Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa
File:                     34352e31302e3136302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          6SRZrimfk2HnIAeusKRqQvGLdJp6QaejFn5pt5V116Q=
Subject key identifier:   72:0E:1E:71:4D:43:97:A4:09:2C:97:FF:33:82:61:54:20:1B:06:7E
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       356FA7BC46A29CDC20DAB0032CC9301400E0EAB9
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 23 Apr 2025 13:46:08 +0000
ROA not before:           Wed 23 Apr 2025 13:41:08 +0000
ROA not after:            Wed 22 Apr 2026 13:46:08 +0000
asID:                     51167
IP address blocks:        45.10.160.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:6f:a7:bc:46:a2:9c:dc:20:da:b0:03:2c:c9:30:14:00:e0:ea:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr 23 13:41:08 2025 GMT
            Not After : Apr 22 13:46:08 2026 GMT
        Subject: CN=720E1E714D4397A4092C97FF33826154201B067E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ff:b5:34:7b:48:7c:16:63:72:51:e9:ae:c4:
                    b2:9f:a0:b3:a5:01:1b:50:21:f7:0e:fc:c9:d1:db:
                    56:96:e2:d8:ac:ff:a7:8a:4a:3d:7d:09:ce:db:30:
                    5e:ab:a8:aa:6f:2b:15:13:2b:ea:b6:4e:be:1b:44:
                    c4:8c:97:66:d2:c4:fb:66:1c:d5:f7:f1:4e:cf:64:
                    f5:13:a7:66:02:48:42:54:a8:63:c3:af:6b:c9:c4:
                    57:4e:8f:97:97:b9:39:dc:93:48:82:22:74:c1:28:
                    c0:51:2f:45:99:c6:54:1e:eb:fd:72:e5:ae:a7:79:
                    2e:64:72:90:11:11:b3:59:0a:32:cb:ce:f0:61:41:
                    4b:4b:bb:f6:74:c7:1d:15:d2:a8:0e:7a:e7:46:e6:
                    9e:ef:1c:4b:41:6e:ad:e9:8e:95:e6:61:96:f3:ce:
                    c8:b9:61:d7:8d:4b:6d:51:99:e9:4a:92:1e:26:0a:
                    5e:f1:0e:71:2e:bb:7a:c9:34:ca:66:a7:da:e9:41:
                    31:36:3e:70:c0:f3:9c:ce:97:26:b0:74:25:17:6c:
                    7c:7d:32:9e:dc:6a:7b:5a:5a:83:0e:79:14:50:e3:
                    27:f1:c8:23:dd:e6:79:a4:59:ef:b4:6e:f1:96:bc:
                    c9:66:86:f2:33:ae:89:74:2e:50:1c:d4:09:21:b5:
                    1e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0E:1E:71:4D:43:97:A4:09:2C:97:FF:33:82:61:54:20:1B:06:7E
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:71:fe:01:6f:2f:74:ed:e2:9c:9f:b4:52:48:e9:42:c2:5b:
         b8:a3:65:78:52:38:e2:f6:9a:7f:9d:11:54:48:52:21:91:8f:
         8b:26:20:82:22:f0:f0:eb:e4:cd:47:20:6e:34:02:ba:54:31:
         8c:79:71:3e:47:a4:b5:e6:69:95:3a:6e:22:a0:c8:bf:e4:12:
         36:a1:ad:86:cb:c2:b7:b9:ab:49:3b:c0:07:7e:9c:bf:8e:ec:
         a9:84:33:7d:72:34:3a:2c:8d:b4:70:0e:a9:48:cd:37:dd:26:
         e6:6e:de:92:22:33:65:44:90:c8:50:17:c1:5f:5c:a0:d1:34:
         98:d9:be:63:65:ed:2d:f9:87:df:67:4b:03:89:e2:6e:5b:68:
         0a:49:f9:9e:cd:6c:fb:b0:07:73:a5:02:9b:7c:69:3b:b0:cb:
         ac:2b:77:7a:04:13:75:a1:e5:c9:24:06:af:a7:a4:32:8e:38:
         fc:f4:91:6f:c7:a9:97:e6:e5:8e:26:5b:88:ce:a3:9d:4d:3c:
         cc:e9:bb:38:65:20:1c:38:3f:b9:26:27:48:6a:99:4c:f9:de:
         aa:20:80:17:bc:1a:94:bc:80:be:f1:95:52:b4:63:0c:7a:6a:
         cf:89:a4:21:a5:dc:40:13:7a:99:c5:85:97:f1:33:a5:33:a4:
         a4:b8:6f:f6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNW+nvEainNwg2rADLMkwFADg6rkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA0MjMxMzQxMDhaFw0yNjA0MjIxMzQ2MDhaMDMxMTAvBgNV
BAMTKDcyMEUxRTcxNEQ0Mzk3QTQwOTJDOTdGRjMzODI2MTU0MjAxQjA2N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ/7U0e0h8FmNyUemuxLKfoLOl
ARtQIfcO/MnR21aW4tis/6eKSj19Cc7bMF6rqKpvKxUTK+q2Tr4bRMSMl2bSxPtm
HNX38U7PZPUTp2YCSEJUqGPDr2vJxFdOj5eXuTnck0iCInTBKMBRL0WZxlQe6/1y
5a6neS5kcpAREbNZCjLLzvBhQUtLu/Z0xx0V0qgOeudG5p7vHEtBbq3pjpXmYZbz
zsi5YdeNS21RmelKkh4mCl7xDnEuu3rJNMpmp9rpQTE2PnDA85zOlyawdCUXbHx9
Mp7cantaWoMOeRRQ4yfxyCPd5nmkWe+0bvGWvMlmhvIzrol0LlAc1AkhtR5nAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcg4ecU1Dl6QJLJf/M4JhVCAbBn4wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzMDJlMzEzNjMw
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
oDANBgkqhkiG9w0BAQsFAAOCAQEAlnH+AW8vdO3inJ+0UkjpQsJbuKNleFI44vaa
f50RVEhSIZGPiyYggiLw8OvkzUcgbjQCulQxjHlxPkekteZplTpuIqDIv+QSNqGt
hsvCt7mrSTvAB36cv47sqYQzfXI0OiyNtHAOqUjNN90m5m7ekiIzZUSQyFAXwV9c
oNE0mNm+Y2XtLfmH32dLA4nibltoCkn5ns1s+7AHc6UCm3xpO7DLrCt3egQTdaHl
ySQGr6ekMo44/PSRb8epl+bljiZbiM6jnU08zOm7OGUgHDg/uSYnSGqZTPneqiCA
F7walLyAvvGVUrRjDHpqz4mkIaXcQBN6mcWFl/EzpTOkpLhv9g==
-----END CERTIFICATE-----