Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39332e302f32342d3234203d3e203631333137.roa
File:                     34352e38362e39332e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          NqyxGOr6BTHAA7xjzWV4b78ltaPMAi4BS7tCqdtupR8=
Subject key identifier:   A4:27:51:C3:1B:D7:55:4D:D5:87:96:2B:43:E8:9F:55:AF:42:0F:E9
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       1979EEAF099AD62422ECF9301FCD31531C2347D2
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39332e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 05 Jun 2025 20:54:08 +0000
ROA not before:           Thu 05 Jun 2025 20:49:08 +0000
ROA not after:            Thu 04 Jun 2026 20:54:08 +0000
asID:                     61317
IP address blocks:        45.86.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 14:25:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:79:ee:af:09:9a:d6:24:22:ec:f9:30:1f:cd:31:53:1c:23:47:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jun  5 20:49:08 2025 GMT
            Not After : Jun  4 20:54:08 2026 GMT
        Subject: CN=A42751C31BD7554DD587962B43E89F55AF420FE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:97:ed:dc:1f:61:17:7b:e7:b1:82:05:13:3b:
                    39:6d:31:e3:a0:46:8b:87:b4:3a:34:62:5e:96:88:
                    17:15:72:59:26:f9:f0:9d:15:8a:91:04:04:c4:37:
                    1e:a7:10:26:fa:1b:10:7d:a8:20:29:5a:0b:0d:7d:
                    7a:41:bf:42:7c:af:76:94:e8:97:06:4d:91:01:bf:
                    fe:da:06:bb:c6:c4:13:f2:ee:46:0c:82:89:41:1d:
                    37:5b:2a:71:5d:16:73:ac:1a:de:12:4c:31:c9:0f:
                    6a:d3:40:d0:3e:9c:47:7b:91:cc:2b:0d:6a:bb:09:
                    4a:33:87:bf:4e:d9:20:dd:46:6f:99:56:61:8a:11:
                    d8:57:93:75:4f:75:c3:db:66:a7:e1:e0:4f:b0:ee:
                    a4:06:a3:9c:ed:c2:50:c8:2e:1f:c4:bd:b2:7d:35:
                    dd:d3:90:b9:59:12:01:1e:55:6f:a3:65:4c:a6:43:
                    0b:65:c7:e8:cd:a5:a7:c3:07:58:9b:ae:d9:e1:1c:
                    9c:61:45:b3:5a:07:df:a0:c7:64:c9:22:6e:8d:9f:
                    23:1d:ef:d5:33:e7:fe:54:c1:42:79:5c:a9:ec:3f:
                    75:44:b6:e8:5e:08:3f:b5:82:9c:ee:5b:27:28:d9:
                    38:a7:3d:ef:aa:49:59:0c:51:0f:dd:d1:28:f4:ad:
                    dd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:27:51:C3:1B:D7:55:4D:D5:87:96:2B:43:E8:9F:55:AF:42:0F:E9
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39332e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:fd:7a:5f:e4:97:f0:a1:b5:08:d4:b1:3e:0e:17:5b:ee:16:
         bc:8d:11:62:b4:eb:1e:ee:52:3f:03:c6:c8:7d:72:a9:58:a3:
         70:a0:23:1f:22:21:1b:65:29:c2:9c:07:24:21:5a:a9:0d:52:
         93:35:e7:88:4b:1f:62:d3:4c:2f:5f:ba:24:12:a1:2f:0f:3e:
         ba:10:aa:a9:87:6e:a7:61:45:6b:ab:26:b5:ed:7b:55:e3:61:
         db:d7:98:56:e9:90:04:ac:7b:32:a9:3f:05:54:78:71:f4:a6:
         de:00:c3:81:dc:ff:cc:0c:39:32:32:c2:87:52:2c:ba:04:e2:
         91:1f:23:ea:d6:70:b6:ef:32:28:e5:e5:16:a5:4c:82:ce:70:
         d8:94:f3:ad:2d:60:65:d4:b6:bb:7b:07:33:90:57:a2:63:71:
         6f:be:63:6b:20:22:78:03:7a:04:c8:76:d8:48:ce:0f:95:43:
         c4:26:59:9f:fb:26:08:b3:5d:42:0c:b2:c4:80:aa:ae:36:1f:
         13:3d:dd:93:84:15:df:8d:45:e8:b7:be:b6:ee:a6:51:99:dc:
         bf:e2:43:e3:8f:b0:be:e7:ef:2d:1b:cb:7e:03:cc:80:bb:73:
         91:65:d3:cd:4b:79:00:ff:80:17:63:8f:b2:09:ce:c4:98:86:
         6c:0d:3d:9b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGXnurwma1iQi7PkwH80xUxwjR9IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA2MDUyMDQ5MDhaFw0yNjA2MDQyMDU0MDhaMDMxMTAvBgNV
BAMTKEE0Mjc1MUMzMUJENzU1NERENTg3OTYyQjQzRTg5RjU1QUY0MjBGRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkl+3cH2EXe+exggUTOzltMeOg
RouHtDo0Yl6WiBcVclkm+fCdFYqRBATENx6nECb6GxB9qCApWgsNfXpBv0J8r3aU
6JcGTZEBv/7aBrvGxBPy7kYMgolBHTdbKnFdFnOsGt4STDHJD2rTQNA+nEd7kcwr
DWq7CUozh79O2SDdRm+ZVmGKEdhXk3VPdcPbZqfh4E+w7qQGo5ztwlDILh/EvbJ9
Nd3TkLlZEgEeVW+jZUymQwtlx+jNpafDB1ibrtnhHJxhRbNaB9+gx2TJIm6NnyMd
79Uz5/5UwUJ5XKnsP3VEtuheCD+1gpzuWyco2TinPe+qSVkMUQ/d0Sj0rd2PAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUpCdRwxvXVU3Vh5YrQ+ifVa9CD+kwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzEzMzMxMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtVl0w
DQYJKoZIhvcNAQELBQADggEBADr9el/kl/ChtQjUsT4OF1vuFryNEWK06x7uUj8D
xsh9cqlYo3CgIx8iIRtlKcKcByQhWqkNUpM154hLH2LTTC9fuiQSoS8PProQqqmH
bqdhRWurJrXte1XjYdvXmFbpkASsezKpPwVUeHH0pt4Aw4Hc/8wMOTIywodSLLoE
4pEfI+rWcLbvMijl5RalTILOcNiU860tYGXUtrt7BzOQV6JjcW++Y2sgIngDegTI
dthIzg+VQ8QmWZ/7JgizXUIMssSAqq42HxM93ZOEFd+NRei3vrbuplGZ3L/iQ+OP
sL7n7y0by34DzIC7c5Fl081LeQD/gBdjj7IJzsSYhmwNPZs=
-----END CERTIFICATE-----