Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39352e3138302e302f32322d3234203d3e203437353833.roa
File:                     34352e39352e3138302e302f32322d3234203d3e203437353833.roa (raw, json)
Hash identifier:          WTX2KO4T59xpVMm2eRKwfq/ikjhn20EoY8zArlkg7bs=
Subject key identifier:   0A:64:AF:F5:C6:26:90:FC:64:D5:26:6B:F4:68:6F:37:B0:D4:06:7E
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       20CB7393D8ABA312AC56486617F9B228ADBD930B
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39352e3138302e302f32322d3234203d3e203437353833.roa
Signing time:             Mon 26 Feb 2024 08:53:15 +0000
ROA not before:           Mon 26 Feb 2024 08:48:15 +0000
ROA not after:            Mon 24 Feb 2025 08:53:15 +0000
asID:                     47583
IP address blocks:        45.95.180.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:cb:73:93:d8:ab:a3:12:ac:56:48:66:17:f9:b2:28:ad:bd:93:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 26 08:48:15 2024 GMT
            Not After : Feb 24 08:53:15 2025 GMT
        Subject: CN=0A64AFF5C62690FC64D5266BF4686F37B0D4067E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:28:96:8a:0b:f8:04:cd:72:3e:34:8d:51:e4:
                    db:e1:0f:0b:0c:a0:19:e1:a2:a9:87:da:d7:d3:5b:
                    08:73:b3:ae:23:ad:3b:8f:9e:bf:14:31:48:db:7e:
                    af:73:f9:e6:15:85:46:c0:87:38:e2:52:83:b1:bf:
                    56:6d:6a:28:59:35:7a:47:a7:d0:4f:89:7f:ef:87:
                    3a:4e:87:9a:f0:29:bd:dd:49:09:a6:12:7b:7b:2d:
                    c8:4c:e9:8e:40:77:24:3f:ff:c7:81:bf:0d:29:6a:
                    e4:42:38:e0:ad:b2:cb:bf:a3:ee:39:d7:07:20:5e:
                    88:19:00:84:df:0d:10:4a:68:4c:2e:28:49:54:4c:
                    f4:25:43:a4:da:a8:fd:8b:e8:99:84:97:0b:60:8f:
                    77:6b:b3:b0:e6:ce:9b:ed:3e:8b:6e:45:92:5a:9d:
                    1a:df:a6:cf:68:bf:2b:58:f4:32:a9:19:87:34:88:
                    d9:68:1b:4e:f4:c7:fb:82:21:62:29:22:c6:a5:83:
                    ff:09:48:a9:0a:35:1f:39:02:14:48:f7:65:da:6b:
                    bd:59:c2:35:81:29:48:d9:3f:8b:1c:d2:ad:eb:26:
                    f7:87:2e:0a:e6:19:1a:9a:5e:50:29:e7:0d:67:b8:
                    4e:d7:31:5f:56:6c:63:d2:b2:ed:90:7a:49:ec:a3:
                    a8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:64:AF:F5:C6:26:90:FC:64:D5:26:6B:F4:68:6F:37:B0:D4:06:7E
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e39352e3138302e302f32322d3234203d3e203437353833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:e3:f9:61:b2:30:0a:3b:4c:d5:c8:54:bf:91:76:c9:3b:15:
         e8:83:40:3e:19:51:ae:75:29:01:b8:7f:ac:47:53:ae:13:d1:
         c9:76:7c:0c:c7:c2:47:6e:b6:30:7d:6a:f6:bb:5d:f4:77:39:
         57:8a:5b:b5:55:98:be:59:d6:02:f8:5b:a7:64:5a:9b:7a:dd:
         14:c2:86:b7:7b:15:fa:1d:89:d9:c8:e8:43:c5:93:f9:b1:c4:
         65:d7:f4:6a:b1:a7:71:aa:b3:ab:30:e7:28:4a:4f:2e:3b:76:
         50:fd:d3:a1:b5:82:9f:ae:e9:b4:97:0d:f2:de:c5:17:4d:aa:
         f4:c1:26:b9:df:bb:05:9d:59:53:7b:0d:c2:48:5b:65:d8:a8:
         bc:7f:97:ad:83:8a:c8:ef:4b:a4:b5:8f:1f:9c:aa:eb:3a:58:
         61:6b:60:b3:7e:26:f7:df:52:a7:ed:61:94:2f:68:19:cf:97:
         57:a5:6e:97:79:45:45:f9:d8:18:2f:0c:a9:59:84:12:ec:ce:
         e1:00:78:89:bb:13:e7:a8:0e:36:fe:6b:94:5b:3d:38:0c:87:
         8d:7c:a2:87:52:8f:48:49:38:bf:9a:9f:7c:b7:48:58:c5:bf:
         e0:aa:c8:85:74:ef:a6:e8:02:fe:80:4a:0c:6f:98:30:ac:d7:
         f4:71:0f:e3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIMtzk9iroxKsVkhmF/myKK29kwswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNDAyMjYwODQ4MTVaFw0yNTAyMjQwODUzMTVaMDMxMTAvBgNV
BAMTKDBBNjRBRkY1QzYyNjkwRkM2NEQ1MjY2QkY0Njg2RjM3QjBENDA2N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrKJaKC/gEzXI+NI1R5NvhDwsM
oBnhoqmH2tfTWwhzs64jrTuPnr8UMUjbfq9z+eYVhUbAhzjiUoOxv1ZtaihZNXpH
p9BPiX/vhzpOh5rwKb3dSQmmEnt7LchM6Y5AdyQ//8eBvw0pauRCOOCtssu/o+45
1wcgXogZAITfDRBKaEwuKElUTPQlQ6TaqP2L6JmElwtgj3drs7DmzpvtPotuRZJa
nRrfps9ovytY9DKpGYc0iNloG070x/uCIWIpIsalg/8JSKkKNR85AhRI92Xaa71Z
wjWBKUjZP4sc0q3rJveHLgrmGRqaXlAp5w1nuE7XMV9WbGPSsu2Qeknso6h3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCmSv9cYmkPxk1SZr9GhvN7DUBn4wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzkzNTJlMzEzODMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzQzNzM1MzgzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi1f
tDANBgkqhkiG9w0BAQsFAAOCAQEATOP5YbIwCjtM1chUv5F2yTsV6INAPhlRrnUp
Abh/rEdTrhPRyXZ8DMfCR262MH1q9rtd9Hc5V4pbtVWYvlnWAvhbp2Ram3rdFMKG
t3sV+h2J2cjoQ8WT+bHEZdf0arGncaqzqzDnKEpPLjt2UP3TobWCn67ptJcN8t7F
F02q9MEmud+7BZ1ZU3sNwkhbZdiovH+XrYOKyO9LpLWPH5yq6zpYYWtgs34m999S
p+1hlC9oGc+XV6Vul3lFRfnYGC8MqVmEEuzO4QB4ibsT56gONv5rlFs9OAyHjXyi
h1KPSEk4v5qffLdIWMW/4KrIhXTvpugC/oBKDG+YMKzX9HEP4w==
-----END CERTIFICATE-----