Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231322e302f32322d3232203d3e2037303239.roa
File:                     34352e39352e3231322e302f32322d3232203d3e2037303239.roa (raw, json)
Hash identifier:          b3HfoeSSJnwEFBW/P8/Hh1DNPoifdQtxChWclKR01cY=
Subject key identifier:   BD:92:5F:D4:77:C3:2D:3C:D8:F0:99:9C:76:25:92:E7:2A:0A:8A:2C
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       17882C632C90FED92EE965DE0F0DADE0DEA1E0E6
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231322e302f32322d3232203d3e2037303239.roa
Signing time:             Fri 24 Oct 2025 08:55:10 +0000
ROA not before:           Fri 24 Oct 2025 08:50:10 +0000
ROA not after:            Fri 23 Oct 2026 08:55:10 +0000
asID:                     7029
IP address blocks:        45.95.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:88:2c:63:2c:90:fe:d9:2e:e9:65:de:0f:0d:ad:e0:de:a1:e0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Oct 24 08:50:10 2025 GMT
            Not After : Oct 23 08:55:10 2026 GMT
        Subject: CN=BD925FD477C32D3CD8F0999C762592E72A0A8A2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c4:fa:4e:5c:02:1e:2c:67:d8:87:ad:d7:09:
                    73:07:fa:fa:c8:46:a2:f9:a8:5c:84:7f:62:16:31:
                    18:8e:8a:07:08:c9:4e:1e:85:08:18:29:77:26:ee:
                    7b:62:51:05:c6:70:0b:9e:fe:01:9f:aa:65:54:12:
                    61:be:b1:48:19:a9:25:8d:aa:b3:48:22:26:fa:cc:
                    ec:eb:d2:8b:23:c4:2c:e2:87:36:68:af:c8:30:3b:
                    70:15:5d:14:4a:0c:3d:cc:f6:9d:6c:63:54:c2:32:
                    03:88:56:5d:e9:34:08:4e:c6:21:95:e7:c9:30:b6:
                    a5:e0:a6:3a:8e:11:ad:99:08:33:a1:27:2c:e1:c9:
                    be:9e:b7:b8:d7:24:17:28:d2:85:08:29:3f:84:cc:
                    01:b4:bc:f5:8b:48:9e:7d:8e:0c:58:54:6e:e1:1d:
                    55:31:ac:74:81:3f:b6:42:5c:6f:46:d9:72:7b:8f:
                    3c:0a:8d:61:2c:7d:5f:2a:d5:f1:6e:34:3e:ef:6f:
                    d5:0e:fc:10:51:d4:65:64:22:13:a3:f0:71:4f:ee:
                    30:bf:dd:1d:37:0c:54:1e:f1:b3:5b:6b:d1:e8:30:
                    66:2e:e1:24:17:8e:50:44:63:73:7f:e8:e8:6d:43:
                    10:3e:a6:9f:4d:bf:63:a8:de:fb:1e:8e:01:c1:70:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:92:5F:D4:77:C3:2D:3C:D8:F0:99:9C:76:25:92:E7:2A:0A:8A:2C
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231322e302f32322d3232203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:1d:20:81:a3:b4:99:a6:ea:f3:58:54:e9:fe:18:4e:21:0e:
         88:93:97:de:14:44:f5:9c:84:03:2e:f8:5e:b3:b3:93:be:4f:
         be:55:0a:f6:8d:fc:80:4a:ea:df:27:64:c9:03:2e:67:2d:eb:
         1d:67:38:48:56:1e:c3:7b:60:b9:76:cf:b8:e1:bf:db:a3:bc:
         39:8b:43:52:48:9d:f4:be:e1:77:81:ca:0d:52:e5:c8:2e:41:
         1b:f8:80:32:0f:97:d1:46:dd:85:2d:9f:1c:73:fd:28:2d:16:
         c5:60:bb:63:63:46:6a:a8:68:1f:1f:63:7b:7b:86:12:48:1c:
         f0:9f:69:63:9a:d6:d8:41:60:2e:da:46:7a:00:50:76:e9:91:
         70:9b:13:c3:62:de:cb:3e:35:38:7b:2b:94:16:bc:f8:a8:72:
         b3:5a:8e:bf:29:84:73:f7:22:f3:e8:69:f3:be:8e:63:0a:ef:
         88:51:96:22:a3:f9:5e:42:ca:9b:89:88:74:9d:35:5e:90:2e:
         76:96:e2:2f:61:c7:66:d2:48:bc:f6:c5:ee:c1:1c:77:f9:db:
         c9:85:fb:27:f0:6b:f4:39:f0:2c:0b:46:b1:1c:64:f6:61:a9:
         2f:b9:b3:d7:57:a3:52:3b:a9:b9:89:0d:6d:4d:d6:1c:4a:f4:
         b9:45:8e:02
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUF4gsYyyQ/tku6WXeDw2t4N6h4OYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTEwMjQwODUwMTBaFw0yNjEwMjMwODU1MTBaMDMxMTAvBgNV
BAMTKEJEOTI1RkQ0NzdDMzJEM0NEOEYwOTk5Qzc2MjU5MkU3MkEwQThBMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChxPpOXAIeLGfYh63XCXMH+vrI
RqL5qFyEf2IWMRiOigcIyU4ehQgYKXcm7ntiUQXGcAue/gGfqmVUEmG+sUgZqSWN
qrNIIib6zOzr0osjxCzihzZor8gwO3AVXRRKDD3M9p1sY1TCMgOIVl3pNAhOxiGV
58kwtqXgpjqOEa2ZCDOhJyzhyb6et7jXJBco0oUIKT+EzAG0vPWLSJ59jgxYVG7h
HVUxrHSBP7ZCXG9G2XJ7jzwKjWEsfV8q1fFuND7vb9UO/BBR1GVkIhOj8HFP7jC/
3R03DFQe8bNba9HoMGYu4SQXjlBEY3N/6OhtQxA+pp9Nv2Oo3vsejgHBcBM9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUvZJf1HfDLTzY8JmcdiWS5yoKiiwwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTMy
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzczMDMyMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItX9Qw
DQYJKoZIhvcNAQELBQADggEBABAdIIGjtJmm6vNYVOn+GE4hDoiTl94URPWchAMu
+F6zs5O+T75VCvaN/IBK6t8nZMkDLmct6x1nOEhWHsN7YLl2z7jhv9ujvDmLQ1JI
nfS+4XeByg1S5cguQRv4gDIPl9FG3YUtnxxz/SgtFsVgu2NjRmqoaB8fY3t7hhJI
HPCfaWOa1thBYC7aRnoAUHbpkXCbE8Ni3ss+NTh7K5QWvPiocrNajr8phHP3IvPo
afO+jmMK74hRliKj+V5CypuJiHSdNV6QLnaW4i9hx2bSSLz2xe7BHHf528mF+yfw
a/Q58CwLRrEcZPZhqS+5s9dXo1I7qbmJDW1N1hxK9LlFjgI=
-----END CERTIFICATE-----