Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa
File:                     34352e3134382e3134322e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          XxuPnzv2zWfqRmQSBgzn2jkd1LQo9AMYkd0GkBdYieY=
Subject key identifier:   B3:F7:5E:E6:48:9C:E5:76:5C:A6:1D:CB:0B:41:C4:96:B2:AD:EB:72
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       06F825AB2371294D313BB7AC9D25BE93CA5B8BF8
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 25 Mar 2025 16:53:59 +0000
ROA not before:           Tue 25 Mar 2025 16:48:59 +0000
ROA not after:            Tue 24 Mar 2026 16:53:59 +0000
asID:                     5065
IP address blocks:        45.148.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:07:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:f8:25:ab:23:71:29:4d:31:3b:b7:ac:9d:25:be:93:ca:5b:8b:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Mar 25 16:48:59 2025 GMT
            Not After : Mar 24 16:53:59 2026 GMT
        Subject: CN=B3F75EE6489CE5765CA61DCB0B41C496B2ADEB72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d5:58:42:71:83:30:a7:0e:90:7b:b6:4a:f5:
                    e3:b4:e2:f3:30:96:5a:16:72:d6:94:72:6b:f4:18:
                    24:38:4f:c6:56:b0:0d:c2:34:cf:7a:42:64:e8:d4:
                    0b:c2:11:4b:87:a9:ec:bd:59:0d:5b:a7:3d:5a:61:
                    84:09:aa:2c:89:f0:92:1c:57:a7:b5:e7:c6:3b:b8:
                    82:bf:7f:0a:8f:d5:76:c9:b7:98:34:2c:63:33:f5:
                    a9:9d:1c:4f:3b:7b:8e:c7:c8:77:e0:18:d7:4d:26:
                    6f:8d:4c:13:3b:df:1c:b8:f4:af:61:e7:a4:81:1c:
                    ed:27:ae:9b:f3:92:49:51:bf:11:b6:27:b8:a0:2d:
                    74:34:b9:d7:02:8d:77:26:89:66:49:88:c2:28:d6:
                    6d:a6:24:cf:20:23:5e:37:39:7c:4a:91:0b:59:7b:
                    23:17:12:97:4d:f3:7e:e6:61:f9:c4:0a:da:8a:97:
                    08:ca:bc:33:54:a7:6b:fb:42:00:ca:87:7e:c7:42:
                    be:ad:ca:8c:3f:ad:bd:64:40:7c:aa:b9:fa:46:3c:
                    97:ea:f6:fa:39:91:e1:2b:99:08:9d:ba:9f:ff:7f:
                    7e:a7:41:b1:39:75:fa:1c:bb:3b:b7:21:27:4a:5d:
                    0e:6b:74:b0:77:dc:72:59:a1:b1:86:c0:16:1b:d7:
                    69:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F7:5E:E6:48:9C:E5:76:5C:A6:1D:CB:0B:41:C4:96:B2:AD:EB:72
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:42:db:36:59:0a:9c:bf:7c:97:f8:4e:3a:2d:00:57:d4:35:
         1e:35:4e:71:4d:f7:92:e9:ae:20:07:f1:ad:3f:d2:96:5b:2e:
         a2:ee:c2:e2:65:a8:14:65:08:5f:90:f5:0f:46:1a:0b:63:bb:
         e8:35:51:20:12:8e:c6:cc:d1:d9:7f:76:41:28:69:6c:df:a6:
         d8:64:30:a4:db:57:f2:33:d3:37:1d:94:12:fd:7d:8a:a3:f3:
         7e:53:18:30:e1:d1:e1:17:2a:58:08:52:60:3e:2a:32:ed:7f:
         d0:f8:6b:5f:89:f2:05:cd:7d:61:21:c2:5f:3b:ff:2d:45:43:
         21:8d:33:92:00:a8:1b:9f:e8:a5:5f:26:a4:3f:a1:69:de:53:
         6a:45:0e:6a:a2:82:6c:3f:0f:42:a3:32:8b:57:8a:4e:da:7b:
         54:8f:dc:c8:2f:2b:27:a3:44:d8:6e:a2:3a:8b:15:f0:df:c9:
         5d:21:5d:7d:8b:bc:25:01:49:50:9f:24:1c:d1:7c:80:3a:a3:
         73:68:71:a4:05:a2:6b:af:79:1d:3e:81:ea:70:b6:0d:06:22:
         c9:b6:6d:12:ec:93:72:4b:6f:43:d1:25:a6:b5:12:7e:4b:67:
         b7:87:e6:98:bb:df:31:07:f0:e5:21:2d:9c:50:26:16:92:83:
         d1:5d:02:f8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBvglqyNxKU0xO7esnSW+k8pbi/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTAzMjUxNjQ4NTlaFw0yNjAzMjQxNjUzNTlaMDMxMTAvBgNV
BAMTKEIzRjc1RUU2NDg5Q0U1NzY1Q0E2MURDQjBCNDFDNDk2QjJBREVCNzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe1VhCcYMwpw6Qe7ZK9eO04vMw
lloWctaUcmv0GCQ4T8ZWsA3CNM96QmTo1AvCEUuHqey9WQ1bpz1aYYQJqiyJ8JIc
V6e158Y7uIK/fwqP1XbJt5g0LGMz9amdHE87e47HyHfgGNdNJm+NTBM73xy49K9h
56SBHO0nrpvzkklRvxG2J7igLXQ0udcCjXcmiWZJiMIo1m2mJM8gI143OXxKkQtZ
eyMXEpdN837mYfnECtqKlwjKvDNUp2v7QgDKh37HQr6tyow/rb1kQHyqufpGPJfq
9vo5keErmQidup//f36nQbE5dfocuzu3ISdKXQ5rdLB33HJZobGGwBYb12lNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUs/de5kic5XZcph3LC0HElrKt63IwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNDM4MmUzMTM0
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2U
jjANBgkqhkiG9w0BAQsFAAOCAQEAVkLbNlkKnL98l/hOOi0AV9Q1HjVOcU33kumu
IAfxrT/Sllsuou7C4mWoFGUIX5D1D0YaC2O76DVRIBKOxszR2X92QShpbN+m2GQw
pNtX8jPTNx2UEv19iqPzflMYMOHR4RcqWAhSYD4qMu1/0PhrX4nyBc19YSHCXzv/
LUVDIY0zkgCoG5/opV8mpD+had5TakUOaqKCbD8PQqMyi1eKTtp7VI/cyC8rJ6NE
2G6iOosV8N/JXSFdfYu8JQFJUJ8kHNF8gDqjc2hxpAWia695HT6B6nC2DQYiybZt
EuyTcktvQ9ElprUSfktnt4fmmLvfMQfw5SEtnFAmFpKD0V0C+A==
-----END CERTIFICATE-----