Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e203633303235.roa
File:                     34352e39352e36372e302f32342d3234203d3e203633303235.roa (raw, json)
Hash identifier:          Edh9VJemZgxUF9J/JI4hV7WU9Tzu+uNaAwz4b+tj+k4=
Subject key identifier:   F6:11:CF:87:08:67:40:B8:71:20:FB:13:EB:0B:59:BE:11:BE:4A:50
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       193357DFA20395F8B36EAF0BF7ADFF42D7D4967C
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e203633303235.roa
Signing time:             Tue 01 Apr 2025 14:25:58 +0000
ROA not before:           Tue 01 Apr 2025 14:20:58 +0000
ROA not after:            Tue 31 Mar 2026 14:25:58 +0000
asID:                     63025
IP address blocks:        45.95.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:49:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:33:57:df:a2:03:95:f8:b3:6e:af:0b:f7:ad:ff:42:d7:d4:96:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Apr  1 14:20:58 2025 GMT
            Not After : Mar 31 14:25:58 2026 GMT
        Subject: CN=F611CF87086740B87120FB13EB0B59BE11BE4A50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:37:90:86:bc:ed:75:c2:cb:21:b1:3a:cd:57:
                    e0:48:ab:a5:de:0e:0c:e6:f5:95:ab:71:2f:e7:a9:
                    be:97:cd:50:52:78:c8:60:2c:41:06:90:a0:32:dc:
                    ee:69:15:d9:c6:0b:3c:1f:aa:c3:d1:d8:08:bb:33:
                    e9:40:e8:1f:7a:9d:87:39:b9:54:4d:72:c0:6f:c1:
                    6f:38:39:2d:85:df:c8:51:0f:87:b0:58:83:dc:5d:
                    41:65:a1:27:f6:6d:17:52:0e:bf:f0:ba:55:a8:32:
                    aa:9d:af:00:05:57:cd:5e:84:a6:80:7b:ef:a6:48:
                    fd:24:cf:f6:b6:4a:42:08:10:f0:f0:e9:b1:53:d8:
                    0c:f1:26:bd:00:1d:1d:4c:a5:2c:b1:2b:a3:b1:a5:
                    4f:59:b7:ce:66:59:93:f2:25:88:ba:e6:44:82:9e:
                    70:13:16:81:76:b5:46:93:bb:1e:86:c2:50:8b:bd:
                    11:9d:a4:d8:a2:68:0b:83:d6:52:ba:55:69:24:c6:
                    fa:80:2b:9f:25:f7:bf:8d:0d:5b:05:40:95:83:59:
                    95:cf:c9:82:ca:86:bb:15:e8:66:9d:da:b0:73:d3:
                    4f:ce:1f:59:e6:f2:5a:bc:9f:39:fc:a6:22:ea:c0:
                    ae:c6:27:1b:72:9d:01:75:5a:db:0e:93:0d:bd:ac:
                    22:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:11:CF:87:08:67:40:B8:71:20:FB:13:EB:0B:59:BE:11:BE:4A:50
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e203633303235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:3c:67:29:8d:b7:46:bf:8c:bd:7c:56:13:48:cd:af:dd:13:
         c6:ef:33:41:e8:a4:05:97:17:c2:93:da:31:42:72:c6:d8:b4:
         15:d4:8d:17:0c:c2:2d:7a:67:f9:ad:6c:90:8b:ec:16:80:ee:
         54:c3:1b:f0:ab:a0:7a:58:2c:e3:b1:b4:e8:99:32:0d:61:8e:
         25:ce:0d:04:b4:97:28:bd:f2:8a:48:1c:f8:ee:b3:0f:ce:6d:
         de:dd:78:c3:45:14:91:f1:a6:ac:2d:c5:fe:b3:be:05:47:aa:
         8a:f1:aa:ac:13:d5:64:eb:da:4a:26:c6:87:2c:5c:d0:2b:84:
         55:79:bb:31:a8:8f:99:f1:6f:8b:17:f7:ba:c8:08:fe:2b:2d:
         09:e9:f9:3a:6f:d3:ab:75:69:7c:25:9f:ac:6d:76:a2:43:2c:
         10:1d:f8:85:af:a2:50:5a:bd:cb:dd:4f:d8:33:b6:32:41:01:
         b7:4a:ec:b0:b0:1d:45:d7:68:84:70:bc:fa:ad:f9:24:7e:e1:
         14:97:f1:25:bd:af:26:17:9e:10:ac:dd:90:ad:b5:12:45:d4:
         19:56:49:1f:14:81:3d:f8:47:05:ec:37:ff:c2:6d:81:27:36:
         7e:e8:6b:d3:55:ed:1e:5b:30:76:63:5a:14:f6:63:84:0d:ee:
         03:d7:09:c8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGTNX36IDlfizbq8L963/QtfUlnwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA0MDExNDIwNThaFw0yNjAzMzExNDI1NThaMDMxMTAvBgNV
BAMTKEY2MTFDRjg3MDg2NzQwQjg3MTIwRkIxM0VCMEI1OUJFMTFCRTRBNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZN5CGvO11wsshsTrNV+BIq6Xe
Dgzm9ZWrcS/nqb6XzVBSeMhgLEEGkKAy3O5pFdnGCzwfqsPR2Ai7M+lA6B96nYc5
uVRNcsBvwW84OS2F38hRD4ewWIPcXUFloSf2bRdSDr/wulWoMqqdrwAFV81ehKaA
e++mSP0kz/a2SkIIEPDw6bFT2AzxJr0AHR1MpSyxK6OxpU9Zt85mWZPyJYi65kSC
nnATFoF2tUaTux6GwlCLvRGdpNiiaAuD1lK6VWkkxvqAK58l97+NDVsFQJWDWZXP
yYLKhrsV6Gad2rBz00/OH1nm8lq8nzn8piLqwK7GJxtynQF1WtsOkw29rCJnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU9hHPhwhnQLhxIPsT6wtZvhG+SlAwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzMDMyMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX0Mw
DQYJKoZIhvcNAQELBQADggEBAIw8ZymNt0a/jL18VhNIza/dE8bvM0HopAWXF8KT
2jFCcsbYtBXUjRcMwi16Z/mtbJCL7BaA7lTDG/CroHpYLOOxtOiZMg1hjiXODQS0
lyi98opIHPjusw/Obd7deMNFFJHxpqwtxf6zvgVHqorxqqwT1WTr2komxocsXNAr
hFV5uzGoj5nxb4sX97rICP4rLQnp+Tpv06t1aXwln6xtdqJDLBAd+IWvolBavcvd
T9gztjJBAbdK7LCwHUXXaIRwvPqt+SR+4RSX8SW9ryYXnhCs3ZCttRJF1BlWSR8U
gT34RwXsN//CbYEnNn7oa9NV7R5bMHZjWhT2Y4QN7gPXCcg=
-----END CERTIFICATE-----