Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3232332e302f32342d3234203d3e20313734.roa
File:                     34362e3233362e3232332e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          daBRPc7di4GxvMXTAA2glVdfp85StsQ3MiripWfHCVw=
Subject key identifier:   8E:B2:C0:A1:76:F2:95:3F:62:AB:42:BA:48:1A:2C:0A:37:93:E8:5D
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       53632607DD82A3D6FF3094DAE7608C9EAF01AF16
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3232332e302f32342d3234203d3e20313734.roa
Signing time:             Thu 11 Sep 2025 14:44:26 +0000
ROA not before:           Thu 11 Sep 2025 14:39:26 +0000
ROA not after:            Thu 10 Sep 2026 14:44:26 +0000
asID:                     174
IP address blocks:        46.236.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Sep 2025 04:17:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:63:26:07:dd:82:a3:d6:ff:30:94:da:e7:60:8c:9e:af:01:af:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 11 14:39:26 2025 GMT
            Not After : Sep 10 14:44:26 2026 GMT
        Subject: CN=8EB2C0A176F2953F62AB42BA481A2C0A3793E85D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:16:51:71:5d:52:eb:f3:e7:a2:a5:81:93:09:
                    fc:6b:b0:53:2a:99:52:f5:ac:e3:0d:46:99:77:c6:
                    40:97:40:cf:bc:4a:6a:c4:15:15:c6:94:69:27:06:
                    31:36:ae:59:0a:50:ee:ce:7c:f6:1f:52:3b:a6:29:
                    33:d5:f3:29:38:fa:cc:6c:2a:35:f8:71:a1:99:79:
                    d8:5b:d7:f4:98:14:e4:4c:a4:c8:8e:4a:e7:09:0a:
                    a4:de:b2:87:1e:60:bb:69:f0:c1:a9:26:c0:87:25:
                    84:c9:e0:63:39:e9:08:0c:9a:c9:e2:25:66:90:34:
                    d3:7f:0b:df:e2:66:7f:1c:a6:d3:84:02:62:f8:0c:
                    72:78:87:6e:62:6e:53:98:33:85:81:39:38:6b:54:
                    78:0b:e7:af:7c:58:fb:52:f3:fb:bd:00:1e:91:51:
                    3d:40:fb:97:d2:aa:d1:99:a6:e2:9d:06:c1:b9:31:
                    35:45:fd:84:cb:0a:46:7f:ba:12:82:65:6d:4c:26:
                    f3:73:69:60:fa:2b:9f:87:09:80:eb:6e:60:23:eb:
                    e2:56:42:bf:e8:36:38:0f:4b:e6:e5:f0:0a:0a:78:
                    c2:5e:2c:71:9e:00:60:25:f9:53:04:8e:a4:ee:cd:
                    72:bd:36:b2:d5:7e:d1:b9:7f:91:37:dd:34:79:6c:
                    d6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B2:C0:A1:76:F2:95:3F:62:AB:42:BA:48:1A:2C:0A:37:93:E8:5D
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3232332e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c3:6a:ee:a9:e9:22:c9:0d:eb:6b:b9:e4:a1:15:21:84:12:
         47:a7:38:84:4f:6d:b3:39:27:71:e4:e9:e5:e0:e2:1a:47:ee:
         7c:bb:72:0b:9c:df:fd:6e:1b:01:5c:c9:79:68:a2:5e:23:f3:
         52:7a:a0:c3:8d:31:0b:52:30:ab:3c:0c:a6:9d:61:be:7c:b9:
         45:e0:1e:2a:8e:d4:b9:60:23:30:0f:8c:5b:c6:c7:e1:5d:91:
         94:43:c5:ba:70:f6:c7:ac:4c:44:16:9d:48:8a:ca:d5:30:29:
         4c:44:c3:bf:52:f9:a6:47:fb:31:ed:93:5e:b7:cd:72:19:b5:
         29:e4:51:ba:f9:05:ee:63:d2:16:30:f9:c7:31:21:86:1d:a9:
         74:fa:dc:a7:1e:ae:06:ee:f7:6f:9d:ed:0d:27:94:41:46:e7:
         67:a4:6b:d0:93:e6:e5:e8:a7:73:25:1f:b3:a3:02:16:f4:52:
         d1:b1:3a:ec:47:f3:f6:bb:fa:25:56:3c:cc:67:3b:93:ad:a9:
         68:0f:6a:78:8b:5a:c2:aa:48:aa:34:cc:ea:49:67:88:a8:47:
         df:c3:ca:54:6d:83:2e:cf:6e:a7:8b:5d:3b:38:93:8b:fc:07:
         be:cc:f1:f8:be:d4:66:5b:ef:1f:66:67:da:e0:9a:92:75:7c:
         19:7a:7e:26
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUU2MmB92Co9b/MJTa52CMnq8BrxYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MTExNDM5MjZaFw0yNjA5MTAxNDQ0MjZaMDMxMTAvBgNV
BAMTKDhFQjJDMEExNzZGMjk1M0Y2MkFCNDJCQTQ4MUEyQzBBMzc5M0U4NUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfFlFxXVLr8+eipYGTCfxrsFMq
mVL1rOMNRpl3xkCXQM+8SmrEFRXGlGknBjE2rlkKUO7OfPYfUjumKTPV8yk4+sxs
KjX4caGZedhb1/SYFORMpMiOSucJCqTesoceYLtp8MGpJsCHJYTJ4GM56QgMmsni
JWaQNNN/C9/iZn8cptOEAmL4DHJ4h25iblOYM4WBOThrVHgL5698WPtS8/u9AB6R
UT1A+5fSqtGZpuKdBsG5MTVF/YTLCkZ/uhKCZW1MJvNzaWD6K5+HCYDrbmAj6+JW
Qr/oNjgPS+bl8AoKeMJeLHGeAGAl+VMEjqTuzXK9NrLVftG5f5E33TR5bNavAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjrLAoXbylT9iq0K6SBosCjeT6F0wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjMy
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAu7N8w
DQYJKoZIhvcNAQELBQADggEBAArDau6p6SLJDetrueShFSGEEkenOIRPbbM5J3Hk
6eXg4hpH7ny7cguc3/1uGwFcyXlool4j81J6oMONMQtSMKs8DKadYb58uUXgHiqO
1LlgIzAPjFvGx+FdkZRDxbpw9sesTEQWnUiKytUwKUxEw79S+aZH+zHtk163zXIZ
tSnkUbr5Be5j0hYw+ccxIYYdqXT63Kcergbu92+d7Q0nlEFG52eka9CT5uXop3Ml
H7OjAhb0UtGxOuxH8/a7+iVWPMxnO5OtqWgPaniLWsKqSKo0zOpJZ4ioR9/DylRt
gy7PbqeLXTs4k4v8B77M8fi+1GZb7x9mZ9rgmpJ1fBl6fiY=
-----END CERTIFICATE-----