Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234382e302f32322d3234203d3e2037303239.roa
File:                     34362e3233362e3234382e302f32322d3234203d3e2037303239.roa (raw, json)
Hash identifier:          IcT5K2hhzfGwzf+C6CpbMd0yvd5IPDINpdafOBMgpC8=
Subject key identifier:   DE:4E:8A:8C:14:F6:D3:28:AA:D5:6F:B9:11:F6:24:F1:24:7D:AA:B2
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       459FDB93A981DEC07616B2679B6F18886FB5E4AD
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234382e302f32322d3234203d3e2037303239.roa
Signing time:             Thu 04 Sep 2025 10:40:03 +0000
ROA not before:           Thu 04 Sep 2025 10:35:03 +0000
ROA not after:            Thu 03 Sep 2026 10:40:03 +0000
asID:                     7029
IP address blocks:        46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:9f:db:93:a9:81:de:c0:76:16:b2:67:9b:6f:18:88:6f:b5:e4:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:03 2025 GMT
            Not After : Sep  3 10:40:03 2026 GMT
        Subject: CN=DE4E8A8C14F6D328AAD56FB911F624F1247DAAB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:9d:33:9c:55:fa:96:9d:40:92:c6:32:d1:
                    ef:70:b8:de:5f:50:35:7a:2e:a1:bc:ad:df:16:bb:
                    fd:d3:0a:9e:c6:cf:04:59:8f:e1:aa:41:59:b1:97:
                    53:48:24:b7:6a:74:12:fb:1b:74:57:42:b7:45:ff:
                    f9:b6:db:d4:2d:56:7a:40:ae:d9:74:61:ae:16:f1:
                    2e:94:53:46:40:fd:2d:7d:ce:a6:41:95:ef:57:a6:
                    80:b3:f3:4d:c8:ac:7a:73:eb:68:bc:0e:bc:f4:42:
                    21:ae:37:c1:b7:3b:e4:76:0d:25:1a:5f:b1:22:85:
                    b8:fe:93:9c:9e:1d:1c:ea:ce:73:14:ab:c1:30:67:
                    4b:d8:39:01:24:b8:91:98:ec:85:a7:22:8e:af:6b:
                    9f:54:64:f9:ea:55:e1:eb:9e:c3:db:be:76:b4:b6:
                    a3:0c:a7:5f:80:8d:78:21:9e:3b:46:be:ec:8c:1a:
                    07:94:69:c1:35:b7:8e:16:30:07:1e:96:62:8b:85:
                    95:77:03:e0:83:b9:eb:86:0a:98:b7:99:c3:c0:73:
                    c4:4a:48:89:85:4b:99:87:7d:20:c5:d5:3b:69:f2:
                    67:67:61:20:00:79:7b:96:da:b1:63:9b:1d:88:80:
                    cd:64:65:85:3c:e5:e2:fd:14:cc:19:83:eb:4a:87:
                    d6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4E:8A:8C:14:F6:D3:28:AA:D5:6F:B9:11:F6:24:F1:24:7D:AA:B2
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/34362e3233362e3234382e302f32322d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:1b:b1:e9:f6:64:15:85:e8:4f:4d:b6:d8:b7:1e:e2:a4:ae:
         81:09:52:13:ef:60:ac:83:07:c7:68:be:03:b4:8a:79:ee:c4:
         fb:53:6c:48:56:cf:c8:b7:0f:e4:e7:0e:34:99:37:c7:f8:0c:
         83:8f:ff:73:b6:48:6d:95:5e:9e:d4:a9:e6:d7:f2:32:52:cd:
         6b:d1:ab:c3:94:b7:02:c9:a5:94:3c:7b:96:e4:80:fd:f7:c4:
         0a:b6:ab:59:91:1d:a9:76:21:4b:09:62:65:c6:df:e7:08:d9:
         10:26:51:7a:bb:d4:a1:88:e9:4a:57:f6:d8:47:ee:78:f4:dc:
         06:8d:10:51:74:c2:30:e5:03:04:d4:5d:ea:94:1d:2c:a6:ec:
         aa:0f:cf:c4:8d:39:fc:ab:ec:cb:96:5e:9a:a4:7e:af:69:cb:
         72:03:40:2c:cb:de:b0:9b:01:06:7b:b8:a0:27:c3:4c:40:f0:
         4c:71:f2:08:89:69:63:82:d0:1c:f5:2c:02:dc:02:4d:e6:88:
         c4:34:9c:c0:df:df:98:d8:69:f2:81:74:c8:3d:4c:df:0a:62:
         97:85:f4:d7:cc:99:d3:35:88:23:f0:4e:45:26:85:d9:15:80:
         fa:bd:bb:3e:e9:2b:59:3b:9a:1b:88:77:25:01:c1:d9:11:14:
         04:2e:b7:71
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURZ/bk6mB3sB2FrJnm28YiG+15K0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDNaFw0yNjA5MDMxMDQwMDNaMDMxMTAvBgNV
BAMTKERFNEU4QThDMTRGNkQzMjhBQUQ1NkZCOTExRjYyNEYxMjQ3REFBQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1lZ0znFX6lp1AksYy0e9wuN5f
UDV6LqG8rd8Wu/3TCp7GzwRZj+GqQVmxl1NIJLdqdBL7G3RXQrdF//m229QtVnpA
rtl0Ya4W8S6UU0ZA/S19zqZBle9XpoCz803IrHpz62i8Drz0QiGuN8G3O+R2DSUa
X7Eihbj+k5yeHRzqznMUq8EwZ0vYOQEkuJGY7IWnIo6va59UZPnqVeHrnsPbvna0
tqMMp1+AjXghnjtGvuyMGgeUacE1t44WMAcelmKLhZV3A+CDueuGCpi3mcPAc8RK
SImFS5mHfSDF1Ttp8mdnYSAAeXuW2rFjmx2IgM1kZYU85eL9FMwZg+tKh9YPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3k6KjBT20yiq1W+5EfYk8SR9qrIwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzQzNjJlMzIzMzM2MmUzMjM0
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi7s
+DANBgkqhkiG9w0BAQsFAAOCAQEAIhux6fZkFYXoT0222Lce4qSugQlSE+9grIMH
x2i+A7SKee7E+1NsSFbPyLcP5OcONJk3x/gMg4//c7ZIbZVentSp5tfyMlLNa9Gr
w5S3AsmllDx7luSA/ffECrarWZEdqXYhSwliZcbf5wjZECZRervUoYjpSlf22Efu
ePTcBo0QUXTCMOUDBNRd6pQdLKbsqg/PxI05/Kvsy5ZemqR+r2nLcgNALMvesJsB
Bnu4oCfDTEDwTHHyCIlpY4LQHPUsAtwCTeaIxDScwN/fmNhp8oF0yD1M3wpil4X0
18yZ0zWII/BORSaF2RWA+r27PukrWTuaG4h3JQHB2REUBC63cQ==
-----END CERTIFICATE-----