Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e20383334.roa
File:                     34352e3134382e3134302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          qVSNEQpIRJgMSGouuEUwZubVEXzPfUojshUvHRV7adY=
Subject key identifier:   B7:07:C8:BA:B0:87:85:F3:5F:79:96:2F:12:C0:C6:F1:14:8E:BD:0E
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       6FE0307D67990FF8E0B29A9B689D043BB53D6B5B
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 03 Jun 2025 00:01:55 +0000
ROA not before:           Mon 02 Jun 2025 23:56:55 +0000
ROA not after:            Tue 02 Jun 2026 00:01:55 +0000
asID:                     834
IP address blocks:        45.148.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 23:56:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e0:30:7d:67:99:0f:f8:e0:b2:9a:9b:68:9d:04:3b:b5:3d:6b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Jun  2 23:56:55 2025 GMT
            Not After : Jun  2 00:01:55 2026 GMT
        Subject: CN=B707C8BAB08785F35F79962F12C0C6F1148EBD0E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6f:cb:c9:8d:60:a4:56:05:e6:40:30:fc:a9:
                    c0:8f:47:7b:db:47:14:b4:ff:a3:02:27:26:c1:05:
                    48:e5:ff:87:1e:2b:20:2d:47:1f:db:c8:02:4e:6f:
                    89:ac:d6:5f:bc:0e:0d:66:71:5a:98:35:00:6b:36:
                    6e:89:3e:46:0c:69:c5:ac:ac:93:e0:2a:d7:ae:37:
                    10:28:fd:4d:5a:be:ca:e0:82:96:91:dd:8b:d8:02:
                    4f:ec:4b:25:28:0a:17:3e:1b:45:6e:e6:f3:1d:70:
                    43:27:27:46:28:e3:6f:2e:ea:3d:0f:e5:fd:54:b3:
                    d5:70:e7:6b:e4:56:90:a4:3e:99:a8:ac:47:4f:5d:
                    eb:8b:64:09:8c:77:b9:c9:e0:f5:57:5c:4c:a7:fe:
                    b4:7c:33:64:9d:cd:3c:ae:64:5b:dc:77:3a:ee:14:
                    43:7e:e6:9c:9a:5e:91:44:2a:62:c0:83:5e:09:6e:
                    91:d5:f6:e4:0d:1c:0a:4b:8e:33:ed:18:1a:de:66:
                    d8:f3:6e:e6:84:98:e7:b4:f7:e4:7e:0f:be:0b:e1:
                    ab:29:d8:1b:3d:a8:84:cf:d1:2f:62:35:c0:11:73:
                    0f:7d:38:00:03:fe:5a:b4:82:8c:88:ea:42:1d:a6:
                    41:24:cc:db:90:d9:1e:89:1b:42:50:85:b0:34:49:
                    0e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:07:C8:BA:B0:87:85:F3:5F:79:96:2F:12:C0:C6:F1:14:8E:BD:0E
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:73:83:a1:db:87:c9:84:d0:bc:7f:4c:dc:d1:1b:69:c9:1c:
         c1:21:aa:80:ce:cf:bf:fc:e8:e2:bb:0f:3e:14:e3:59:95:46:
         30:af:65:5b:6b:ff:39:70:be:e0:87:7e:30:9b:82:24:91:c8:
         96:16:e1:f2:f6:b1:67:92:3e:24:98:be:2f:db:4f:72:2c:40:
         94:a6:f4:e7:b8:c8:74:11:c8:6f:09:b4:09:0e:71:65:26:4b:
         3b:8e:8e:3e:86:29:df:4d:49:ea:c7:b8:6d:37:f0:82:10:e8:
         09:bd:ae:b0:de:db:31:45:9c:9a:a4:ef:f4:5f:8c:85:d4:95:
         60:6c:24:42:6f:66:12:eb:15:ce:c9:87:ce:df:c5:ef:32:aa:
         9f:4d:04:15:25:df:1e:de:5c:2f:ed:56:03:1b:6a:35:29:66:
         5c:1c:bf:ce:c0:50:b0:f1:83:c2:54:1f:b5:79:c2:7c:31:8a:
         39:13:31:d7:3d:66:85:32:c1:27:f5:ee:53:07:1c:a1:d9:6d:
         d0:c9:a7:6d:dd:b2:7b:4a:0f:09:40:0f:a2:24:af:0b:8d:d8:
         67:2a:ba:ee:2a:be:ac:55:cc:49:b1:af:11:7b:aa:ad:d4:4e:
         a1:99:08:c5:43:d7:15:4f:e7:cb:ea:48:56:1f:ea:88:75:fc:
         92:82:9b:90
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUb+AwfWeZD/jgspqbaJ0EO7U9a1swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA2MDIyMzU2NTVaFw0yNjA2MDIwMDAxNTVaMDMxMTAvBgNV
BAMTKEI3MDdDOEJBQjA4Nzg1RjM1Rjc5OTYyRjEyQzBDNkYxMTQ4RUJEMEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeb8vJjWCkVgXmQDD8qcCPR3vb
RxS0/6MCJybBBUjl/4ceKyAtRx/byAJOb4ms1l+8Dg1mcVqYNQBrNm6JPkYMacWs
rJPgKteuNxAo/U1avsrggpaR3YvYAk/sSyUoChc+G0Vu5vMdcEMnJ0Yo428u6j0P
5f1Us9Vw52vkVpCkPpmorEdPXeuLZAmMd7nJ4PVXXEyn/rR8M2SdzTyuZFvcdzru
FEN+5pyaXpFEKmLAg14JbpHV9uQNHApLjjPtGBreZtjzbuaEmOe09+R+D74L4asp
2Bs9qITP0S9iNcARcw99OAAD/lq0goyI6kIdpkEkzNuQ2R6JG0JQhbA0SQ7RAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtwfIurCHhfNfeZYvEsDG8RSOvQ4wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNDM4MmUzMTM0
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlIww
DQYJKoZIhvcNAQELBQADggEBAAhzg6Hbh8mE0Lx/TNzRG2nJHMEhqoDOz7/86OK7
Dz4U41mVRjCvZVtr/zlwvuCHfjCbgiSRyJYW4fL2sWeSPiSYvi/bT3IsQJSm9Oe4
yHQRyG8JtAkOcWUmSzuOjj6GKd9NSerHuG038IIQ6Am9rrDe2zFFnJqk7/RfjIXU
lWBsJEJvZhLrFc7Jh87fxe8yqp9NBBUl3x7eXC/tVgMbajUpZlwcv87AULDxg8JU
H7V5wnwxijkTMdc9ZoUywSf17lMHHKHZbdDJp23dsntKDwlAD6IkrwuN2Gcquu4q
vqxVzEmxrxF7qq3UTqGZCMVD1xVP58vqSFYf6oh1/JKCm5A=
-----END CERTIFICATE-----