Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa
File:                     34352e39342e36342e302f32322d3232203d3e20323031333431.roa (raw, json)
Hash identifier:          V4rp/grzU7/Wayq5tDbZZLVONAt8XijDHW1EIQogU+Q=
Subject key identifier:   89:CF:5F:5E:C8:B9:46:CF:DF:ED:9A:F7:68:25:E9:B5:A7:38:6D:EE
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       4696795DC611DED2B2F02DC0EBA1F91E4C88033B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa
Signing time:             Thu 31 Aug 2023 14:08:13 +0000
ROA not before:           Thu 31 Aug 2023 14:03:13 +0000
ROA not after:            Thu 29 Aug 2024 14:08:13 +0000
asID:                     201341
IP address blocks:        45.94.64.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:96:79:5d:c6:11:de:d2:b2:f0:2d:c0:eb:a1:f9:1e:4c:88:03:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Aug 31 14:03:13 2023 GMT
            Not After : Aug 29 14:08:13 2024 GMT
        Subject: CN=89CF5F5EC8B946CFDFED9AF76825E9B5A7386DEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:15:f6:f7:d1:f4:f9:1a:de:a5:8a:18:69:76:
                    61:c9:db:ee:f6:e5:83:fa:42:46:c4:01:94:64:96:
                    31:28:22:88:8b:f0:8d:d8:39:e2:ba:b8:ff:9e:1f:
                    12:36:30:6d:67:43:76:aa:49:2d:89:2d:54:7d:e1:
                    e7:a5:72:10:65:f5:0a:8a:6d:75:05:5d:1e:9d:b1:
                    e1:58:b4:3e:c3:37:63:5b:52:6d:da:c1:b0:09:f5:
                    9a:ef:61:41:11:d0:c9:80:66:70:83:48:a4:e0:84:
                    1c:df:b8:78:e5:91:cb:bb:31:28:ee:fb:6c:57:32:
                    f7:16:d9:82:15:6f:42:93:ca:c5:cd:12:5c:a2:df:
                    8d:7b:33:64:f9:d7:21:02:5e:18:2e:d9:47:4b:8c:
                    8e:d8:00:8c:f3:44:ba:63:1a:c8:3b:70:47:ab:72:
                    f9:b0:97:e0:59:0b:79:7a:dd:f7:90:c8:17:21:8e:
                    c2:fd:73:49:05:df:2a:06:33:06:4c:15:a7:52:f7:
                    a5:ab:3b:d8:c0:d6:87:29:aa:eb:72:b8:1e:2e:cd:
                    ad:52:72:38:48:7b:68:e5:8d:56:5b:1a:82:f2:9c:
                    4d:b6:24:3d:74:1f:2d:8c:d6:56:03:3c:46:95:7e:
                    d4:ad:b1:76:8f:18:7f:4e:64:34:0e:ab:50:5c:9f:
                    88:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CF:5F:5E:C8:B9:46:CF:DF:ED:9A:F7:68:25:E9:B5:A7:38:6D:EE
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39342e36342e302f32322d3232203d3e20323031333431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:f8:7c:0e:03:6c:c3:67:18:af:00:0b:e0:47:54:51:2c:6d:
         12:6c:6e:c5:50:b6:a7:db:f1:56:dd:67:e6:ce:77:c7:77:26:
         40:42:49:e0:ac:e2:62:9e:fe:96:02:a6:af:34:18:38:23:77:
         76:7b:ea:5b:dc:91:75:d2:a9:e5:f2:0b:03:71:4a:74:29:8f:
         9b:c5:a9:46:5a:0f:a1:74:23:5c:d6:3f:ba:91:55:7d:bd:85:
         dd:e4:58:1c:4c:a9:96:e3:73:1a:52:ee:ff:42:48:01:9d:e5:
         93:43:66:94:7c:ca:43:44:7f:50:05:1a:7c:1e:1f:73:93:01:
         03:39:07:26:37:f9:9b:1a:95:68:1d:42:65:39:95:d3:ac:a2:
         d6:4a:fb:d1:90:cf:1a:4b:49:5c:f5:82:8b:d5:ff:87:0a:31:
         ae:58:16:fa:f4:29:2f:b1:40:ad:cf:0b:34:4c:b1:02:18:26:
         3a:6d:4d:d3:2b:87:13:66:a3:99:35:dd:41:0a:c1:e7:0a:f1:
         03:d2:8f:ca:fd:5d:b9:1d:5f:ff:12:a1:12:de:65:78:f3:dd:
         c5:90:97:20:31:7e:c0:4a:ea:86:2c:91:ec:88:3c:dc:88:e9:
         ca:c4:c4:e3:c0:de:29:da:0c:72:dc:51:9d:fc:11:72:94:0a:
         2d:75:65:a7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURpZ5XcYR3tKy8C3A66H5HkyIAzswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yMzA4MzExNDAzMTNaFw0yNDA4MjkxNDA4MTNaMDMxMTAvBgNV
BAMTKDg5Q0Y1RjVFQzhCOTQ2Q0ZERkVEOUFGNzY4MjVFOUI1QTczODZERUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqFfb30fT5Gt6lihhpdmHJ2+72
5YP6QkbEAZRkljEoIoiL8I3YOeK6uP+eHxI2MG1nQ3aqSS2JLVR94eelchBl9QqK
bXUFXR6dseFYtD7DN2NbUm3awbAJ9ZrvYUER0MmAZnCDSKTghBzfuHjlkcu7MSju
+2xXMvcW2YIVb0KTysXNElyi3417M2T51yECXhgu2UdLjI7YAIzzRLpjGsg7cEer
cvmwl+BZC3l63feQyBchjsL9c0kF3yoGMwZMFadS96WrO9jA1ocpqutyuB4uza1S
cjhIe2jljVZbGoLynE22JD10Hy2M1lYDPEaVftStsXaPGH9OZDQOq1Bcn4jbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUic9fXsi5Rs/f7Zr3aCXptac4be4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNDJlMzYzNDJl
MzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMyMzAzMTMzMzQzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1e
QDANBgkqhkiG9w0BAQsFAAOCAQEAEvh8DgNsw2cYrwAL4EdUUSxtEmxuxVC2p9vx
Vt1n5s53x3cmQEJJ4KziYp7+lgKmrzQYOCN3dnvqW9yRddKp5fILA3FKdCmPm8Wp
RloPoXQjXNY/upFVfb2F3eRYHEypluNzGlLu/0JIAZ3lk0NmlHzKQ0R/UAUafB4f
c5MBAzkHJjf5mxqVaB1CZTmV06yi1kr70ZDPGktJXPWCi9X/hwoxrlgW+vQpL7FA
rc8LNEyxAhgmOm1N0yuHE2ajmTXdQQrB5wrxA9KPyv1duR1f/xKhEt5lePPdxZCX
IDF+wErqhiyR7Ig83IjpysTE48DeKdoMctxRnfwRcpQKLXVlpw==
-----END CERTIFICATE-----