Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20323136303232.roa
File:                     34352e382e3231372e302f32342d3234203d3e20323136303232.roa (raw, json)
Hash identifier:          jEFgm1vCid6uTn7CbLigvnooFo9cqhw+cyVAwytykho=
Subject key identifier:   F8:F6:49:4A:2C:75:CA:75:5D:CD:FE:19:32:16:D1:57:C6:9F:7E:1A
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       4A0A19814248D4DDBBAE0569EE203DE79872D792
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20323136303232.roa
Signing time:             Sun 18 May 2025 06:45:14 +0000
ROA not before:           Sun 18 May 2025 06:40:14 +0000
ROA not after:            Sun 17 May 2026 06:45:14 +0000
asID:                     216022
IP address blocks:        45.8.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:0a:19:81:42:48:d4:dd:bb:ae:05:69:ee:20:3d:e7:98:72:d7:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: May 18 06:40:14 2025 GMT
            Not After : May 17 06:45:14 2026 GMT
        Subject: CN=F8F6494A2C75CA755DCDFE193216D157C69F7E1A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b4:83:3e:e9:53:56:3e:4e:49:6b:d1:53:96:
                    d4:4b:ef:57:6f:e8:1c:2e:a8:f1:68:03:cb:a2:68:
                    f4:d5:bc:07:ed:5c:2f:5b:33:ae:d4:f2:63:2f:4f:
                    79:45:3c:60:24:50:1e:07:87:51:5f:f0:c3:91:75:
                    11:3a:65:f1:b9:cc:de:3d:17:70:6c:0c:dd:8b:ae:
                    c3:7d:36:0a:2a:ce:1c:bd:b3:17:ba:f5:22:67:fd:
                    4b:95:49:f1:ce:4d:f9:aa:00:a6:8c:6d:f1:4a:15:
                    28:3d:75:5b:49:5a:e7:24:1a:4b:9c:78:df:6c:b6:
                    73:6f:8e:b9:f4:13:37:4e:c5:03:11:20:3c:e1:67:
                    e4:be:08:c6:c6:ea:c1:fb:b1:12:28:5e:10:47:de:
                    2c:84:d2:d5:e3:52:40:f9:41:eb:90:fc:9e:31:c9:
                    b1:58:7c:e3:32:3e:39:d6:c1:e6:85:2e:0f:72:13:
                    2e:c5:66:9e:66:1d:d1:96:17:47:6a:69:eb:15:6b:
                    90:72:83:f5:56:7f:e7:4d:b0:5d:a1:ac:aa:b0:f4:
                    11:f0:e4:40:85:f0:35:0f:e0:66:98:ab:48:d6:b6:
                    63:7b:28:2c:b1:18:cc:63:b8:8f:be:60:b2:10:e1:
                    b2:b5:35:cf:ee:f7:7b:32:6b:aa:7a:db:a2:78:9b:
                    9c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F6:49:4A:2C:75:CA:75:5D:CD:FE:19:32:16:D1:57:C6:9F:7E:1A
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20323136303232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:fe:ed:e1:27:11:4f:0e:2d:8f:27:4f:8e:0c:b7:ab:08:01:
         a4:23:81:d2:8b:78:cc:dd:39:c0:75:d7:8f:c7:0c:4a:d6:57:
         7d:b4:07:f0:d5:3b:14:55:9f:b9:21:8a:cf:e3:78:05:4a:d5:
         61:8e:9f:b9:42:db:9c:9a:1c:ff:69:00:cf:36:41:d1:00:92:
         19:65:65:1c:23:ce:32:b3:97:a8:d6:b0:c1:a9:75:77:27:95:
         d4:1d:d4:aa:b4:1a:ca:2e:1b:d2:be:fe:f7:7b:de:ae:66:45:
         c8:fd:91:30:5a:2c:1e:92:f8:3f:af:e6:36:3a:3c:09:02:43:
         1e:5f:91:43:35:0b:7b:20:51:1b:69:42:ce:43:a7:64:40:f2:
         bf:92:63:cd:45:c3:02:1f:48:cb:ab:48:c7:25:76:7b:b4:ed:
         c9:5c:50:eb:c4:7b:03:57:5a:95:7c:c1:26:6e:a2:3a:fb:09:
         d7:0e:f4:1b:37:b1:8b:c8:8f:bf:0f:7a:dc:81:1b:41:0c:d2:
         53:0c:20:9c:9f:93:cb:be:e8:f3:11:fe:0b:a8:b6:21:ad:d1:
         46:8e:fa:52:ae:e3:10:11:77:f2:5f:5d:2f:bf:58:af:07:7e:
         cc:ef:f4:b7:0b:ac:21:55:b4:2c:17:07:ff:c5:6e:79:26:ea:
         8a:4e:e4:7f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSgoZgUJI1N27rgVp7iA955hy15IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA1MTgwNjQwMTRaFw0yNjA1MTcwNjQ1MTRaMDMxMTAvBgNV
BAMTKEY4RjY0OTRBMkM3NUNBNzU1RENERkUxOTMyMTZEMTU3QzY5RjdFMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2tIM+6VNWPk5Ja9FTltRL71dv
6BwuqPFoA8uiaPTVvAftXC9bM67U8mMvT3lFPGAkUB4Hh1Ff8MORdRE6ZfG5zN49
F3BsDN2LrsN9Ngoqzhy9sxe69SJn/UuVSfHOTfmqAKaMbfFKFSg9dVtJWuckGkuc
eN9stnNvjrn0EzdOxQMRIDzhZ+S+CMbG6sH7sRIoXhBH3iyE0tXjUkD5QeuQ/J4x
ybFYfOMyPjnWweaFLg9yEy7FZp5mHdGWF0dqaesVa5Byg/VWf+dNsF2hrKqw9BHw
5ECF8DUP4GaYq0jWtmN7KCyxGMxjuI++YLIQ4bK1Nc/u93sya6p626J4m5wZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+PZJSix1ynVdzf4ZMhbRV8affhowHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNjMwMzIzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
2TANBgkqhkiG9w0BAQsFAAOCAQEAvP7t4ScRTw4tjydPjgy3qwgBpCOB0ot4zN05
wHXXj8cMStZXfbQH8NU7FFWfuSGKz+N4BUrVYY6fuULbnJoc/2kAzzZB0QCSGWVl
HCPOMrOXqNawwal1dyeV1B3UqrQayi4b0r7+93vermZFyP2RMFosHpL4P6/mNjo8
CQJDHl+RQzULeyBRG2lCzkOnZEDyv5JjzUXDAh9Iy6tIxyV2e7TtyVxQ68R7A1da
lXzBJm6iOvsJ1w70Gzexi8iPvw963IEbQQzSUwwgnJ+Ty77o8xH+C6i2Ia3RRo76
Uq7jEBF38l9dL79Yrwd+zO/0twusIVW0LBcH/8VueSbqik7kfw==
-----END CERTIFICATE-----