Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230382e302f32322d3234203d3e20383334.roa
File:                     34362e3233362e3230382e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          a1PIH1ZDrDx1PcVKyv38VrN4kIESPmZBsUyWCeVcM/0=
Subject key identifier:   3B:65:70:57:B4:4F:38:D7:2F:02:0B:21:95:1E:6C:72:C0:5F:ED:61
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       2AB5E013574C335072A03309C2757A13BEB54178
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230382e302f32322d3234203d3e20383334.roa
Signing time:             Fri 05 Sep 2025 17:15:31 +0000
ROA not before:           Fri 05 Sep 2025 17:10:31 +0000
ROA not after:            Fri 04 Sep 2026 17:15:31 +0000
asID:                     834
IP address blocks:        46.236.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:b5:e0:13:57:4c:33:50:72:a0:33:09:c2:75:7a:13:be:b5:41:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  5 17:10:31 2025 GMT
            Not After : Sep  4 17:15:31 2026 GMT
        Subject: CN=3B657057B44F38D72F020B21951E6C72C05FED61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:89:eb:3b:35:8f:fb:e7:87:b2:3d:a9:0a:08:
                    c6:bc:cf:19:4a:11:d9:db:d1:22:f8:79:dc:4a:75:
                    6c:63:5a:99:ad:d6:c9:b6:94:24:ad:ba:6b:47:5a:
                    92:ac:33:70:8d:bb:68:5b:f1:08:c5:bb:7b:60:d6:
                    9c:27:a4:7a:1b:af:d1:9b:d9:46:57:3e:76:68:04:
                    19:f5:23:82:84:75:be:4f:1d:2b:68:0c:4b:f1:7d:
                    36:24:e6:21:9c:61:a9:3e:6a:87:23:f2:8a:c2:f2:
                    da:4d:00:5d:d0:0a:86:d4:26:79:c5:2b:1f:ca:b7:
                    8e:03:58:ed:a3:86:5c:08:a8:95:78:ae:2f:29:7d:
                    7f:a7:22:f1:ad:13:71:07:73:c0:d5:87:dc:a9:2c:
                    92:a9:c0:5a:7e:e4:60:86:9f:c9:df:d5:dc:fa:b5:
                    37:d0:69:71:59:8c:bd:e9:c3:6d:2c:f3:a6:ef:68:
                    30:fc:dc:cf:38:f2:3d:2e:69:f1:ae:b3:cf:97:39:
                    d7:66:9e:93:7f:5b:4f:65:db:f7:d5:a9:5a:cd:cf:
                    55:53:01:ab:7e:35:a7:86:81:fe:43:b5:df:f6:ad:
                    04:25:94:61:8a:b2:c0:be:ea:32:70:93:8c:ba:22:
                    51:03:1a:e9:43:cf:e0:06:4e:11:d6:a1:06:03:79:
                    90:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:65:70:57:B4:4F:38:D7:2F:02:0B:21:95:1E:6C:72:C0:5F:ED:61
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3230382e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:0a:87:5d:62:1a:91:e4:21:1d:22:99:1c:c9:4c:eb:5d:ce:
         ab:83:79:71:e8:b3:85:d2:00:3c:e2:60:8f:36:87:b3:4c:f5:
         a1:01:b3:8d:50:11:4f:f7:5f:5e:c8:bb:74:f7:61:cb:66:1a:
         87:57:74:e7:39:31:ad:8f:c1:c3:15:01:98:1b:67:0a:a5:a8:
         c9:c5:03:ab:34:c0:fe:54:09:76:f9:e0:ef:f9:df:6a:74:80:
         5f:d9:c5:79:46:16:83:11:e9:4e:d8:8c:31:90:ca:f2:14:f1:
         fd:3b:b7:d4:98:6c:1a:1e:91:5e:03:da:db:41:9c:d4:a1:95:
         cf:99:10:bc:88:94:7d:f3:e1:bc:f2:f3:fb:c9:1f:8d:fb:88:
         98:92:28:07:40:c3:ca:8f:17:20:37:f8:2f:d1:9e:05:31:3e:
         a3:d5:0e:2d:8f:41:b7:42:18:0c:3c:b1:a8:58:cf:00:53:cc:
         9c:b7:6c:1e:92:23:8f:8b:0b:a3:41:06:b9:60:62:d9:1b:95:
         fb:03:1b:6a:4b:da:dd:27:b5:d3:e2:76:39:59:7b:7b:ed:ac:
         05:1e:9b:41:5f:5c:c3:a7:a8:80:df:1b:8a:36:4b:25:86:43:
         d0:16:d5:88:79:e0:37:a0:e7:ab:f9:c3:7f:01:f1:cb:c0:21:
         b1:80:ae:86
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKrXgE1dMM1ByoDMJwnV6E761QXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDUxNzEwMzFaFw0yNjA5MDQxNzE1MzFaMDMxMTAvBgNV
BAMTKDNCNjU3MDU3QjQ0RjM4RDcyRjAyMEIyMTk1MUU2QzcyQzA1RkVENjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxies7NY/754eyPakKCMa8zxlK
Ednb0SL4edxKdWxjWpmt1sm2lCStumtHWpKsM3CNu2hb8QjFu3tg1pwnpHobr9Gb
2UZXPnZoBBn1I4KEdb5PHStoDEvxfTYk5iGcYak+aocj8orC8tpNAF3QCobUJnnF
Kx/Kt44DWO2jhlwIqJV4ri8pfX+nIvGtE3EHc8DVh9ypLJKpwFp+5GCGn8nf1dz6
tTfQaXFZjL3pw20s86bvaDD83M848j0uafGus8+XOddmnpN/W09l2/fVqVrNz1VT
Aat+NaeGgf5Dtd/2rQQllGGKssC+6jJwk4y6IlEDGulDz+AGThHWoQYDeZA9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUO2VwV7RPONcvAgshlR5scsBf7WEwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjMw
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIu7NAw
DQYJKoZIhvcNAQELBQADggEBAKEKh11iGpHkIR0imRzJTOtdzquDeXHos4XSADzi
YI82h7NM9aEBs41QEU/3X17Iu3T3YctmGodXdOc5Ma2PwcMVAZgbZwqlqMnFA6s0
wP5UCXb54O/532p0gF/ZxXlGFoMR6U7YjDGQyvIU8f07t9SYbBoekV4D2ttBnNSh
lc+ZELyIlH3z4bzy8/vJH437iJiSKAdAw8qPFyA3+C/RngUxPqPVDi2PQbdCGAw8
sahYzwBTzJy3bB6SI4+LC6NBBrlgYtkblfsDG2pL2t0ntdPidjlZe3vtrAUem0Ff
XMOnqIDfG4o2SyWGQ9AW1Yh54Deg56v5w38B8cvAIbGAroY=
-----END CERTIFICATE-----