Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32332d3234203d3e20323034313730.roa
File:                     34352e39342e35362e302f32332d3234203d3e20323034313730.roa (raw, json)
Hash identifier:          UWEBfuztPrTRywLGZDPm0IzIhWqPcsvBdNkCxG+twTs=
Subject key identifier:   DD:A4:E6:B5:DB:D4:E9:86:1A:26:E2:39:A5:A9:A1:B4:EC:A5:F0:A5
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       08FB66DC9CA4E6B35B7813561D7D7D3863608F64
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32332d3234203d3e20323034313730.roa
Signing time:             Tue 27 May 2025 22:46:29 +0000
ROA not before:           Tue 27 May 2025 22:41:29 +0000
ROA not after:            Tue 26 May 2026 22:46:29 +0000
asID:                     204170
IP address blocks:        45.94.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:fb:66:dc:9c:a4:e6:b3:5b:78:13:56:1d:7d:7d:38:63:60:8f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: May 27 22:41:29 2025 GMT
            Not After : May 26 22:46:29 2026 GMT
        Subject: CN=DDA4E6B5DBD4E9861A26E239A5A9A1B4ECA5F0A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e0:dc:3e:73:be:55:bb:8a:cb:4d:e5:2d:97:
                    26:08:e8:d8:62:f0:8b:c0:da:5f:39:75:98:75:ee:
                    8e:60:5d:7a:cd:d2:76:af:dc:13:bb:8c:df:96:a8:
                    e4:f7:0f:7d:94:5a:4e:0f:a6:a3:0a:16:19:dd:15:
                    f3:b5:c7:75:b4:6f:a4:58:ac:46:7a:77:62:18:bd:
                    b5:9b:eb:bc:88:dc:30:21:6e:c7:fd:b8:06:d0:16:
                    9b:22:5b:86:59:b3:d7:99:89:03:d7:5f:00:ad:6c:
                    23:f4:46:f0:8f:a0:ef:5c:80:0b:55:76:a9:6c:05:
                    4e:f6:44:af:b3:45:84:90:de:bb:70:8d:b1:1d:91:
                    be:a1:b6:8c:f3:5e:59:cc:d1:f2:7d:3f:1d:1a:ec:
                    10:9f:b2:1f:21:33:06:60:94:90:f2:6d:d3:36:54:
                    59:1f:60:33:1f:67:af:a1:33:0c:c6:21:ff:4e:ab:
                    a0:ca:ec:dc:ce:44:4d:d4:64:20:dd:19:e0:89:47:
                    99:52:93:4a:41:6f:8f:9d:4e:8c:30:7e:f8:f2:bc:
                    8f:73:a1:05:de:0d:dd:e8:58:5e:9b:53:46:13:ba:
                    f8:31:1d:18:54:c3:dd:d7:2b:d0:2f:50:19:82:65:
                    2b:5a:ad:a0:dc:f2:d3:67:24:e0:d2:5a:18:d5:2a:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A4:E6:B5:DB:D4:E9:86:1A:26:E2:39:A5:A9:A1:B4:EC:A5:F0:A5
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32332d3234203d3e20323034313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:9a:a1:41:19:19:83:1b:fe:66:86:15:b8:67:cb:36:61:9e:
         d3:7c:9c:49:86:51:3a:11:48:65:ec:7f:e8:e7:18:a8:e2:d2:
         51:c4:c3:ea:11:67:af:a4:89:74:d6:ec:25:52:55:c2:70:41:
         a4:6f:e9:23:59:59:bd:8d:94:f9:81:f9:49:6d:1b:ed:be:0c:
         cc:04:3a:d5:8f:60:9c:de:8f:ef:c0:5e:dd:b7:fe:01:56:f2:
         a4:ef:47:46:21:dc:ea:98:23:fe:7b:e3:8b:8d:6a:e4:17:f0:
         93:6d:a8:0b:f5:6b:aa:81:b7:2e:b5:82:06:59:55:83:56:fa:
         92:11:94:c3:3d:07:8c:5d:db:87:82:68:77:54:c7:4e:3c:dd:
         5c:06:35:66:b1:b1:27:35:9b:58:95:73:d0:95:f9:26:7a:29:
         0c:40:f8:30:bd:8d:f0:cd:21:ca:9b:b7:bd:e3:3c:b5:9e:82:
         25:0d:db:46:c9:00:9c:dc:d3:31:42:06:07:40:0e:77:57:5c:
         8f:1b:d1:98:63:b3:08:06:92:76:50:6d:a6:16:b8:db:0c:58:
         f5:f5:07:fd:83:b6:f7:00:ca:58:83:6a:2f:19:3c:ab:a8:b7:
         45:75:3b:bf:5e:fd:50:10:bf:62:18:56:ef:17:19:8a:6f:d7:
         c8:58:97:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCPtm3Jyk5rNbeBNWHX19OGNgj2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA1MjcyMjQxMjlaFw0yNjA1MjYyMjQ2MjlaMDMxMTAvBgNV
BAMTKEREQTRFNkI1REJENEU5ODYxQTI2RTIzOUE1QTlBMUI0RUNBNUYwQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+4Nw+c75Vu4rLTeUtlyYI6Nhi
8IvA2l85dZh17o5gXXrN0nav3BO7jN+WqOT3D32UWk4PpqMKFhndFfO1x3W0b6RY
rEZ6d2IYvbWb67yI3DAhbsf9uAbQFpsiW4ZZs9eZiQPXXwCtbCP0RvCPoO9cgAtV
dqlsBU72RK+zRYSQ3rtwjbEdkb6htozzXlnM0fJ9Px0a7BCfsh8hMwZglJDybdM2
VFkfYDMfZ6+hMwzGIf9Oq6DK7NzORE3UZCDdGeCJR5lSk0pBb4+dTowwfvjyvI9z
oQXeDd3oWF6bU0YTuvgxHRhUw93XK9AvUBmCZStaraDc8tNnJODSWhjVKtALAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3aTmtdvU6YYaJuI5pamhtOyl8KUwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDMyMzAzNDMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1e
ODANBgkqhkiG9w0BAQsFAAOCAQEAEJqhQRkZgxv+ZoYVuGfLNmGe03ycSYZROhFI
Zex/6OcYqOLSUcTD6hFnr6SJdNbsJVJVwnBBpG/pI1lZvY2U+YH5SW0b7b4MzAQ6
1Y9gnN6P78Be3bf+AVbypO9HRiHc6pgj/nvji41q5Bfwk22oC/VrqoG3LrWCBllV
g1b6khGUwz0HjF3bh4Jod1THTjzdXAY1ZrGxJzWbWJVz0JX5JnopDED4ML2N8M0h
ypu3veM8tZ6CJQ3bRskAnNzTMUIGB0AOd1dcjxvRmGOzCAaSdlBtpha42wxY9fUH
/YO29wDKWINqLxk8q6i3RXU7v179UBC/YhhW7xcZim/XyFiXgw==
-----END CERTIFICATE-----