Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234382e302f32322d3234203d3e2035363530.roa
File:                     34362e3233362e3234382e302f32322d3234203d3e2035363530.roa (raw, json)
Hash identifier:          B5P+RgPQxsIdHcqs5fxDmpuiIIwj2qO6vNSmCRI4pjI=
Subject key identifier:   0C:AF:4A:89:BC:38:09:48:90:9C:0E:20:B9:9D:57:F6:CE:1F:07:A4
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       12F0A27212AF9876989343A4C577AB10DF85FCFA
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234382e302f32322d3234203d3e2035363530.roa
Signing time:             Thu 04 Sep 2025 10:40:04 +0000
ROA not before:           Thu 04 Sep 2025 10:35:04 +0000
ROA not after:            Thu 03 Sep 2026 10:40:04 +0000
asID:                     5650
IP address blocks:        46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:f0:a2:72:12:af:98:76:98:93:43:a4:c5:77:ab:10:df:85:fc:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:04 2025 GMT
            Not After : Sep  3 10:40:04 2026 GMT
        Subject: CN=0CAF4A89BC380948909C0E20B99D57F6CE1F07A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:31:c5:a2:1c:23:a0:81:64:96:ce:8d:36:bf:
                    44:0a:4d:be:16:e5:66:3d:f0:dc:4c:2f:1f:e2:07:
                    cc:1f:14:42:78:b8:a2:ea:66:19:17:40:45:33:84:
                    4a:07:3a:38:f0:f4:f3:b6:ce:14:68:01:8b:31:ef:
                    1c:56:e7:77:8c:1b:74:8e:2f:5c:0a:a7:cd:8c:67:
                    a0:b6:c3:62:9c:97:b2:3b:63:a1:52:5e:7b:ca:12:
                    68:bf:4e:f8:cc:b2:8e:b9:cc:63:f7:8d:7c:88:b6:
                    23:f6:c8:07:e9:ca:92:18:96:1f:ce:77:e5:be:9b:
                    e9:2c:c0:ff:3e:9c:35:33:ca:4d:e3:2d:1c:c0:58:
                    59:c6:60:a3:e1:ff:6f:50:b0:41:23:f8:f1:34:28:
                    52:2f:61:a5:c8:6e:a1:b1:8f:23:18:0e:0c:2c:20:
                    06:7f:79:42:1f:59:84:fc:61:bc:54:03:6d:33:66:
                    10:8f:23:06:50:fe:70:d1:e0:b4:6c:e4:e1:e1:88:
                    28:e5:49:01:e4:f3:3a:b5:df:ad:da:76:eb:1b:ce:
                    1c:d5:65:40:70:a1:9d:72:be:46:80:2b:7d:d6:77:
                    d9:e2:60:eb:92:54:d0:79:f4:f9:3c:ad:46:18:18:
                    86:e5:7a:81:67:42:51:bb:33:dc:4f:7e:7c:5a:25:
                    0b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AF:4A:89:BC:38:09:48:90:9C:0E:20:B9:9D:57:F6:CE:1F:07:A4
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234382e302f32322d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:f3:7e:73:88:5b:43:19:c6:4b:de:71:24:c5:e1:fd:f5:7e:
         16:ce:bc:97:7e:0b:3a:ed:42:83:cd:e8:ab:cb:03:fa:ac:43:
         bc:a1:62:88:c4:46:6b:89:df:0c:fd:67:10:19:36:50:43:37:
         ba:b4:e5:d1:7c:e0:2e:09:0c:e8:01:78:ed:47:9e:e9:3e:d5:
         98:99:5e:ae:58:f9:33:1b:b1:cf:07:f9:ce:89:2a:e7:df:43:
         26:b5:78:1e:b2:35:9f:34:f8:ef:ca:8e:c6:17:ba:3f:10:d9:
         09:ca:c5:13:c2:8a:4a:de:e2:00:30:d0:fb:a8:14:74:a1:df:
         6a:40:d7:69:67:86:92:61:44:bf:80:70:d8:ba:b4:a9:df:5d:
         3d:fc:5a:db:0e:43:5d:13:5a:d4:cb:13:02:3d:41:58:11:8b:
         f4:8d:be:79:07:22:8b:5f:bc:49:88:93:fd:51:50:b8:38:7a:
         45:7c:dd:24:f2:30:83:f6:46:ad:43:12:88:dc:31:17:f8:bd:
         9b:8f:33:ac:a8:3f:f2:98:6b:f7:64:60:f1:ef:43:d7:5b:5c:
         0d:a0:04:81:91:68:fa:88:30:38:39:b0:f2:17:ee:ff:eb:11:
         e6:13:12:1d:e7:02:07:41:b1:f9:82:cd:21:f8:cb:be:1d:4b:
         32:87:8c:89
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEvCichKvmHaYk0OkxXerEN+F/PowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDRaFw0yNjA5MDMxMDQwMDRaMDMxMTAvBgNV
BAMTKDBDQUY0QTg5QkMzODA5NDg5MDlDMEUyMEI5OUQ1N0Y2Q0UxRjA3QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnMcWiHCOggWSWzo02v0QKTb4W
5WY98NxMLx/iB8wfFEJ4uKLqZhkXQEUzhEoHOjjw9PO2zhRoAYsx7xxW53eMG3SO
L1wKp82MZ6C2w2Kcl7I7Y6FSXnvKEmi/TvjMso65zGP3jXyItiP2yAfpypIYlh/O
d+W+m+kswP8+nDUzyk3jLRzAWFnGYKPh/29QsEEj+PE0KFIvYaXIbqGxjyMYDgws
IAZ/eUIfWYT8YbxUA20zZhCPIwZQ/nDR4LRs5OHhiCjlSQHk8zq1363adusbzhzV
ZUBwoZ1yvkaAK33Wd9niYOuSVNB59Pk8rUYYGIbleoFnQlG7M9xPfnxaJQsBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDK9Kibw4CUiQnA4guZ1X9s4fB6QwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjM0
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi7s
+DANBgkqhkiG9w0BAQsFAAOCAQEAXPN+c4hbQxnGS95xJMXh/fV+Fs68l34LOu1C
g83oq8sD+qxDvKFiiMRGa4nfDP1nEBk2UEM3urTl0XzgLgkM6AF47Uee6T7VmJle
rlj5Mxuxzwf5zokq599DJrV4HrI1nzT478qOxhe6PxDZCcrFE8KKSt7iADDQ+6gU
dKHfakDXaWeGkmFEv4Bw2Lq0qd9dPfxa2w5DXRNa1MsTAj1BWBGL9I2+eQcii1+8
SYiT/VFQuDh6RXzdJPIwg/ZGrUMSiNwxF/i9m48zrKg/8phr92Rg8e9D11tcDaAE
gZFo+ogwODmw8hfu/+sR5hMSHecCB0Gx+YLNIfjLvh1LMoeMiQ==
-----END CERTIFICATE-----