Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230332e302f32342d3234203d3e2035303635.roa
File:                     34362e3233362e3230332e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          MjQOwCqeNDwVOTHJj6n5yBPm1SJcJL+6HNZohcSoLoA=
Subject key identifier:   E6:FC:49:41:7E:0C:39:77:DA:D6:F8:36:A5:22:36:78:C2:B1:14:B0
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       1B92B8F1D738FCC450A614B9CC1004316E6904F9
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230332e302f32342d3234203d3e2035303635.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     5065
IP address blocks:        46.236.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:92:b8:f1:d7:38:fc:c4:50:a6:14:b9:cc:10:04:31:6e:69:04:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=E6FC49417E0C3977DAD6F836A5223678C2B114B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b3:9b:ca:ea:4d:73:af:45:d3:21:83:82:92:
                    9a:30:61:01:5e:99:e7:a3:de:6e:29:89:d3:ca:e0:
                    ea:f0:38:97:99:7b:14:9f:d5:80:67:88:7c:a2:b3:
                    f6:c4:a5:0f:5f:8b:77:6b:e5:4b:f3:1a:c7:2e:0b:
                    a0:b3:96:b2:df:11:e9:ee:f7:d3:12:73:d9:9e:3b:
                    cb:1b:a6:0e:52:5b:9f:f3:4f:42:2a:71:26:56:a8:
                    9d:8b:db:66:40:19:a9:81:ae:83:c4:b5:a0:c7:76:
                    da:31:9d:71:7c:07:87:8a:81:e3:77:15:e9:c5:0b:
                    53:1e:1d:95:ba:34:86:32:4d:ef:30:f3:4b:be:54:
                    fc:d0:ea:c0:e0:ee:c0:6d:07:0a:9a:90:c0:ba:0c:
                    16:26:06:91:c4:c8:19:c4:08:16:dd:52:da:bc:32:
                    1f:bb:c3:47:14:dc:d1:e9:53:40:60:ac:0f:77:0a:
                    7c:d7:bf:5c:ef:62:71:ba:9a:66:57:02:cc:5a:cc:
                    c1:fb:86:9a:c5:6b:ab:7d:85:f1:6a:b0:1d:9e:74:
                    24:10:79:c1:e0:8b:e7:c7:dd:0c:a6:f8:25:15:51:
                    11:b6:6d:a1:db:da:4e:1b:28:f7:ea:ad:de:10:ee:
                    3e:34:6e:a9:3c:59:71:90:4f:78:16:2a:46:93:68:
                    0c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:FC:49:41:7E:0C:39:77:DA:D6:F8:36:A5:22:36:78:C2:B1:14:B0
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230332e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b0:aa:7b:b4:a3:85:9a:1b:a9:a7:3a:8b:56:7a:e6:e7:bb:
         21:be:9b:1c:9c:c1:62:91:a3:e1:33:17:cf:ce:38:df:7b:9a:
         21:bf:50:6e:9d:eb:b5:c0:4a:51:b8:ef:fc:5e:2f:73:2a:1b:
         c5:e3:cc:63:a1:3c:47:bf:e7:76:38:26:fb:b4:6d:bf:4a:c7:
         62:00:9c:8a:6f:5d:e0:eb:4f:8a:bd:e7:6d:c6:59:2d:26:59:
         82:f1:a7:51:4f:65:0e:96:5a:8c:20:79:b0:ee:5b:3a:31:24:
         e7:0a:92:d8:c2:25:94:92:b1:84:2f:fd:f4:67:2d:77:10:ee:
         69:e2:13:19:40:96:60:b9:90:da:db:1a:0d:31:ce:03:e2:97:
         10:12:33:ae:6f:67:92:07:df:e5:17:40:b1:2b:da:bf:f1:c1:
         4a:0f:93:77:2c:91:36:41:50:13:fd:c7:46:76:a7:5f:f9:35:
         ca:f2:c2:76:eb:dc:c7:f5:71:e8:f2:de:37:18:8a:01:8e:b6:
         55:6d:f4:8f:d5:69:10:7f:e1:fd:3b:91:81:ec:74:49:34:c8:
         e2:7d:4b:c4:73:f1:92:76:f6:98:ba:39:95:ab:e8:d6:b1:19:
         32:d4:b1:8b:d6:6b:0e:f8:b4:0a:f3:c3:2b:b1:0e:56:4c:b3:
         53:d5:ea:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUG5K48dc4/MRQphS5zBAEMW5pBPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKEU2RkM0OTQxN0UwQzM5NzdEQUQ2RjgzNkE1MjIzNjc4QzJCMTE0QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCps5vK6k1zr0XTIYOCkpowYQFe
meej3m4pidPK4OrwOJeZexSf1YBniHyis/bEpQ9fi3dr5UvzGscuC6CzlrLfEenu
99MSc9meO8sbpg5SW5/zT0IqcSZWqJ2L22ZAGamBroPEtaDHdtoxnXF8B4eKgeN3
FenFC1MeHZW6NIYyTe8w80u+VPzQ6sDg7sBtBwqakMC6DBYmBpHEyBnECBbdUtq8
Mh+7w0cU3NHpU0BgrA93CnzXv1zvYnG6mmZXAsxazMH7hprFa6t9hfFqsB2edCQQ
ecHgi+fH3Qym+CUVURG2baHb2k4bKPfqrd4Q7j40bqk8WXGQT3gWKkaTaAwrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5vxJQX4MOXfa1vg2pSI2eMKxFLAwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjMw
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC7s
yzANBgkqhkiG9w0BAQsFAAOCAQEAd7Cqe7SjhZobqac6i1Z65ue7Ib6bHJzBYpGj
4TMXz84433uaIb9Qbp3rtcBKUbjv/F4vcyobxePMY6E8R7/ndjgm+7Rtv0rHYgCc
im9d4OtPir3nbcZZLSZZgvGnUU9lDpZajCB5sO5bOjEk5wqS2MIllJKxhC/99Gct
dxDuaeITGUCWYLmQ2tsaDTHOA+KXEBIzrm9nkgff5RdAsSvav/HBSg+TdyyRNkFQ
E/3HRnanX/k1yvLCduvcx/Vx6PLeNxiKAY62VW30j9VpEH/h/TuRgex0STTI4n1L
xHPxknb2mLo5lavo1rEZMtSxi9ZrDvi0CvPDK7EOVkyzU9XqsA==
-----END CERTIFICATE-----