Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa
File:                     34352e39342e36342e302f32322d3232203d3e20323031333431.roa (raw, json)
Hash identifier:          Q5/vu+GT+DID+Je6Tc7kJ4ChLrl54rMx99A3wVBBVDs=
Subject key identifier:   14:23:5D:38:30:F5:5D:09:22:55:8E:AF:39:71:34:50:0A:94:D9:38
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       08F62BE81E5F030ABA1B24DF77B779C3AFFD0AA2
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa
Signing time:             Thu 01 Aug 2024 15:04:31 +0000
ROA not before:           Thu 01 Aug 2024 14:59:31 +0000
ROA not after:            Thu 31 Jul 2025 15:04:31 +0000
asID:                     201341
IP address blocks:        45.94.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:f6:2b:e8:1e:5f:03:0a:ba:1b:24:df:77:b7:79:c3:af:fd:0a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug  1 14:59:31 2024 GMT
            Not After : Jul 31 15:04:31 2025 GMT
        Subject: CN=14235D3830F55D0922558EAF397134500A94D938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:b4:a9:c6:6f:c5:ea:45:bb:c6:8a:fe:8e:15:
                    b4:f8:f6:9b:e5:1a:09:d7:fd:de:72:63:75:85:95:
                    ba:01:90:06:21:9b:35:ba:37:a5:00:d2:ab:3d:fe:
                    91:05:10:3e:93:1a:0a:09:4c:d3:d6:90:d8:09:5b:
                    2e:a8:79:e3:b9:13:f1:0f:8f:ce:29:39:e5:6e:3c:
                    17:a1:fd:bd:e8:58:b9:4d:63:5f:72:e0:71:c5:01:
                    79:46:54:85:ba:5c:66:71:74:05:c0:f9:95:30:ac:
                    07:d8:c3:da:63:50:de:f2:b4:63:ac:6f:df:cb:f3:
                    21:37:6e:8e:b9:0d:ef:11:ee:ad:d4:03:09:89:ee:
                    1e:20:76:2d:76:9b:3a:95:6e:27:8d:39:c9:ab:74:
                    20:3f:66:26:c4:78:ea:95:7f:89:30:74:2c:b3:6c:
                    4f:e4:4e:da:c4:f2:16:86:01:5b:55:eb:3e:98:05:
                    2d:0a:96:32:80:85:57:49:6c:98:db:40:f5:5e:66:
                    1d:6d:34:82:2a:0b:e3:f5:a3:b3:e0:78:28:14:98:
                    35:1f:62:b3:c9:10:af:f2:77:23:a6:82:26:51:67:
                    d1:5b:04:29:a7:1c:15:55:87:71:a4:17:7e:b7:4d:
                    ce:86:3b:3e:da:0f:c6:d0:ec:51:02:bd:a0:04:69:
                    5c:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:23:5D:38:30:F5:5D:09:22:55:8E:AF:39:71:34:50:0A:94:D9:38
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:f9:d7:e6:70:69:a7:9f:93:90:52:2a:0a:31:10:41:18:b7:
         4d:50:0f:55:59:cb:91:84:87:22:99:6f:3d:c0:b6:52:af:7f:
         a3:82:66:48:87:c5:cd:26:13:56:cc:01:77:4e:1e:61:61:51:
         65:a5:29:b8:cd:00:01:8c:e8:dd:30:02:b1:5a:ed:56:88:e1:
         07:0d:41:da:0a:de:ed:90:43:f5:0f:43:76:37:ca:46:15:11:
         83:36:bc:9e:fd:95:e4:68:84:d3:b3:01:5a:08:c4:2a:0e:a3:
         c4:03:b1:8f:fc:30:cd:a6:5f:88:76:77:9b:ed:61:c2:47:c6:
         fb:d0:4b:58:02:e1:58:63:6e:9b:95:6a:14:87:13:87:6c:09:
         cc:00:65:9f:21:a7:eb:a2:bd:5c:d2:a0:6f:e8:09:99:d3:87:
         9c:36:8d:fa:a8:d3:d1:2f:fa:e2:90:eb:5c:e6:8b:90:a4:de:
         d4:6d:fd:ef:0e:ce:42:8d:86:57:0a:3f:9a:e1:3d:ba:70:07:
         b1:25:c2:ec:a6:78:87:1f:75:7b:66:11:99:10:6f:54:3c:82:
         b0:af:2f:1d:1d:03:66:86:65:39:d5:8a:97:16:ec:89:90:a9:
         f9:62:50:3f:0d:b6:1e:b8:af:83:09:be:a5:2f:e2:16:9a:bf:
         66:b6:1f:d3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCPYr6B5fAwq6GyTfd7d5w6/9CqIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDA4MDExNDU5MzFaFw0yNTA3MzExNTA0MzFaMDMxMTAvBgNV
BAMTKDE0MjM1RDM4MzBGNTVEMDkyMjU1OEVBRjM5NzEzNDUwMEE5NEQ5MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDatKnGb8XqRbvGiv6OFbT49pvl
GgnX/d5yY3WFlboBkAYhmzW6N6UA0qs9/pEFED6TGgoJTNPWkNgJWy6oeeO5E/EP
j84pOeVuPBeh/b3oWLlNY19y4HHFAXlGVIW6XGZxdAXA+ZUwrAfYw9pjUN7ytGOs
b9/L8yE3bo65De8R7q3UAwmJ7h4gdi12mzqVbieNOcmrdCA/ZibEeOqVf4kwdCyz
bE/kTtrE8haGAVtV6z6YBS0KljKAhVdJbJjbQPVeZh1tNIIqC+P1o7PgeCgUmDUf
YrPJEK/ydyOmgiZRZ9FbBCmnHBVVh3GkF363Tc6GOz7aD8bQ7FECvaAEaVzlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUFCNdODD1XQkiVY6vOXE0UAqU2TgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzYzNDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1e
QDANBgkqhkiG9w0BAQsFAAOCAQEAjPnX5nBpp5+TkFIqCjEQQRi3TVAPVVnLkYSH
IplvPcC2Uq9/o4JmSIfFzSYTVswBd04eYWFRZaUpuM0AAYzo3TACsVrtVojhBw1B
2gre7ZBD9Q9DdjfKRhURgza8nv2V5GiE07MBWgjEKg6jxAOxj/wwzaZfiHZ3m+1h
wkfG+9BLWALhWGNum5VqFIcTh2wJzABlnyGn66K9XNKgb+gJmdOHnDaN+qjT0S/6
4pDrXOaLkKTe1G397w7OQo2GVwo/muE9unAHsSXC7KZ4hx91e2YRmRBvVDyCsK8v
HR0DZoZlOdWKlxbsiZCp+WJQPw22Hrivgwm+pS/iFpq/ZrYf0w==
-----END CERTIFICATE-----