Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa
File:                     34352e31312e38302e302f32342d3234203d3e20313336373837.roa (raw, json)
Hash identifier:          RYm8TODNSj9JM7fajUZAHS4FhLmomcs7VhlA9YoutQk=
Subject key identifier:   CB:91:66:63:2A:5D:7A:D9:FF:0B:0E:1D:97:09:BA:E9:D0:C3:26:78
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       44C2C461D7BED5AD1705D7CA26F69DF390FB5966
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa
Signing time:             Wed 30 Jul 2025 14:46:59 +0000
ROA not before:           Wed 30 Jul 2025 14:41:59 +0000
ROA not after:            Wed 29 Jul 2026 14:46:59 +0000
asID:                     136787
IP address blocks:        45.11.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:c2:c4:61:d7:be:d5:ad:17:05:d7:ca:26:f6:9d:f3:90:fb:59:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 30 14:41:59 2025 GMT
            Not After : Jul 29 14:46:59 2026 GMT
        Subject: CN=CB9166632A5D7AD9FF0B0E1D9709BAE9D0C32678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:99:e9:52:3f:7d:e1:8c:5f:7e:6d:39:45:99:
                    bb:9a:8b:44:88:33:82:15:70:4b:00:5d:c7:48:10:
                    10:17:36:8a:bb:c5:43:75:bd:a7:12:f1:a4:57:2e:
                    82:4c:df:04:86:3f:89:d9:dd:b0:aa:30:41:4b:35:
                    a9:5e:ef:4a:c5:1d:21:ca:7a:03:fb:0a:78:ce:dd:
                    0f:97:33:6a:95:67:be:6a:07:35:ce:e9:2d:be:ec:
                    77:3b:ce:b3:07:5c:11:33:0b:94:f4:7e:f2:4a:0d:
                    e4:32:fa:55:f6:0b:f5:42:4f:e4:66:e9:35:ac:7b:
                    df:b8:7d:a1:b6:0c:ab:13:01:c6:66:0e:cb:35:d0:
                    36:49:ec:16:de:1d:75:13:8d:99:4c:82:eb:fe:f7:
                    15:1a:db:41:68:97:1b:da:cc:76:4b:17:db:0c:04:
                    9c:f1:6d:76:df:f9:1d:4b:28:70:38:a7:05:86:4f:
                    f3:2c:e8:55:91:76:cc:cc:5a:71:49:21:93:53:71:
                    c4:f4:b6:81:96:45:88:eb:ad:f2:ac:5f:c9:94:78:
                    76:1d:c8:0d:96:bf:67:42:00:58:60:8c:40:ca:a7:
                    aa:11:56:b8:99:5b:e1:7c:d7:0f:4b:97:58:39:cc:
                    fb:f5:f6:f5:3e:41:40:8d:97:30:33:1c:d8:1a:ac:
                    28:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:91:66:63:2A:5D:7A:D9:FF:0B:0E:1D:97:09:BA:E9:D0:C3:26:78
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e31312e38302e302f32342d3234203d3e20313336373837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:fa:74:2e:50:74:de:89:3a:d4:d1:8c:16:df:60:f5:6e:61:
         03:0c:21:72:3d:c0:37:81:5b:ea:6e:01:b6:1f:01:5c:f0:83:
         61:75:c4:a7:78:8b:3a:c5:60:7c:4e:f3:5e:ad:ff:a0:84:99:
         3d:99:c9:6c:4f:b9:b9:1b:dd:b9:36:b4:be:46:b2:45:90:fd:
         e9:61:2e:e9:77:ca:e0:ce:2e:d1:4b:96:88:c2:79:63:42:41:
         8f:55:a3:6f:a2:51:6d:29:3c:0a:d3:db:4c:e3:0a:fe:1d:44:
         52:5d:d6:10:d3:dd:82:4c:c3:53:c4:1a:6e:86:ee:32:e3:4f:
         bf:4a:8f:d3:aa:5f:a4:15:52:59:27:88:ca:96:f3:0b:36:51:
         01:26:31:5d:45:de:ca:96:5c:fa:53:c0:d7:27:ad:80:76:52:
         ee:16:d9:f0:4e:39:fd:d1:a0:60:d5:fe:28:a9:cd:44:50:3c:
         1c:69:ae:ff:e5:06:54:6c:a5:79:0e:c1:e7:f4:ab:49:c6:53:
         2c:4d:e5:ec:67:63:a9:7f:ba:34:08:cd:23:93:1f:f1:32:8f:
         9b:40:b8:1a:11:d0:b1:d5:f1:82:de:cb:d0:05:8d:5b:9e:cd:
         7c:8f:2e:91:08:e3:ac:d9:7b:b5:fe:f0:95:31:7a:60:68:7b:
         11:b8:68:bb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURMLEYde+1a0XBdfKJvad85D7WWYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MzAxNDQxNTlaFw0yNjA3MjkxNDQ2NTlaMDMxMTAvBgNV
BAMTKENCOTE2NjYzMkE1RDdBRDlGRjBCMEUxRDk3MDlCQUU5RDBDMzI2NzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwmelSP33hjF9+bTlFmbuai0SI
M4IVcEsAXcdIEBAXNoq7xUN1vacS8aRXLoJM3wSGP4nZ3bCqMEFLNale70rFHSHK
egP7CnjO3Q+XM2qVZ75qBzXO6S2+7Hc7zrMHXBEzC5T0fvJKDeQy+lX2C/VCT+Rm
6TWse9+4faG2DKsTAcZmDss10DZJ7BbeHXUTjZlMguv+9xUa20FolxvazHZLF9sM
BJzxbXbf+R1LKHA4pwWGT/Ms6FWRdszMWnFJIZNTccT0toGWRYjrrfKsX8mUeHYd
yA2Wv2dCAFhgjEDKp6oRVriZW+F81w9Ll1g5zPv19vU+QUCNlzAzHNgarChrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUy5FmYypdetn/Cw4dlwm66dDDJngwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzEzMTJlMzgzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzNjM3MzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
UDANBgkqhkiG9w0BAQsFAAOCAQEAffp0LlB03ok61NGMFt9g9W5hAwwhcj3AN4Fb
6m4Bth8BXPCDYXXEp3iLOsVgfE7zXq3/oISZPZnJbE+5uRvduTa0vkayRZD96WEu
6XfK4M4u0UuWiMJ5Y0JBj1Wjb6JRbSk8CtPbTOMK/h1EUl3WENPdgkzDU8Qabobu
MuNPv0qP06pfpBVSWSeIypbzCzZRASYxXUXeypZc+lPA1yetgHZS7hbZ8E45/dGg
YNX+KKnNRFA8HGmu/+UGVGyleQ7B5/SrScZTLE3l7GdjqX+6NAjNI5Mf8TKPm0C4
GhHQsdXxgt7L0AWNW57NfI8ukQjjrNl7tf7wlTF6YGh7Ebhouw==
-----END CERTIFICATE-----