Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234342e302f32322d3234203d3e2035363530.roa
File:                     34362e3233362e3234342e302f32322d3234203d3e2035363530.roa (raw, json)
Hash identifier:          Rh3AXwRFZ7FAjuVcN/8Ygh9PrQ2Q9C+BmlgwauGYrq0=
Subject key identifier:   EF:44:B2:F6:CA:5F:A5:E2:35:40:78:74:29:7A:B7:15:02:A4:7C:C9
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       B1B388A5D572E107E77DB08242B354D36D14A6
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234342e302f32322d3234203d3e2035363530.roa
Signing time:             Thu 04 Sep 2025 10:40:04 +0000
ROA not before:           Thu 04 Sep 2025 10:35:04 +0000
ROA not after:            Thu 03 Sep 2026 10:40:04 +0000
asID:                     5650
IP address blocks:        46.236.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b1:b3:88:a5:d5:72:e1:07:e7:7d:b0:82:42:b3:54:d3:6d:14:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:04 2025 GMT
            Not After : Sep  3 10:40:04 2026 GMT
        Subject: CN=EF44B2F6CA5FA5E235407874297AB71502A47CC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8f:8a:3f:2f:b8:a1:ce:f0:8e:9d:1a:0c:d6:
                    f7:fb:39:b4:4c:1f:0a:84:ae:9d:49:ea:fd:d4:ee:
                    4b:96:e5:cc:49:77:a3:19:30:de:fc:c3:19:94:b5:
                    98:c8:99:0b:31:36:6d:77:f4:56:40:ea:ec:0f:d3:
                    63:70:ee:77:2c:32:1e:2e:3d:8d:da:bd:ee:dd:b1:
                    44:6c:9b:82:08:4e:9a:bc:49:fa:dd:03:f2:45:29:
                    42:3b:b6:f3:b7:f6:48:a6:69:e7:a8:5b:12:aa:26:
                    5b:38:fd:dd:b9:c6:7b:b7:a4:54:db:99:56:51:d4:
                    31:1d:b8:6d:c6:dc:49:a8:d3:ce:1b:ef:74:91:de:
                    03:7d:4d:f9:8a:2c:7b:74:3f:13:b4:5d:7e:e6:a3:
                    14:12:1e:da:2e:66:eb:83:6a:30:c7:37:bb:44:38:
                    34:37:1a:f9:54:62:5e:dc:6f:0d:7a:c4:c9:31:4e:
                    2c:e8:cd:01:16:9e:4a:ff:ba:2b:7b:58:6b:93:d1:
                    41:5e:05:d1:62:c6:cd:40:37:9f:f3:43:bb:a0:3f:
                    e4:11:77:3c:99:ba:10:2c:6b:e3:5f:b4:75:f1:1b:
                    4a:60:6a:44:22:49:0b:72:69:56:a5:17:f6:05:f7:
                    40:41:24:c2:28:db:78:f7:46:fd:ba:cb:47:95:3e:
                    f8:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:44:B2:F6:CA:5F:A5:E2:35:40:78:74:29:7A:B7:15:02:A4:7C:C9
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234342e302f32322d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:a9:8c:5c:60:0d:9a:49:f3:22:04:71:30:47:86:0f:27:d7:
         aa:dc:c3:6f:13:c9:30:c9:43:2c:b9:8c:a9:e1:80:fc:80:bd:
         20:80:61:87:3d:d9:f6:61:e4:ca:1d:88:70:66:6a:7c:59:25:
         01:19:d5:d0:18:48:6c:0e:23:a8:d8:a8:be:8e:c8:e2:22:4a:
         5e:e3:f4:b5:94:62:b4:1a:33:e2:09:9c:83:14:38:45:d4:83:
         3b:b6:de:6f:c6:53:13:17:9b:f5:af:e5:6e:ff:e5:01:9e:da:
         fb:cd:9e:1a:86:ca:30:0d:1c:52:06:6f:2a:87:26:b7:1f:23:
         a7:25:a1:2d:d2:20:fd:1b:82:72:d2:e4:8b:f0:9b:22:39:6e:
         b6:94:50:a9:bc:69:58:5b:26:74:91:62:56:7e:7e:52:79:f8:
         69:5e:2b:5a:54:f6:14:cf:dc:37:77:6e:27:18:ca:32:c2:90:
         9f:95:19:71:4d:f1:24:a6:a1:b6:c8:9b:01:c7:ba:fe:dc:8a:
         0a:50:f0:d6:8f:13:c8:6a:ed:ec:10:31:ae:16:f6:fc:d5:30:
         50:e5:c0:43:88:d3:28:6b:0e:f2:6a:c0:c8:41:fa:90:a5:68:
         08:b0:8a:37:fd:a6:e6:b7:b7:dd:6e:1c:ec:05:96:3a:22:a1:
         79:ec:44:1a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUALGziKXVcuEH532wgkKzVNNtFKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDRaFw0yNjA5MDMxMDQwMDRaMDMxMTAvBgNV
BAMTKEVGNDRCMkY2Q0E1RkE1RTIzNTQwNzg3NDI5N0FCNzE1MDJBNDdDQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWj4o/L7ihzvCOnRoM1vf7ObRM
HwqErp1J6v3U7kuW5cxJd6MZMN78wxmUtZjImQsxNm139FZA6uwP02Nw7ncsMh4u
PY3ave7dsURsm4IITpq8SfrdA/JFKUI7tvO39kimaeeoWxKqJls4/d25xnu3pFTb
mVZR1DEduG3G3Emo084b73SR3gN9TfmKLHt0PxO0XX7moxQSHtouZuuDajDHN7tE
ODQ3GvlUYl7cbw16xMkxTizozQEWnkr/uit7WGuT0UFeBdFixs1AN5/zQ7ugP+QR
dzyZuhAsa+NftHXxG0pgakQiSQtyaValF/YF90BBJMIo23j3Rv26y0eVPvhxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU70Sy9spfpeI1QHh0KXq3FQKkfMkwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjM0
MzQyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi7s
9DANBgkqhkiG9w0BAQsFAAOCAQEAFamMXGANmknzIgRxMEeGDyfXqtzDbxPJMMlD
LLmMqeGA/IC9IIBhhz3Z9mHkyh2IcGZqfFklARnV0BhIbA4jqNiovo7I4iJKXuP0
tZRitBoz4gmcgxQ4RdSDO7beb8ZTExeb9a/lbv/lAZ7a+82eGobKMA0cUgZvKocm
tx8jpyWhLdIg/RuCctLki/CbIjlutpRQqbxpWFsmdJFiVn5+Unn4aV4rWlT2FM/c
N3duJxjKMsKQn5UZcU3xJKahtsibAce6/tyKClDw1o8TyGrt7BAxrhb2/NUwUOXA
Q4jTKGsO8mrAyEH6kKVoCLCKN/2m5re33W4c7AWWOiKheexEGg==
-----END CERTIFICATE-----