Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa
File:                     34352e382e3231382e302f32342d3234203d3e20323132333834.roa (raw, json)
Hash identifier:          tj3yrp12EwOeT1ZEKtZIphksitaxnh11pc39cLh8XvY=
Subject key identifier:   52:1B:E3:0C:33:B5:53:50:72:AD:12:79:01:BC:EA:EA:46:48:59:D5
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       7C2116A91A0C97EE584125B02E8BB79EF51B1587
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa
Signing time:             Fri 24 Oct 2025 08:55:10 +0000
ROA not before:           Fri 24 Oct 2025 08:50:10 +0000
ROA not after:            Fri 23 Oct 2026 08:55:10 +0000
asID:                     212384
IP address blocks:        45.8.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:21:16:a9:1a:0c:97:ee:58:41:25:b0:2e:8b:b7:9e:f5:1b:15:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Oct 24 08:50:10 2025 GMT
            Not After : Oct 23 08:55:10 2026 GMT
        Subject: CN=521BE30C33B5535072AD127901BCEAEA464859D5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:65:01:4d:e2:9c:83:ac:0c:f2:44:c9:04:1d:
                    b4:b6:d9:6a:d4:d4:f5:14:74:78:c1:37:ad:11:c0:
                    4f:63:65:ce:2d:70:52:57:4e:0a:c0:c9:c4:af:87:
                    42:c0:85:f2:d6:b5:fa:10:ae:cb:52:04:be:25:13:
                    84:14:bf:8c:2f:bd:4e:da:69:e2:ab:32:0f:5d:3d:
                    34:a0:88:92:13:1e:17:0a:c2:90:03:3e:6c:b8:49:
                    8b:0b:bd:f2:93:01:cb:71:22:e4:f8:e6:e5:75:c2:
                    61:8b:98:e2:f8:3c:fc:c1:89:dd:1f:7a:5e:06:03:
                    19:13:b0:82:9e:d4:e5:31:12:9d:e8:69:fb:b2:ad:
                    57:fe:26:21:b3:30:a8:38:fc:d1:3f:f2:cd:20:49:
                    c6:39:50:40:3d:76:66:16:f6:e8:3c:5f:8d:14:6d:
                    33:56:b8:0c:9b:08:cb:95:aa:42:6a:c5:8a:fe:90:
                    97:b5:dd:6a:9b:89:15:1a:ed:4b:f4:b6:b5:68:18:
                    5e:a0:13:45:0e:f6:ed:9d:03:a4:39:f7:34:fe:a6:
                    56:95:63:82:07:d1:46:e8:6b:dd:02:4e:9e:4e:d5:
                    18:dd:d8:6b:0c:f5:a8:13:49:7e:33:de:59:40:3a:
                    1d:72:e1:8d:d3:a7:a5:d0:ab:27:77:f0:11:9a:7c:
                    ee:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:1B:E3:0C:33:B5:53:50:72:AD:12:79:01:BC:EA:EA:46:48:59:D5
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231382e302f32342d3234203d3e20323132333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:9f:81:3e:3a:78:aa:0c:1d:46:f9:b5:5b:dd:ff:ca:0a:71:
         09:7d:4d:d6:9a:d6:f4:86:bc:31:a9:8f:ff:f9:43:67:03:85:
         cd:8e:a4:5e:48:24:4b:4b:c3:ba:76:9d:f2:9b:33:db:9b:aa:
         2f:6e:77:71:42:0b:f6:51:27:90:bd:31:45:c4:3b:8c:ee:e8:
         8a:e8:de:1e:96:16:e2:f6:57:70:c3:ed:46:af:d4:0c:cd:fd:
         71:a2:48:59:f2:4a:90:14:19:f4:ff:3e:a8:87:c3:13:e3:4f:
         7b:b8:57:58:cd:ac:a3:02:07:af:0d:fd:79:6d:a6:e2:d1:21:
         ba:59:36:d9:fe:97:aa:39:e7:d3:13:20:24:fc:56:cd:5a:32:
         59:14:70:81:95:3e:c0:36:5d:7f:62:b6:d8:8e:1f:a4:43:18:
         2d:dc:1c:93:00:5f:5d:63:ad:b7:ea:26:f0:33:0e:ae:09:ae:
         69:6b:ec:a1:e3:e7:58:45:fb:5d:77:21:9f:f2:0f:1c:a5:26:
         72:c8:c7:cc:e5:53:13:d9:2d:e6:90:49:ea:ac:5d:c1:2d:60:
         5c:21:76:98:37:0c:6d:4c:68:28:8b:da:7d:01:3c:98:35:59:
         ec:5e:a8:0b:6e:a8:58:d8:8e:09:32:31:3d:a0:1f:9d:07:3c:
         78:87:b3:db
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfCEWqRoMl+5YQSWwLou3nvUbFYcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTEwMjQwODUwMTBaFw0yNjEwMjMwODU1MTBaMDMxMTAvBgNV
BAMTKDUyMUJFMzBDMzNCNTUzNTA3MkFEMTI3OTAxQkNFQUVBNDY0ODU5RDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPZQFN4pyDrAzyRMkEHbS22WrU
1PUUdHjBN60RwE9jZc4tcFJXTgrAycSvh0LAhfLWtfoQrstSBL4lE4QUv4wvvU7a
aeKrMg9dPTSgiJITHhcKwpADPmy4SYsLvfKTActxIuT45uV1wmGLmOL4PPzBid0f
el4GAxkTsIKe1OUxEp3oafuyrVf+JiGzMKg4/NE/8s0gScY5UEA9dmYW9ug8X40U
bTNWuAybCMuVqkJqxYr+kJe13WqbiRUa7Uv0trVoGF6gE0UO9u2dA6Q59zT+plaV
Y4IH0Uboa90CTp5O1Rjd2GsM9agTSX4z3llAOh1y4Y3Tp6XQqyd38BGafO4rAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUhvjDDO1U1ByrRJ5Abzq6kZIWdUwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMzMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
2jANBgkqhkiG9w0BAQsFAAOCAQEAmJ+BPjp4qgwdRvm1W93/ygpxCX1N1prW9Ia8
MamP//lDZwOFzY6kXkgkS0vDunad8psz25uqL253cUIL9lEnkL0xRcQ7jO7oiuje
HpYW4vZXcMPtRq/UDM39caJIWfJKkBQZ9P8+qIfDE+NPe7hXWM2sowIHrw39eW2m
4tEhulk22f6Xqjnn0xMgJPxWzVoyWRRwgZU+wDZdf2K22I4fpEMYLdwckwBfXWOt
t+om8DMOrgmuaWvsoePnWEX7XXchn/IPHKUmcsjHzOVTE9kt5pBJ6qxdwS1gXCF2
mDcMbUxoKIvafQE8mDVZ7F6oC26oWNiOCTIxPaAfnQc8eIez2w==
-----END CERTIFICATE-----