Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32332d3234203d3e20323034313730.roa
File:                     34352e39342e35362e302f32332d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          QP+JEnF1JJB0Fq8m3OwLP0RaaEPnRSGy3W9XCxBfzYk=
Subject key identifier:   28:B9:14:71:DE:69:CC:2D:2E:19:3A:A9:52:9F:9D:FA:C5:6D:80:CE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       55A9A0108B7660CA370A898227F0447FA39523F3
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32332d3234203d3e20323034313730.roa
Signing time:             Tue 25 Jun 2024 21:46:54 +0000
ROA not before:           Tue 25 Jun 2024 21:41:54 +0000
ROA not after:            Tue 24 Jun 2025 21:46:54 +0000
asID:                     204170
IP address blocks:        45.94.56.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:a9:a0:10:8b:76:60:ca:37:0a:89:82:27:f0:44:7f:a3:95:23:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 25 21:41:54 2024 GMT
            Not After : Jun 24 21:46:54 2025 GMT
        Subject: CN=28B91471DE69CC2D2E193AA9529F9DFAC56D80CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:31:d0:b5:39:0a:a2:33:03:06:a0:5a:6b:43:
                    d7:37:17:d8:12:16:de:f8:19:0b:89:79:83:fa:55:
                    19:80:f5:58:ca:2e:8a:c4:4b:90:bb:92:f2:fe:84:
                    f5:a0:62:20:d1:99:55:84:97:93:23:0f:1f:1f:bd:
                    6a:42:3d:6d:19:ac:23:13:96:1d:bb:b3:15:e3:c4:
                    35:6e:38:aa:64:46:8e:35:96:ff:e8:54:d0:86:f4:
                    d1:25:9e:7c:dc:9e:4e:4f:84:23:d9:f5:64:c3:a9:
                    b8:46:59:ce:fe:b0:53:21:a3:69:a1:54:5f:bd:00:
                    b7:b8:5d:c8:0b:9e:d1:ee:8a:30:19:e3:26:e2:54:
                    a8:ab:1c:aa:44:3f:35:18:8c:52:fe:4d:42:20:40:
                    00:0e:49:ca:ec:91:0a:65:81:e6:6a:bd:ff:f5:2f:
                    78:08:8d:42:c7:cd:44:c3:0f:47:1a:47:f5:62:cc:
                    a4:04:67:6e:a9:9a:3c:0c:42:c2:94:75:ba:71:cc:
                    cc:f0:dd:32:e7:ae:31:32:87:b3:98:e5:2c:92:b5:
                    7e:6b:e1:a5:81:e9:12:7f:b2:b3:13:84:0f:50:c2:
                    ca:46:aa:27:cd:b7:e1:5d:c6:8c:ad:07:ff:2e:74:
                    8a:56:32:23:d7:c9:5c:be:89:bd:cb:48:aa:9c:55:
                    6a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:B9:14:71:DE:69:CC:2D:2E:19:3A:A9:52:9F:9D:FA:C5:6D:80:CE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32332d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:26:ae:40:1f:ff:d5:88:41:00:e8:17:bc:1c:ae:dc:b9:9b:
         09:23:06:ae:50:b7:6a:ec:22:26:35:ea:c0:2f:64:08:f5:e5:
         18:37:01:33:20:5f:38:64:0d:11:9a:31:50:19:2f:be:fe:74:
         6d:b9:39:30:60:e8:20:07:ac:99:30:83:fc:0b:23:dd:22:b6:
         d6:08:2f:1b:37:24:00:b2:2b:9b:7a:50:56:dd:d8:87:ed:ec:
         e1:8f:ba:4e:50:1b:8d:9c:ff:f5:6f:86:b7:ae:51:dc:a0:e0:
         9b:59:7c:aa:4e:8e:b1:e6:4a:5e:d9:ff:af:f9:cb:18:b1:e7:
         f4:0b:5a:28:39:4b:b2:a3:ea:7c:af:e0:f3:1b:e7:f7:1c:cf:
         c8:ca:11:c9:6c:1e:b9:fd:ef:3c:9e:f2:af:3c:35:cd:c2:8c:
         13:52:54:75:ab:ac:cd:1e:b9:de:9f:11:80:4c:73:d7:60:8a:
         c3:c4:25:f5:a2:dc:eb:cc:73:8d:73:0f:4e:23:f5:6d:cc:dc:
         0d:24:0d:7e:94:c3:3c:62:b5:b2:32:27:8d:9e:dd:42:66:50:
         2e:c5:e1:33:1c:22:6d:cb:d2:27:62:4e:d3:a8:b8:4c:59:b2:
         75:3a:1d:ca:d7:89:48:3d:da:3e:24:53:d4:35:5d:ec:82:50:
         51:1a:57:6f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVamgEIt2YMo3ComCJ/BEf6OVI/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA2MjUyMTQxNTRaFw0yNTA2MjQyMTQ2NTRaMDMxMTAvBgNV
BAMTKDI4QjkxNDcxREU2OUNDMkQyRTE5M0FBOTUyOUY5REZBQzU2RDgwQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBMdC1OQqiMwMGoFprQ9c3F9gS
Ft74GQuJeYP6VRmA9VjKLorES5C7kvL+hPWgYiDRmVWEl5MjDx8fvWpCPW0ZrCMT
lh27sxXjxDVuOKpkRo41lv/oVNCG9NElnnzcnk5PhCPZ9WTDqbhGWc7+sFMho2mh
VF+9ALe4XcgLntHuijAZ4ybiVKirHKpEPzUYjFL+TUIgQAAOScrskQplgeZqvf/1
L3gIjULHzUTDD0caR/VizKQEZ26pmjwMQsKUdbpxzMzw3TLnrjEyh7OY5SyStX5r
4aWB6RJ/srMThA9QwspGqifNt+FdxoytB/8udIpWMiPXyVy+ib3LSKqcVWpZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKLkUcd5pzC0uGTqpUp+d+sVtgM4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1e
ODANBgkqhkiG9w0BAQsFAAOCAQEAcSauQB//1YhBAOgXvByu3LmbCSMGrlC3auwi
JjXqwC9kCPXlGDcBMyBfOGQNEZoxUBkvvv50bbk5MGDoIAesmTCD/Asj3SK21ggv
GzckALIrm3pQVt3Yh+3s4Y+6TlAbjZz/9W+Gt65R3KDgm1l8qk6OseZKXtn/r/nL
GLHn9AtaKDlLsqPqfK/g8xvn9xzPyMoRyWweuf3vPJ7yrzw1zcKME1JUdauszR65
3p8RgExz12CKw8Ql9aLc68xzjXMPTiP1bczcDSQNfpTDPGK1sjInjZ7dQmZQLsXh
MxwibcvSJ2JO06i4TFmydTodyteJSD3aPiRT1DVd7IJQURpXbw==
-----END CERTIFICATE-----