Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323032363733.roa
File:                     34352e382e3137332e302f32342d3234203d3e20323032363733.roa (raw, json)
Hash identifier:          5zwugYWKE+SXj7j9OQLYcPTCHp3CNiw9ZvtoZL3oq9E=
Subject key identifier:   44:A2:04:87:FD:76:D1:AF:31:CF:46:81:46:87:D6:03:4B:8F:F0:F3
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       086FB9F794B4570894AF648E347B3FFCAEB4A1C5
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323032363733.roa
Signing time:             Sat 01 Nov 2025 16:18:39 +0000
ROA not before:           Sat 01 Nov 2025 16:13:39 +0000
ROA not after:            Sat 31 Oct 2026 16:18:39 +0000
asID:                     202673
IP address blocks:        45.8.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Nov 2025 20:37:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:6f:b9:f7:94:b4:57:08:94:af:64:8e:34:7b:3f:fc:ae:b4:a1:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov  1 16:13:39 2025 GMT
            Not After : Oct 31 16:18:39 2026 GMT
        Subject: CN=44A20487FD76D1AF31CF46814687D6034B8FF0F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9c:8b:3a:7e:b8:4b:cc:ed:16:d0:f0:94:b1:
                    d2:30:83:fd:86:2c:38:d0:39:a2:0a:3a:40:46:7c:
                    14:e3:fd:d2:59:f4:13:dc:e0:05:e5:1f:e5:c9:87:
                    6d:a3:09:01:97:6f:a0:9e:25:b4:27:0c:1d:8b:94:
                    fb:87:0e:b9:82:58:d2:34:32:b2:45:42:8b:75:ad:
                    ad:85:f7:65:70:55:93:ea:fd:f2:14:d1:76:5c:90:
                    29:36:7f:a3:9f:98:8b:bd:11:b3:49:bc:bb:23:7d:
                    01:71:67:b6:21:94:15:a1:50:bd:b5:3f:c4:29:7a:
                    10:43:59:4c:b8:ae:85:62:d6:92:f9:4c:06:13:9c:
                    0c:93:8c:a4:1e:73:a9:1b:47:2a:4c:c5:c2:58:7d:
                    29:93:fe:c8:6d:0d:92:7c:8c:3b:27:9b:87:d4:60:
                    33:62:16:fb:7b:0a:ba:60:5b:3e:1e:c0:b8:a3:77:
                    8f:01:90:c7:4c:52:b7:9a:04:f0:15:78:c2:e1:49:
                    d0:f1:15:3f:23:1c:56:92:af:ed:49:84:bd:83:2a:
                    01:f0:b6:52:f7:3e:6e:bf:65:d1:98:21:37:8c:94:
                    69:ac:71:74:0c:25:af:ae:b6:98:79:b9:55:bc:81:
                    4f:41:a0:e8:f5:03:fc:05:d6:b4:b8:a3:cb:8b:d1:
                    da:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A2:04:87:FD:76:D1:AF:31:CF:46:81:46:87:D6:03:4B:8F:F0:F3
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323032363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:e0:cd:9b:6f:f2:00:da:aa:54:0c:4c:5a:eb:c5:09:30:35:
         48:2b:91:1d:79:ff:ad:ae:0a:be:89:55:4f:98:a9:2f:1b:21:
         d7:7e:fc:1c:eb:d6:2e:aa:95:d9:64:c1:d7:22:0e:4d:82:ec:
         d0:ce:98:33:7f:9d:17:e7:21:e3:91:48:47:17:9c:4f:47:ef:
         38:d5:4e:11:6b:45:30:37:09:92:0c:04:fa:95:ca:96:e5:dc:
         e3:3b:e7:11:8e:c1:54:df:e9:77:1b:b8:98:2f:5b:3b:fa:88:
         c5:4e:28:e0:28:3a:1e:38:5b:e8:ad:bf:17:8d:82:86:07:41:
         26:59:2b:03:d1:56:f5:3f:e0:83:1f:e7:a7:1c:77:81:c0:59:
         3b:a0:87:4c:54:41:83:65:f6:7d:04:18:b3:fc:0c:6d:3b:4e:
         32:95:90:3f:6f:d4:d3:1e:bc:73:64:02:c7:43:b6:29:a6:0b:
         00:fc:32:f5:23:2a:fc:93:9b:d0:a2:9a:5d:af:d5:6e:5a:73:
         f9:a5:78:6a:fa:ee:69:5a:8a:ee:51:be:60:45:1a:42:3f:d1:
         8f:ce:2f:59:f4:9f:c8:fc:b8:2f:4b:36:4c:75:87:0c:34:fa:
         21:3e:56:e6:47:5e:38:12:ed:fd:44:88:08:4a:eb:95:a8:56:
         9c:42:f6:a3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCG+595S0VwiUr2SONHs//K60ocUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTExMDExNjEzMzlaFw0yNjEwMzExNjE4MzlaMDMxMTAvBgNV
BAMTKDQ0QTIwNDg3RkQ3NkQxQUYzMUNGNDY4MTQ2ODdENjAzNEI4RkYwRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpnIs6frhLzO0W0PCUsdIwg/2G
LDjQOaIKOkBGfBTj/dJZ9BPc4AXlH+XJh22jCQGXb6CeJbQnDB2LlPuHDrmCWNI0
MrJFQot1ra2F92VwVZPq/fIU0XZckCk2f6OfmIu9EbNJvLsjfQFxZ7YhlBWhUL21
P8QpehBDWUy4roVi1pL5TAYTnAyTjKQec6kbRypMxcJYfSmT/shtDZJ8jDsnm4fU
YDNiFvt7CrpgWz4ewLijd48BkMdMUreaBPAVeMLhSdDxFT8jHFaSr+1JhL2DKgHw
tlL3Pm6/ZdGYITeMlGmscXQMJa+utph5uVW8gU9BoOj1A/wF1rS4o8uL0drpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURKIEh/120a8xz0aBRofWA0uP8PMwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMjM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rTANBgkqhkiG9w0BAQsFAAOCAQEABODNm2/yANqqVAxMWuvFCTA1SCuRHXn/ra4K
volVT5ipLxsh1378HOvWLqqV2WTB1yIOTYLs0M6YM3+dF+ch45FIRxecT0fvONVO
EWtFMDcJkgwE+pXKluXc4zvnEY7BVN/pdxu4mC9bO/qIxU4o4Cg6Hjhb6K2/F42C
hgdBJlkrA9FW9T/ggx/npxx3gcBZO6CHTFRBg2X2fQQYs/wMbTtOMpWQP2/U0x68
c2QCx0O2KaYLAPwy9SMq/JOb0KKaXa/Vblpz+aV4avruaVqK7lG+YEUaQj/Rj84v
WfSfyPy4L0s2THWHDDT6IT5W5kdeOBLt/USICErrlahWnEL2ow==
-----END CERTIFICATE-----