Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32342d3234203d3e20323132343136.roa
File:                     34352e39342e35362e302f32342d3234203d3e20323132343136.roa (raw, json)
Hash identifier:          WlvVaM4tTH6hnqv5dUaTU+3HhnO0G+upuVb3C8SlwHM=
Subject key identifier:   30:E5:53:E5:37:8E:97:E0:97:67:85:85:FD:D7:7E:4A:94:96:EB:30
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0BA9298C460774D5CBA52E480E0D2ABA6FA42909
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32342d3234203d3e20323132343136.roa
Signing time:             Thu 31 Aug 2023 14:08:14 +0000
ROA not before:           Thu 31 Aug 2023 14:03:14 +0000
ROA not after:            Thu 29 Aug 2024 14:08:14 +0000
asID:                     212416
IP address blocks:        45.94.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a9:29:8c:46:07:74:d5:cb:a5:2e:48:0e:0d:2a:ba:6f:a4:29:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 31 14:03:14 2023 GMT
            Not After : Aug 29 14:08:14 2024 GMT
        Subject: CN=30E553E5378E97E097678585FDD77E4A9496EB30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:73:76:66:cf:59:a9:ff:e9:8f:d7:11:fd:3d:
                    e9:4d:06:84:ee:7c:fa:4f:d4:19:41:2f:37:19:7f:
                    c4:92:30:d5:94:35:92:15:a8:38:e2:13:b7:71:bb:
                    d1:72:2c:95:8a:c6:5c:1f:d4:42:45:01:c8:bb:89:
                    d8:69:be:1e:ec:cf:39:fe:ef:99:1e:a4:75:ff:7a:
                    71:32:29:d0:d1:55:63:c1:6a:c2:54:ce:c7:4e:a7:
                    56:c2:7f:5e:d4:b6:2f:d4:e8:f6:53:ee:b3:df:61:
                    a9:dd:a8:ca:22:92:d4:37:81:49:1f:31:82:31:40:
                    38:30:7c:48:45:60:68:44:1a:96:30:99:e5:57:b7:
                    47:de:af:4b:db:1f:76:25:d9:46:3c:06:f1:7b:d4:
                    1f:91:22:b4:c1:b5:45:36:62:58:6f:de:f9:69:cc:
                    d4:c4:15:06:8f:84:91:12:a7:08:9b:9e:18:d2:90:
                    60:58:f8:f7:2e:b4:8b:ee:42:ab:a2:64:04:0e:fa:
                    6f:08:8d:dc:e0:ec:88:03:33:99:0e:66:38:ed:82:
                    0a:e7:fc:b4:10:cd:dc:bd:b6:ee:0f:6f:4e:ea:ec:
                    a1:04:ba:e1:47:f6:71:ad:ff:8d:a1:90:48:72:c0:
                    32:83:66:c7:67:13:3e:61:5b:25:28:ee:a7:98:ac:
                    df:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E5:53:E5:37:8E:97:E0:97:67:85:85:FD:D7:7E:4A:94:96:EB:30
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e35362e302f32342d3234203d3e20323132343136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:28:0b:c6:86:12:1a:e9:69:83:eb:c5:aa:d0:5f:54:f1:cd:
         fa:e7:02:fe:e9:63:80:3a:d9:a3:39:83:eb:36:43:ba:5e:33:
         eb:2e:d0:a8:a0:93:cf:1a:95:3f:a4:38:6a:d2:8b:04:ab:a4:
         41:9b:10:ee:9a:7b:74:c2:02:a0:85:d4:1f:61:11:9c:57:90:
         d4:70:0e:a5:6d:3b:c9:59:15:e1:74:12:1b:59:f4:56:d3:5a:
         e9:f0:1f:50:2d:6d:70:55:df:5c:6e:f4:97:d9:12:e1:52:20:
         04:e7:16:21:8f:a3:00:cc:be:4e:cb:93:67:37:3d:a4:4d:53:
         d8:ff:1b:10:de:d1:27:b5:c2:7c:b3:80:ef:64:4d:d5:c9:2b:
         76:5e:81:e7:2a:7c:f1:a4:eb:8f:be:bb:d7:77:66:f2:e8:c7:
         01:ad:7d:55:36:da:37:c8:4e:db:95:52:89:52:e5:38:cc:7a:
         9c:1d:09:bb:b2:46:cb:03:28:1e:a9:49:b0:a7:c0:1e:bf:40:
         9d:56:40:09:8d:94:91:d9:08:6d:b7:cc:b1:33:7d:84:a9:3b:
         a9:73:58:92:ee:5c:62:4d:49:6a:8b:e8:af:8c:3c:f5:0e:bc:
         df:77:61:69:5c:b2:62:c7:b4:9f:20:26:12:4a:ac:34:65:38:
         80:d0:79:b1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUC6kpjEYHdNXLpS5IDg0qum+kKQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MzExNDAzMTRaFw0yNDA4MjkxNDA4MTRaMDMxMTAvBgNV
BAMTKDMwRTU1M0U1Mzc4RTk3RTA5NzY3ODU4NUZERDc3RTRBOTQ5NkVCMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFc3Zmz1mp/+mP1xH9PelNBoTu
fPpP1BlBLzcZf8SSMNWUNZIVqDjiE7dxu9FyLJWKxlwf1EJFAci7idhpvh7szzn+
75kepHX/enEyKdDRVWPBasJUzsdOp1bCf17Uti/U6PZT7rPfYandqMoiktQ3gUkf
MYIxQDgwfEhFYGhEGpYwmeVXt0fer0vbH3Yl2UY8BvF71B+RIrTBtUU2Ylhv3vlp
zNTEFQaPhJESpwibnhjSkGBY+PcutIvuQquiZAQO+m8Ijdzg7IgDM5kOZjjtggrn
/LQQzdy9tu4Pb07q7KEEuuFH9nGt/42hkEhywDKDZsdnEz5hWyUo7qeYrN9PAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMOVT5TeOl+CXZ4WF/dd+SpSW6zAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjM0MzEzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1e
ODANBgkqhkiG9w0BAQsFAAOCAQEAWygLxoYSGulpg+vFqtBfVPHN+ucC/uljgDrZ
ozmD6zZDul4z6y7QqKCTzxqVP6Q4atKLBKukQZsQ7pp7dMICoIXUH2ERnFeQ1HAO
pW07yVkV4XQSG1n0VtNa6fAfUC1tcFXfXG70l9kS4VIgBOcWIY+jAMy+TsuTZzc9
pE1T2P8bEN7RJ7XCfLOA72RN1ckrdl6B5yp88aTrj76713dm8ujHAa19VTbaN8hO
25VSiVLlOMx6nB0Ju7JGywMoHqlJsKfAHr9AnVZACY2UkdkIbbfMsTN9hKk7qXNY
ku5cYk1Jaovor4w89Q6833dhaVyyYse0nyAmEkqsNGU4gNB5sQ==
-----END CERTIFICATE-----