Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230372e302f32342d3234203d3e20383334.roa
File:                     34362e3233362e3230372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Gt5qstUSA5pjTGsJ604Hh9o+g/eafMxQWJsi6ijHng8=
Subject key identifier:   76:8A:6C:C7:81:13:C7:A6:DB:B4:8A:0E:3B:ED:E8:E8:8E:80:B3:0F
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       74053401F3FAC1DD4C6D8029BAE912B0932F05FD
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230372e302f32342d3234203d3e20383334.roa
Signing time:             Thu 04 Sep 2025 10:40:04 +0000
ROA not before:           Thu 04 Sep 2025 10:35:04 +0000
ROA not after:            Thu 03 Sep 2026 10:40:04 +0000
asID:                     834
IP address blocks:        46.236.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:05:34:01:f3:fa:c1:dd:4c:6d:80:29:ba:e9:12:b0:93:2f:05:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:04 2025 GMT
            Not After : Sep  3 10:40:04 2026 GMT
        Subject: CN=768A6CC78113C7A6DBB48A0E3BEDE8E88E80B30F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:2c:a0:42:4c:d3:19:3e:b1:14:c6:45:2f:
                    52:c3:b2:09:c5:ae:f8:7d:83:e5:4d:a1:4e:eb:21:
                    75:65:8f:b9:7d:e8:9f:d5:b3:b3:86:6a:13:5a:e1:
                    e2:b8:ed:9e:d9:29:47:a4:9a:94:30:93:3a:8f:66:
                    30:23:11:7b:0d:a8:a6:00:df:41:9a:44:20:22:07:
                    af:16:63:f7:4c:2f:17:6c:17:97:cb:a6:42:57:6f:
                    88:da:c0:16:b7:34:80:c8:24:2c:12:29:9f:76:40:
                    e5:13:bf:1a:3d:bf:56:33:20:12:04:f5:06:1d:09:
                    7a:a0:8b:4e:91:db:ae:cf:67:ca:bd:d0:17:df:a6:
                    fe:22:23:5f:ab:d7:47:67:e0:ad:84:40:83:34:db:
                    68:22:87:f6:e5:9e:a3:a2:ed:19:9b:08:dd:7f:9b:
                    c4:3c:a1:0c:30:af:ab:7f:50:19:70:51:80:9a:56:
                    2c:48:ab:79:40:94:df:3c:7f:79:c7:9e:4d:0d:75:
                    8b:53:a8:66:1b:d9:84:92:46:ed:fd:de:63:76:49:
                    27:ec:ab:94:16:c4:55:be:d1:a3:03:15:4d:7f:01:
                    b6:5f:bf:62:76:4e:e5:d9:1a:26:be:04:35:27:4d:
                    b2:02:5d:5d:f5:f2:45:dc:84:39:29:83:61:09:09:
                    50:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:8A:6C:C7:81:13:C7:A6:DB:B4:8A:0E:3B:ED:E8:E8:8E:80:B3:0F
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:33:62:c9:48:e5:55:2e:25:61:2b:89:a8:10:aa:25:4d:0b:
         3d:07:1e:67:a3:db:55:3e:79:ba:52:14:5a:be:7f:b3:0b:9e:
         b8:b2:a7:cc:0c:d0:14:7e:c2:7f:06:7d:9c:e8:e0:70:60:49:
         fa:42:40:55:8b:13:6d:a6:e3:70:c8:a3:50:3c:e4:fa:cd:7f:
         53:eb:b9:8e:3e:ce:e0:ac:6a:46:f0:65:c7:20:0b:1a:d6:c4:
         3b:a8:90:b4:fc:74:ab:88:aa:30:08:a5:24:1b:73:ae:be:d9:
         5d:a8:73:f9:ab:ac:2c:a4:bc:75:ed:7d:21:90:60:94:ba:e9:
         c5:48:5c:72:83:35:f5:0b:56:8b:6c:03:48:85:04:af:f8:6d:
         33:ff:b5:9e:ee:6a:1d:23:c6:87:9e:cf:7c:91:87:01:ea:67:
         6e:33:9d:fc:bd:45:eb:06:92:a0:38:1f:6e:c7:21:39:a5:40:
         4a:07:71:a9:f3:30:1c:ce:75:ac:17:84:e4:0f:a8:7c:89:46:
         a0:88:ba:98:5f:e0:a8:94:db:74:c0:4d:11:8a:ae:12:13:98:
         02:ca:81:eb:c2:a9:4b:26:22:e0:8b:33:03:65:dd:1d:72:87:
         8e:e3:65:6e:10:59:70:17:e3:d5:d1:82:82:48:98:00:cf:f0:
         75:ad:7f:36
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdAU0AfP6wd1MbYApuukSsJMvBf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDRaFw0yNjA5MDMxMDQwMDRaMDMxMTAvBgNV
BAMTKDc2OEE2Q0M3ODExM0M3QTZEQkI0OEEwRTNCRURFOEU4OEU4MEIzMEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyDyygQkzTGT6xFMZFL1LDsgnF
rvh9g+VNoU7rIXVlj7l96J/Vs7OGahNa4eK47Z7ZKUekmpQwkzqPZjAjEXsNqKYA
30GaRCAiB68WY/dMLxdsF5fLpkJXb4jawBa3NIDIJCwSKZ92QOUTvxo9v1YzIBIE
9QYdCXqgi06R267PZ8q90Bffpv4iI1+r10dn4K2EQIM022gih/blnqOi7RmbCN1/
m8Q8oQwwr6t/UBlwUYCaVixIq3lAlN88f3nHnk0NdYtTqGYb2YSSRu393mN2SSfs
q5QWxFW+0aMDFU1/AbZfv2J2TuXZGia+BDUnTbICXV318kXchDkpg2EJCVAZAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUdopsx4ETx6bbtIoOO+3o6I6Asw8wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAu7M8w
DQYJKoZIhvcNAQELBQADggEBAFMzYslI5VUuJWEriagQqiVNCz0HHmej21U+ebpS
FFq+f7MLnriyp8wM0BR+wn8GfZzo4HBgSfpCQFWLE22m43DIo1A85PrNf1PruY4+
zuCsakbwZccgCxrWxDuokLT8dKuIqjAIpSQbc66+2V2oc/mrrCykvHXtfSGQYJS6
6cVIXHKDNfULVotsA0iFBK/4bTP/tZ7uah0jxoeez3yRhwHqZ24znfy9ResGkqA4
H27HITmlQEoHcanzMBzOdawXhOQPqHyJRqCIuphf4KiU23TATRGKrhITmALKgevC
qUsmIuCLMwNl3R1yh47jZW4QWXAX49XRgoJImADP8HWtfzY=
-----END CERTIFICATE-----