Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234312e302f32342d3234203d3e2039303039.roa
File:                     34362e3233362e3234312e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          vJkhMtCGZygnBd5lM7fioVkiGWHZA4BRJmGa9AJKLn0=
Subject key identifier:   6E:5A:34:D3:B0:5D:88:92:9A:44:DA:0D:80:26:E4:21:0F:28:DA:9D
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       27E70B0FD552A551B38EB496081E972E4BF71953
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234312e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 04 Sep 2025 10:40:05 +0000
ROA not before:           Thu 04 Sep 2025 10:35:05 +0000
ROA not after:            Thu 03 Sep 2026 10:40:05 +0000
asID:                     9009
IP address blocks:        46.236.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:e7:0b:0f:d5:52:a5:51:b3:8e:b4:96:08:1e:97:2e:4b:f7:19:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:05 2025 GMT
            Not After : Sep  3 10:40:05 2026 GMT
        Subject: CN=6E5A34D3B05D88929A44DA0D8026E4210F28DA9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ee:f8:6f:5e:75:86:de:8f:e4:0d:b6:58:e8:
                    a1:6d:5f:dd:c5:74:72:d0:8d:a7:e1:06:f5:7e:f8:
                    28:19:b7:7c:03:e1:a9:57:aa:eb:79:fd:2e:5d:7a:
                    1a:c2:16:31:48:a6:8e:c5:25:e8:e7:c5:bd:d0:f2:
                    a4:ba:64:d3:53:49:f7:4b:83:35:5e:06:2e:05:ed:
                    f7:e8:1e:e5:bd:6d:b0:a5:c6:e5:f2:a3:0d:33:ac:
                    89:29:c0:9f:8b:a7:a1:cf:1b:f2:81:9d:28:3a:d2:
                    b9:85:1c:67:98:ab:7f:83:db:8d:bf:4a:73:0f:86:
                    8d:95:54:f9:e6:c2:05:96:07:f7:85:a4:5c:49:9d:
                    ab:02:55:83:ba:66:7c:32:b7:48:93:bb:84:43:b8:
                    5a:71:f8:a5:b9:76:14:a9:7b:ef:3d:48:ef:43:d9:
                    20:30:18:2c:5d:86:5b:3b:5e:fd:92:b1:06:d9:80:
                    b8:d8:cb:29:3f:85:09:ec:36:25:d9:04:07:e6:06:
                    15:11:ee:67:79:0c:d9:f1:a7:35:05:82:a5:28:4d:
                    4c:dc:06:06:e4:0f:2f:60:b7:b6:e2:fa:a4:37:b7:
                    f1:47:e4:4d:36:40:25:ca:34:1e:37:52:d7:3c:07:
                    29:6d:8b:2f:c7:73:72:ef:06:da:d2:16:06:53:04:
                    3c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5A:34:D3:B0:5D:88:92:9A:44:DA:0D:80:26:E4:21:0F:28:DA:9D
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234312e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7e:11:91:c3:78:26:3c:26:27:67:7b:d6:8f:15:c7:90:d8:
         d9:1b:c3:f9:94:de:00:2c:89:6e:19:19:59:72:ee:42:d8:33:
         70:71:74:f2:88:8b:58:71:09:37:0f:f8:d5:c4:fb:54:ab:ce:
         c1:a1:07:76:34:60:4a:5c:21:f6:3b:e1:bb:af:9a:77:e6:51:
         73:94:73:9b:65:d5:6a:98:f7:d5:f1:7b:43:89:f8:a1:86:df:
         6d:0b:a8:a1:8d:f4:26:ee:42:25:ef:45:8c:c4:b1:6a:33:92:
         78:1c:94:28:57:7b:ae:91:1e:79:58:21:8b:87:00:c6:e5:cf:
         40:f9:0f:1d:1d:9e:a1:d9:46:35:50:df:3f:cc:4a:6b:e8:70:
         06:44:94:21:1d:f1:6f:9c:cf:29:ed:7c:cb:a2:51:a2:3a:0a:
         78:77:e1:ca:02:09:8a:94:c8:c5:96:25:b8:06:6d:3f:64:23:
         99:55:63:a7:36:d3:2e:41:48:15:2f:e8:10:6e:63:b9:55:df:
         de:8b:c2:c9:d5:58:f1:f7:45:87:f7:d8:71:57:6f:5c:0d:65:
         ac:69:43:ef:c9:50:29:8f:f6:86:f4:9e:00:5b:c6:ab:1f:1d:
         12:4e:21:04:99:8b:bb:3a:df:4c:3c:51:2f:b6:4b:4d:4e:32:
         0d:c5:4c:a5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ+cLD9VSpVGzjrSWCB6XLkv3GVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDVaFw0yNjA5MDMxMDQwMDVaMDMxMTAvBgNV
BAMTKDZFNUEzNEQzQjA1RDg4OTI5QTQ0REEwRDgwMjZFNDIxMEYyOERBOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp7vhvXnWG3o/kDbZY6KFtX93F
dHLQjafhBvV++CgZt3wD4alXqut5/S5dehrCFjFIpo7FJejnxb3Q8qS6ZNNTSfdL
gzVeBi4F7ffoHuW9bbClxuXyow0zrIkpwJ+Lp6HPG/KBnSg60rmFHGeYq3+D242/
SnMPho2VVPnmwgWWB/eFpFxJnasCVYO6Znwyt0iTu4RDuFpx+KW5dhSpe+89SO9D
2SAwGCxdhls7Xv2SsQbZgLjYyyk/hQnsNiXZBAfmBhUR7md5DNnxpzUFgqUoTUzc
BgbkDy9gt7bi+qQ3t/FH5E02QCXKNB43Utc8Byltiy/Hc3LvBtrSFgZTBDxnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUblo007BdiJKaRNoNgCbkIQ8o2p0wHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjM0
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC7s
8TANBgkqhkiG9w0BAQsFAAOCAQEALn4RkcN4JjwmJ2d71o8Vx5DY2RvD+ZTeACyJ
bhkZWXLuQtgzcHF08oiLWHEJNw/41cT7VKvOwaEHdjRgSlwh9jvhu6+ad+ZRc5Rz
m2XVapj31fF7Q4n4oYbfbQuooY30Ju5CJe9FjMSxajOSeByUKFd7rpEeeVghi4cA
xuXPQPkPHR2eodlGNVDfP8xKa+hwBkSUIR3xb5zPKe18y6JRojoKeHfhygIJipTI
xZYluAZtP2QjmVVjpzbTLkFIFS/oEG5juVXf3ovCydVY8fdFh/fYcVdvXA1lrGlD
78lQKY/2hvSeAFvGqx8dEk4hBJmLuzrfTDxRL7ZLTU4yDcVMpQ==
-----END CERTIFICATE-----