Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
File:                     34352e31332e3134392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          Q3PPUlB/JvHRLRIa7IieyrUl/m1wHR8wutqNN0xNel0=
Subject key identifier:   E6:8F:FD:EE:BC:F7:64:34:DF:72:EE:BE:5C:E1:F1:25:01:16:CC:B5
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       3F8799EC5148454FD152D2B329C3D35DDC1522A1
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 08 May 2025 16:54:07 +0000
ROA not before:           Thu 08 May 2025 16:49:07 +0000
ROA not after:            Thu 07 May 2026 16:54:07 +0000
asID:                     61317
IP address blocks:        45.13.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:24:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:87:99:ec:51:48:45:4f:d1:52:d2:b3:29:c3:d3:5d:dc:15:22:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:07 2025 GMT
            Not After : May  7 16:54:07 2026 GMT
        Subject: CN=E68FFDEEBCF76434DF72EEBE5CE1F1250116CCB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:46:60:f5:ef:73:be:1d:b6:2a:d6:32:cc:4f:
                    1c:bd:d3:45:e5:1a:9b:34:41:59:c2:76:72:33:e1:
                    6b:29:41:0b:a1:89:48:b5:f7:4f:8e:cc:77:f4:0d:
                    31:eb:50:f0:c2:f5:a0:f8:0d:4e:b1:3a:c6:12:36:
                    0e:c7:66:45:21:d1:95:42:68:70:91:45:1f:28:c6:
                    7f:0a:d3:95:83:4d:04:78:53:cc:4c:91:5e:51:cf:
                    a9:26:f9:17:a3:9d:6b:89:c5:ca:2a:28:49:39:56:
                    13:45:ff:30:76:01:d3:14:dc:30:82:70:79:6a:d9:
                    dc:fe:bc:0a:19:05:5f:f2:61:ee:56:5b:63:01:1c:
                    42:09:20:52:09:a0:c2:f1:f7:bd:9c:e5:27:60:ad:
                    fd:a4:2c:a5:18:ac:23:bb:72:fa:07:76:7f:0b:80:
                    6e:bd:be:3e:63:00:92:c4:d2:60:9a:2c:88:b2:4c:
                    4e:b5:91:84:60:ab:10:98:15:5f:11:07:4c:97:44:
                    16:c0:ce:7a:f6:1d:64:83:da:24:24:82:1d:54:3e:
                    d0:c9:60:1d:06:c8:8e:c4:b9:d9:be:ac:36:55:c2:
                    3d:2c:e2:21:76:04:b5:2f:fb:d8:7c:2b:f2:17:2e:
                    35:4b:f4:09:da:5a:0f:d1:b7:7e:d7:89:78:51:7b:
                    27:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:8F:FD:EE:BC:F7:64:34:DF:72:EE:BE:5C:E1:F1:25:01:16:CC:B5
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:9f:63:2f:f8:43:1a:70:7c:26:ba:dd:ad:27:28:14:d1:c2:
         11:8d:4e:89:1e:09:b9:21:db:78:64:7a:67:9d:a0:ba:e7:31:
         b2:31:38:34:e9:11:59:09:c0:ea:39:f6:02:a0:ae:ff:f5:c0:
         f0:3b:79:96:81:c0:80:15:a0:71:07:d9:55:08:c2:7e:d1:90:
         c3:5d:2c:d6:32:e5:ab:10:1d:af:65:06:e9:04:b7:e0:70:b5:
         b6:63:99:f6:91:fc:07:50:e5:1d:e5:b3:f3:65:22:c1:4a:e0:
         ab:6e:f0:d5:e4:10:64:ed:0b:89:fb:fc:24:95:1d:42:09:67:
         df:66:8a:31:5e:ce:52:bb:08:26:50:a7:96:2d:da:34:c4:fd:
         6d:07:34:1f:ab:d9:ab:ee:0e:66:f5:96:d2:50:38:5d:6b:58:
         6a:4c:0b:a8:97:54:9a:d3:e3:46:15:f8:f9:3b:45:ca:ed:68:
         bf:d8:c4:b9:12:cd:a5:26:96:02:da:01:91:9a:b4:48:34:4a:
         85:2c:c9:d9:a9:58:d2:6c:f4:88:bc:6b:55:72:b3:0b:f3:4f:
         8a:0b:ef:61:5c:2d:5e:e9:ab:f0:20:89:80:46:e7:49:47:3d:
         45:d4:e7:2a:9b:76:59:cb:86:bd:a2:e0:32:2b:44:ea:c3:87:
         9b:ac:06:57
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP4eZ7FFIRU/RUtKzKcPTXdwVIqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDdaFw0yNjA1MDcxNjU0MDdaMDMxMTAvBgNV
BAMTKEU2OEZGREVFQkNGNzY0MzRERjcyRUVCRTVDRTFGMTI1MDExNkNDQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDERmD173O+HbYq1jLMTxy900Xl
Gps0QVnCdnIz4WspQQuhiUi190+OzHf0DTHrUPDC9aD4DU6xOsYSNg7HZkUh0ZVC
aHCRRR8oxn8K05WDTQR4U8xMkV5Rz6km+RejnWuJxcoqKEk5VhNF/zB2AdMU3DCC
cHlq2dz+vAoZBV/yYe5WW2MBHEIJIFIJoMLx972c5Sdgrf2kLKUYrCO7cvoHdn8L
gG69vj5jAJLE0mCaLIiyTE61kYRgqxCYFV8RB0yXRBbAznr2HWSD2iQkgh1UPtDJ
YB0GyI7Eudm+rDZVwj0s4iF2BLUv+9h8K/IXLjVL9AnaWg/Rt37XiXhReydzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5o/97rz3ZDTfcu6+XOHxJQEWzLUwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0N
lTANBgkqhkiG9w0BAQsFAAOCAQEACJ9jL/hDGnB8JrrdrScoFNHCEY1OiR4JuSHb
eGR6Z52guucxsjE4NOkRWQnA6jn2AqCu//XA8Dt5loHAgBWgcQfZVQjCftGQw10s
1jLlqxAdr2UG6QS34HC1tmOZ9pH8B1DlHeWz82UiwUrgq27w1eQQZO0Lifv8JJUd
Qgln32aKMV7OUrsIJlCnli3aNMT9bQc0H6vZq+4OZvWW0lA4XWtYakwLqJdUmtPj
RhX4+TtFyu1ov9jEuRLNpSaWAtoBkZq0SDRKhSzJ2alY0mz0iLxrVXKzC/NPigvv
YVwtXumr8CCJgEbnSUc9RdTnKpt2WcuGvaLgMitE6sOHm6wGVw==
-----END CERTIFICATE-----