Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa
File:                     34352e38362e39352e302f32342d3234203d3e2031323939.roa (raw, json)
Hash identifier:          /PtUIUP6p+pYilANAGMh758nc28Pq3mfIoxxpFoEqi0=
Subject key identifier:   8E:23:71:27:07:57:2C:4B:70:2D:F6:47:41:92:AA:2B:15:05:91:19
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       3F02003E1231FEA11BC9C9B350F075D65E07AC60
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa
Signing time:             Sun 08 Jun 2025 15:54:09 +0000
ROA not before:           Sun 08 Jun 2025 15:49:09 +0000
ROA not after:            Sun 07 Jun 2026 15:54:09 +0000
asID:                     1299
IP address blocks:        45.86.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 18:29:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:02:00:3e:12:31:fe:a1:1b:c9:c9:b3:50:f0:75:d6:5e:07:ac:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: Jun  8 15:49:09 2025 GMT
            Not After : Jun  7 15:54:09 2026 GMT
        Subject: CN=8E23712707572C4B702DF6474192AA2B15059119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:45:fe:c4:be:a9:d0:d4:f3:e2:90:4e:b8:ed:
                    28:7e:59:94:43:60:9a:40:a6:72:ed:4a:7c:1f:e9:
                    d2:b2:3d:43:f4:c5:65:c9:cd:83:88:0f:14:d9:f5:
                    34:d3:e1:36:07:01:79:65:21:4f:45:20:65:18:95:
                    78:19:f4:c3:16:77:92:ff:b6:e7:56:9e:bb:7e:e1:
                    f6:00:9a:71:0d:45:f0:48:63:17:16:94:97:8f:d7:
                    76:53:ec:eb:ef:e8:ba:b6:da:d2:64:70:e5:80:42:
                    ea:83:e6:45:72:5a:cc:84:aa:cf:07:41:87:35:1c:
                    02:6d:08:de:3e:62:99:eb:27:7d:0d:f1:b8:6f:96:
                    7a:92:56:17:72:f8:35:a5:f2:4b:cd:b4:17:ac:4e:
                    0e:c2:e9:f5:5a:73:45:a3:f4:2f:02:e9:b4:5f:7f:
                    ce:c7:8c:52:e9:40:10:e2:6b:82:de:64:92:1c:36:
                    f2:b2:1a:3f:b4:07:78:30:cd:13:c0:8c:6d:bb:30:
                    9b:70:45:ea:ad:aa:c0:f8:fc:78:d2:ae:b1:10:8f:
                    7f:11:21:05:26:d5:ac:41:fb:ee:7d:44:49:dc:96:
                    23:77:fe:1d:70:71:87:1d:47:ad:41:62:da:00:50:
                    fb:3b:1c:c9:87:08:2d:03:a1:97:b6:e4:d7:c1:89:
                    19:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:23:71:27:07:57:2C:4B:70:2D:F6:47:41:92:AA:2B:15:05:91:19
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39352e302f32342d3234203d3e2031323939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:44:44:e5:2b:9d:9d:d5:80:29:7b:66:30:e2:84:a3:8d:81:
         86:39:a6:51:45:a0:57:ef:9f:a0:e5:d0:76:fe:85:4f:e2:79:
         26:9c:15:d4:d0:c5:22:05:85:0a:74:41:0d:72:59:9e:f7:f7:
         e3:a7:b0:58:cd:c8:b5:b7:e8:fe:9a:93:10:a5:13:17:8f:5e:
         28:df:41:64:de:4f:b6:0f:a2:7b:53:f6:41:9a:f6:55:f3:72:
         4b:6c:92:b7:40:92:3b:cb:25:0b:f1:ef:82:6c:53:25:c2:4c:
         fb:79:c3:ec:12:5e:11:c5:fb:3f:64:60:14:d1:ff:38:bd:85:
         9b:52:a4:93:eb:73:61:95:91:d9:dc:34:2a:8e:a2:93:98:0d:
         78:eb:fd:96:cf:a6:a6:a2:4d:f3:73:4b:8e:a5:6a:51:92:40:
         cd:cc:a2:68:dd:ad:89:79:39:a0:cb:10:7a:e3:1e:d8:7a:6e:
         79:ca:96:ef:5e:a6:a8:2c:86:1f:e4:24:b4:63:e8:4c:93:d9:
         cc:da:b4:fd:8f:1e:4d:cf:88:54:60:96:f3:54:ae:8b:af:8e:
         e5:97:f3:a0:d9:a3:36:d3:e3:58:d3:ab:54:30:ea:1d:04:d0:
         3d:e6:1c:4f:a3:d1:75:d9:0b:3e:4e:8e:f9:13:4f:cb:1a:1d:
         5d:cd:5a:11
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUPwIAPhIx/qEbycmzUPB11l4HrGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA2MDgxNTQ5MDlaFw0yNjA2MDcxNTU0MDlaMDMxMTAvBgNV
BAMTKDhFMjM3MTI3MDc1NzJDNEI3MDJERjY0NzQxOTJBQTJCMTUwNTkxMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNRf7EvqnQ1PPikE647Sh+WZRD
YJpApnLtSnwf6dKyPUP0xWXJzYOIDxTZ9TTT4TYHAXllIU9FIGUYlXgZ9MMWd5L/
tudWnrt+4fYAmnENRfBIYxcWlJeP13ZT7Ovv6Lq22tJkcOWAQuqD5kVyWsyEqs8H
QYc1HAJtCN4+YpnrJ30N8bhvlnqSVhdy+DWl8kvNtBesTg7C6fVac0Wj9C8C6bRf
f87HjFLpQBDia4LeZJIcNvKyGj+0B3gwzRPAjG27MJtwReqtqsD4/HjSrrEQj38R
IQUm1axB++59REncliN3/h1wcYcdR61BYtoAUPs7HMmHCC0DoZe25NfBiRkpAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUjiNxJwdXLEtwLfZHQZKqKxUFkRkwHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzIzOTM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVZfMA0G
CSqGSIb3DQEBCwUAA4IBAQAMRETlK52d1YApe2Yw4oSjjYGGOaZRRaBX75+g5dB2
/oVP4nkmnBXU0MUiBYUKdEENclme9/fjp7BYzci1t+j+mpMQpRMXj14o30Fk3k+2
D6J7U/ZBmvZV83JLbJK3QJI7yyUL8e+CbFMlwkz7ecPsEl4Rxfs/ZGAU0f84vYWb
UqST63NhlZHZ3DQqjqKTmA146/2Wz6amok3zc0uOpWpRkkDNzKJo3a2JeTmgyxB6
4x7Yem55ypbvXqaoLIYf5CS0Y+hMk9nM2rT9jx5Nz4hUYJbzVK6Lr47ll/Og2aM2
0+NY06tUMOodBNA95hxPo9F12Qs+To75E0/LGh1dzVoR
-----END CERTIFICATE-----