Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e35322e302f32322d3234203d3e20323033303631.roa
File:                     34352e39332e35322e302f32322d3234203d3e20323033303631.roa (raw, json)
Hash identifier:          OhexBCHvBmDrmBXnubVItheErLqdTiWet7inDe4Biok=
Subject key identifier:   3F:C1:97:79:66:87:10:FA:16:36:3D:3E:50:59:6A:05:9D:0C:70:D8
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       2587A585312EAB91A7757D27FB6B1C0C3D10C756
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e35322e302f32322d3234203d3e20323033303631.roa
Signing time:             Wed 27 Sep 2023 13:40:10 +0000
ROA not before:           Wed 27 Sep 2023 13:35:10 +0000
ROA not after:            Wed 25 Sep 2024 13:40:10 +0000
asID:                     203061
IP address blocks:        45.93.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:87:a5:85:31:2e:ab:91:a7:75:7d:27:fb:6b:1c:0c:3d:10:c7:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Sep 27 13:35:10 2023 GMT
            Not After : Sep 25 13:40:10 2024 GMT
        Subject: CN=3FC19779668710FA16363D3E50596A059D0C70D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e6:47:c0:08:61:6c:11:c8:ad:d6:1e:ed:3e:
                    57:be:43:df:4b:0f:07:13:f5:cc:54:b2:75:04:44:
                    bb:5c:f8:d6:6f:ff:78:8e:b8:e0:d6:a1:eb:7a:10:
                    36:b1:6b:82:1d:7f:55:8f:40:97:2b:e6:74:ba:b1:
                    54:fc:bc:db:81:1c:81:0a:83:b0:94:fd:dc:dc:1a:
                    fe:03:9d:c1:40:fb:e1:d5:35:d8:e6:1c:7e:99:fd:
                    6a:2a:f4:01:6a:8d:06:de:81:75:e5:d1:17:ab:8c:
                    82:2a:ae:90:47:f0:3b:90:bd:b5:21:ec:d6:47:25:
                    b7:18:46:e0:ef:aa:77:24:ef:87:9e:98:08:1d:22:
                    52:e1:ab:40:00:29:29:0b:d3:ea:a9:d0:37:f5:cd:
                    b3:ca:4b:19:34:cf:d4:25:f7:22:ee:93:bf:19:cb:
                    33:c8:68:20:db:65:8a:f3:c6:5c:5f:f6:2c:f6:dd:
                    38:d6:64:e9:88:1f:a1:49:ed:c1:41:88:bc:2b:a8:
                    55:65:0a:ee:3f:c6:9d:86:47:fc:e7:2e:1b:4d:a5:
                    b4:77:6f:89:04:fb:23:ad:22:4b:c8:72:d6:92:57:
                    a5:6f:cf:c1:79:b8:48:a2:a9:26:5e:62:e1:11:19:
                    5e:16:fd:67:db:c8:de:40:26:47:f3:d8:bc:13:92:
                    a6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:C1:97:79:66:87:10:FA:16:36:3D:3E:50:59:6A:05:9D:0C:70:D8
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39332e35322e302f32322d3234203d3e20323033303631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:40:87:a9:e7:b1:22:9d:65:2a:6f:64:ca:11:e3:51:52:55:
         f4:e4:a8:c8:90:6c:8a:c8:f6:aa:9f:55:19:a7:13:3c:8a:12:
         da:56:97:bd:2e:b5:2f:7f:97:f4:4e:ec:07:de:c7:66:90:cf:
         b7:c8:91:a3:ac:93:2f:5f:40:59:cf:90:25:c2:4c:61:31:04:
         0e:1d:d0:2f:04:19:df:cc:d7:0e:39:36:0c:82:4c:cd:d8:12:
         d0:ba:45:f0:cb:15:09:b9:b1:15:f0:68:9e:2c:f5:5c:70:d3:
         bc:4f:5e:9f:9e:1e:84:2d:1c:cc:f7:cb:77:af:37:14:5f:69:
         8a:a2:5c:e0:3c:94:6e:b9:2f:61:27:84:bf:60:88:54:48:ad:
         72:e8:7e:f7:1d:6e:b7:76:fe:d0:7a:9b:5e:a5:4c:ca:14:a9:
         1f:bb:d5:c8:0d:cb:fd:4f:97:d0:24:e1:18:33:c0:c4:88:5b:
         2a:1f:d1:72:ae:a3:d2:d2:48:a0:45:98:ef:49:a7:16:15:14:
         30:56:2e:10:3d:f5:8d:80:28:e3:c7:9f:d9:03:40:f6:f2:d7:
         4d:a2:f4:03:3b:7e:6d:1e:ce:9e:ce:fb:c8:fc:b3:92:bb:f5:
         4d:36:b6:ac:fe:6c:32:c4:d3:a1:fe:bf:30:0e:e1:ab:70:01:
         48:e4:29:c4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJYelhTEuq5GndX0n+2scDD0Qx1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA5MjcxMzM1MTBaFw0yNDA5MjUxMzQwMTBaMDMxMTAvBgNV
BAMTKDNGQzE5Nzc5NjY4NzEwRkExNjM2M0QzRTUwNTk2QTA1OUQwQzcwRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq5kfACGFsEcit1h7tPle+Q99L
DwcT9cxUsnUERLtc+NZv/3iOuODWoet6EDaxa4Idf1WPQJcr5nS6sVT8vNuBHIEK
g7CU/dzcGv4DncFA++HVNdjmHH6Z/Woq9AFqjQbegXXl0RerjIIqrpBH8DuQvbUh
7NZHJbcYRuDvqnck74eemAgdIlLhq0AAKSkL0+qp0Df1zbPKSxk0z9Ql9yLuk78Z
yzPIaCDbZYrzxlxf9iz23TjWZOmIH6FJ7cFBiLwrqFVlCu4/xp2GR/znLhtNpbR3
b4kE+yOtIkvIctaSV6Vvz8F5uEiiqSZeYuERGV4W/WfbyN5AJkfz2LwTkqY3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUP8GXeWaHEPoWNj0+UFlqBZ0McNgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzMzJlMzUzMjJl
MzAyZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzAzMzMwMzYzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1d
NDANBgkqhkiG9w0BAQsFAAOCAQEANkCHqeexIp1lKm9kyhHjUVJV9OSoyJBsisj2
qp9VGacTPIoS2laXvS61L3+X9E7sB97HZpDPt8iRo6yTL19AWc+QJcJMYTEEDh3Q
LwQZ38zXDjk2DIJMzdgS0LpF8MsVCbmxFfBoniz1XHDTvE9en54ehC0czPfLd683
FF9piqJc4DyUbrkvYSeEv2CIVEitcuh+9x1ut3b+0HqbXqVMyhSpH7vVyA3L/U+X
0CThGDPAxIhbKh/Rcq6j0tJIoEWY70mnFhUUMFYuED31jYAo48ef2QNA9vLXTaL0
Azt+bR7Ons77yPyzkrv1TTa2rP5sMsTTof6/MA7hq3ABSOQpxA==
-----END CERTIFICATE-----