:87:69:8f:97:13:
         95:09:b8:9b:8e:aa:9e:9a:ce:27:a0:37:f9:9d:15:84:73:ec:
         92:aa:22:53:05:11:4b:83:c2:e8:e9:68:f7:62:e0:ef:b3:03:
         3c:68:1b:31:b8:8a:94:e4:28:44:d3:de:e1:2d:2e:9c:5a:ac:
         f2:a4:d2:2f:d0:37:67:28:17:7f:51:47:62:c4:50:5a:da:57:
         02:b2:51:db:f2:fa:ab:31:08:b5:7a:d1:0f:4c:34:5d:ab:ec:
         37:83:b1:f9:f7:17:e1:5a:5d:c0:84:ee:54:57:34:0a:22:d0:
         86:e2:71:e8:0d:71:55:27:66:30:9b:0d:00:26:c0:fc:9b:8e:
         a5:47:ea:d9:f8:7e:80:f6:a7:4c:94:cc:89:b2:f7:24:96:9b:
         40:fa:e0:6e:b1:f5:c9:9a:5e:38:6f:89:b1:f3:33:b3:9c:cc:
         51:1c:32:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdIUPcUOHjlPAjpVKkx/lmUrTtR8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MjgxMzU5NDNaFw0yNTA4MjcxNDA0NDNaMDMxMTAvBgNV
BAMTKDdGRDk4MzdGRkRFQzkyRDczRUY0MEZBQjA4QTUyRjJFQjRBMjUxQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXko6VGbE1W0Yi8V5eHR58qhtS
Q5Vke+hePdUxlKvWUeFKKqrtZQS++HYDQeH/qJSNhml8zSsgxDj/ktgzkmCm8+V7
Lr/rHSEmMRhIwjOMO2iVYD5UrKgNwfkf0kRJCUBGhgk8elxOdeNDwfsSyAZPnqWl
Ju4SXBH+8PnNIyr4tG/gjzz5uLBb74qoCZegdl7nT+tzb/5SuWzUzRa8pGE2qOH7
i4f3UgFCdJeMy3bvm9gfbjXdVZO0SkbxNirzo5gAk+Up9jwE9IVDsp8PkD/zxbKG
ChzKsf3/D15kH6NXo6EAyiuZY4QaTIQkS0UI/niDxLsCEh+RGAsN63M1oE9rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUf9mDf/3sktc+9A+rCKUvLrSiUaowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzMzJlMzUzMjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzAzMzMwMzYzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1d
NDANBgkqhkiG9w0BAQsFAAOCAQEAA1EC130hPnIVYgAQaPguQy5fWFsNzRMn9Iyj
kd3Z9c2boJXiAjl2lZMJ7hxUi/DMCis/W6buwncMnq3rZntdaqcXadpHD8kipmSx
Ah+pQfr+QMQxoodpj5cTlQm4m46qnprOJ6A3+Z0VhHPskqoiUwURS4PC6Olo92Lg
77MDPGgbMbiKlOQoRNPe4S0unFqs8qTSL9A3ZygXf1FHYsRQWtpXArJR2/L6qzEI
tXrRD0w0XavsN4Ox+fcX4VpdwITuVFc0CiLQhuJx6A1xVSdmMJsNACbA/JuOpUfq
2fh+gPanTJTMibL3JJabQPrgbrH1yZpeOG+JsfMzs5zMURwyug==
-----END CERTIFICATE-----