Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3231322e302f32332d3234203d3e20383334.roa
File:                     34362e3233362e3231322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          /O+5BrTNpQfe7zH4gJlJVAzLDnvNYigx+33s8odi3I0=
Subject key identifier:   0C:20:7A:E6:19:DF:64:1B:77:00:F8:29:E0:BA:3E:DD:E3:38:2A:4E
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       572ECF9992BC1E07607CEE5F9479C8B3694AFBA1
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3231322e302f32332d3234203d3e20383334.roa
Signing time:             Fri 05 Sep 2025 17:15:31 +0000
ROA not before:           Fri 05 Sep 2025 17:10:31 +0000
ROA not after:            Fri 04 Sep 2026 17:15:31 +0000
asID:                     834
IP address blocks:        46.236.212.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:2e:cf:99:92:bc:1e:07:60:7c:ee:5f:94:79:c8:b3:69:4a:fb:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  5 17:10:31 2025 GMT
            Not After : Sep  4 17:15:31 2026 GMT
        Subject: CN=0C207AE619DF641B7700F829E0BA3EDDE3382A4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b0:d2:11:42:2d:6e:f7:71:bb:75:99:f5:73:
                    9f:4a:71:96:9a:e4:6b:94:b9:68:cf:a8:47:55:ad:
                    92:b1:fa:f4:1e:14:05:2d:61:6b:72:b2:90:92:28:
                    f8:3d:e6:f1:46:6a:04:43:d6:69:21:12:66:1a:3b:
                    d9:91:6a:ae:76:6b:a0:de:ac:a7:c1:0e:91:18:5b:
                    60:47:46:46:40:1f:e2:8b:8d:3c:2f:c6:16:01:1c:
                    47:78:c6:10:d6:3f:6b:2e:f7:af:40:1f:90:a0:39:
                    6a:81:78:23:2c:63:f2:4b:e9:99:75:08:1f:15:3f:
                    c0:ae:f3:17:9c:77:8e:a5:c7:da:d3:f4:7b:97:c2:
                    b2:47:55:8b:b4:a3:45:6e:ac:60:36:16:29:4e:3b:
                    c7:13:90:d6:a3:a3:7b:5c:0c:46:d7:92:71:57:c4:
                    9b:d0:57:e3:06:ba:5b:06:f8:c5:25:24:8c:a8:e2:
                    75:02:49:60:c5:56:77:b7:27:f6:05:09:08:85:c8:
                    a7:3c:1e:21:3e:7f:33:6d:f6:92:20:e2:14:5c:e4:
                    4a:a9:d9:19:de:36:52:53:69:87:5e:b4:12:e8:0a:
                    bd:4b:cc:f7:bb:5a:65:37:ac:8d:fc:79:8c:49:77:
                    08:43:c6:6a:d5:94:db:cd:7e:b9:3a:6b:e9:59:7b:
                    69:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:20:7A:E6:19:DF:64:1B:77:00:F8:29:E0:BA:3E:DD:E3:38:2A:4E
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3231322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:84:56:7f:b4:31:53:8e:c6:0f:e9:7c:60:18:27:0c:f9:96:
         5c:44:b9:ca:b6:f0:f0:e5:3e:24:bc:25:17:d4:e4:5a:e4:f4:
         6f:c3:aa:9a:36:af:ef:07:f3:50:7a:75:2d:c2:16:99:d7:18:
         57:7c:e2:74:32:49:0c:59:fb:76:13:ad:d9:86:cf:be:d9:8e:
         6e:02:f2:11:84:f7:a8:9a:56:04:7d:ae:f9:d5:91:33:85:cf:
         63:74:ed:64:9c:c8:a7:47:79:8c:e0:ad:cb:9f:61:be:c7:c9:
         d4:4b:70:59:cf:60:e9:e5:03:b8:b3:b1:09:0f:51:b1:e7:be:
         99:7d:28:0b:05:5a:a2:60:0d:e5:61:a6:c4:b1:18:75:fe:fd:
         f4:c5:1c:b0:71:10:43:07:a4:2d:12:52:83:d9:1e:41:a9:6a:
         1c:8e:da:f2:eb:13:68:c5:bb:eb:a9:f6:d3:45:19:a3:6a:dd:
         ee:70:67:d0:18:5d:2f:f4:c8:50:1c:c5:06:e7:26:8d:8c:cb:
         b9:fa:01:08:65:3f:26:2a:1e:83:89:6e:94:ab:33:7f:0b:c2:
         16:5a:6b:48:f0:3e:ac:9f:5e:ac:ec:18:7b:40:4b:9c:0e:eb:
         4f:90:cb:58:42:ca:73:7e:de:ed:1b:64:d8:96:47:1c:dc:b5:
         08:2e:8b:95
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVy7PmZK8HgdgfO5flHnIs2lK+6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDUxNzEwMzFaFw0yNjA5MDQxNzE1MzFaMDMxMTAvBgNV
BAMTKDBDMjA3QUU2MTlERjY0MUI3NzAwRjgyOUUwQkEzRURERTMzODJBNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMsNIRQi1u93G7dZn1c59KcZaa
5GuUuWjPqEdVrZKx+vQeFAUtYWtyspCSKPg95vFGagRD1mkhEmYaO9mRaq52a6De
rKfBDpEYW2BHRkZAH+KLjTwvxhYBHEd4xhDWP2su969AH5CgOWqBeCMsY/JL6Zl1
CB8VP8Cu8xecd46lx9rT9HuXwrJHVYu0o0VurGA2FilOO8cTkNajo3tcDEbXknFX
xJvQV+MGulsG+MUlJIyo4nUCSWDFVne3J/YFCQiFyKc8HiE+fzNt9pIg4hRc5Eqp
2RneNlJTaYdetBLoCr1LzPe7WmU3rI38eYxJdwhDxmrVlNvNfrk6a+lZe2m7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUDCB65hnfZBt3APgp4Lo+3eM4Kk4wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjMx
MzIyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEu7NQw
DQYJKoZIhvcNAQELBQADggEBAAyEVn+0MVOOxg/pfGAYJwz5llxEucq28PDlPiS8
JRfU5Frk9G/Dqpo2r+8H81B6dS3CFpnXGFd84nQySQxZ+3YTrdmGz77Zjm4C8hGE
96iaVgR9rvnVkTOFz2N07WScyKdHeYzgrcufYb7HydRLcFnPYOnlA7izsQkPUbHn
vpl9KAsFWqJgDeVhpsSxGHX+/fTFHLBxEEMHpC0SUoPZHkGpahyO2vLrE2jFu+up
9tNFGaNq3e5wZ9AYXS/0yFAcxQbnJo2My7n6AQhlPyYqHoOJbpSrM38LwhZaa0jw
PqyfXqzsGHtAS5wO60+Qy1hCynN+3u0bZNiWRxzctQgui5U=
-----END CERTIFICATE-----