Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131382e302f32342d3234203d3e2039303837.roa
File:                     34352e36352e3131382e302f32342d3234203d3e2039303837.roa (raw, json)
Hash identifier:          nyse/97oPTB6RYXcjHsejL9q8oz4QV04fzm+/z+4UtE=
Subject key identifier:   DD:ED:68:5B:F3:6B:62:61:FA:78:34:D2:B6:4E:3B:78:C6:A7:87:4A
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       183ED8DEFA1391151519C9E9446E5E8CAA4C9160
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131382e302f32342d3234203d3e2039303837.roa
Signing time:             Mon 25 Aug 2025 09:54:13 +0000
ROA not before:           Mon 25 Aug 2025 09:49:13 +0000
ROA not after:            Mon 24 Aug 2026 09:54:13 +0000
asID:                     9087
IP address blocks:        45.65.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:3e:d8:de:fa:13:91:15:15:19:c9:e9:44:6e:5e:8c:aa:4c:91:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Aug 25 09:49:13 2025 GMT
            Not After : Aug 24 09:54:13 2026 GMT
        Subject: CN=DDED685BF36B6261FA7834D2B64E3B78C6A7874A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:35:c6:ab:bb:40:8c:3c:9c:18:ea:5e:36:ce:
                    6e:a5:84:99:bf:a5:d4:67:97:24:9f:19:50:e7:df:
                    c3:dc:40:d6:15:c1:0a:1a:f5:40:ae:19:0c:e1:b0:
                    22:a4:06:78:14:62:62:ef:11:25:5b:8b:60:49:58:
                    ff:2c:5c:3e:bc:05:ce:b0:58:e0:e5:20:ce:10:29:
                    35:00:d5:41:29:71:de:0a:d8:c8:72:82:11:cd:05:
                    ef:6e:9e:9c:f1:26:62:a3:8f:95:d6:fb:f6:ef:79:
                    32:d9:77:cf:eb:24:39:63:f5:37:46:81:d3:34:7c:
                    eb:34:a9:56:99:cc:8f:81:11:f2:ec:32:81:17:4e:
                    16:68:15:db:b8:ed:cd:b5:31:c7:a9:22:af:b1:09:
                    53:5c:6c:fd:9e:b8:c9:77:2b:9f:04:4d:bf:a4:db:
                    39:3f:3e:f6:e1:8a:73:cb:26:e9:b9:0e:15:22:42:
                    65:91:9d:a1:d5:5b:22:ab:70:62:e0:a2:4c:5d:cb:
                    c4:f9:85:96:92:da:6d:63:78:25:c2:3c:e7:88:dd:
                    ee:0e:81:df:35:57:29:85:ea:29:4f:6b:28:ae:b0:
                    e6:8f:19:99:78:49:c0:12:ee:6b:83:57:2a:d0:72:
                    3f:80:0a:05:60:08:43:85:ce:07:e7:e8:08:aa:b4:
                    e4:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:ED:68:5B:F3:6B:62:61:FA:78:34:D2:B6:4E:3B:78:C6:A7:87:4A
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131382e302f32342d3234203d3e2039303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:dc:bb:c8:69:75:48:c4:c4:06:94:ab:69:18:db:35:e7:e6:
         86:43:09:d9:0a:e9:26:3f:f6:a2:f1:36:4a:db:cc:17:c4:7e:
         be:7c:98:a6:d5:27:14:be:31:45:f5:2c:62:e8:45:d9:4f:4f:
         d9:8d:bf:9d:9e:9b:8b:aa:1a:60:22:89:1e:2c:f4:42:36:8c:
         84:d2:ea:cd:c7:0d:53:7e:91:d3:39:d0:51:d8:05:d4:3f:f8:
         ba:f4:39:26:67:51:32:b9:1a:3c:24:68:e3:21:69:79:47:d1:
         e3:dc:49:c7:a7:a9:d9:22:75:cb:4c:2b:41:32:3e:02:ee:fb:
         a3:48:69:6e:e8:d3:88:cb:da:70:b3:a5:d3:ea:97:c4:94:0c:
         a9:02:71:06:5a:20:63:a7:bf:7d:cf:69:54:cc:db:e2:50:05:
         fc:66:40:19:cc:49:a3:7b:f0:f1:07:d3:16:cd:5c:b7:5c:34:
         25:ee:24:40:d8:5e:ef:e6:bd:ad:3b:88:9d:28:f7:82:65:24:
         f8:7c:2c:26:51:ed:17:97:97:43:eb:94:9d:0f:b3:71:6b:71:
         d8:6b:87:99:99:c1:dc:12:af:8c:85:e0:c9:ec:2f:75:39:e9:
         1a:f4:a5:1e:9d:a2:a6:b8:de:c8:02:7d:5a:cd:7a:7f:75:82:
         86:3d:3d:73
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGD7Y3voTkRUVGcnpRG5ejKpMkWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA4MjUwOTQ5MTNaFw0yNjA4MjQwOTU0MTNaMDMxMTAvBgNV
BAMTKERERUQ2ODVCRjM2QjYyNjFGQTc4MzREMkI2NEUzQjc4QzZBNzg3NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgNcaru0CMPJwY6l42zm6lhJm/
pdRnlySfGVDn38PcQNYVwQoa9UCuGQzhsCKkBngUYmLvESVbi2BJWP8sXD68Bc6w
WODlIM4QKTUA1UEpcd4K2MhyghHNBe9unpzxJmKjj5XW+/bveTLZd8/rJDlj9TdG
gdM0fOs0qVaZzI+BEfLsMoEXThZoFdu47c21McepIq+xCVNcbP2euMl3K58ETb+k
2zk/PvbhinPLJum5DhUiQmWRnaHVWyKrcGLgokxdy8T5hZaS2m1jeCXCPOeI3e4O
gd81VymF6ilPayiusOaPGZl4ScAS7muDVyrQcj+ACgVgCEOFzgfn6AiqtORVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3e1oW/NrYmH6eDTStk47eManh0owHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMDM4Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtQXYw
DQYJKoZIhvcNAQELBQADggEBAJTcu8hpdUjExAaUq2kY2zXn5oZDCdkK6SY/9qLx
NkrbzBfEfr58mKbVJxS+MUX1LGLoRdlPT9mNv52em4uqGmAiiR4s9EI2jITS6s3H
DVN+kdM50FHYBdQ/+Lr0OSZnUTK5GjwkaOMhaXlH0ePcScenqdkidctMK0EyPgLu
+6NIaW7o04jL2nCzpdPql8SUDKkCcQZaIGOnv33PaVTM2+JQBfxmQBnMSaN78PEH
0xbNXLdcNCXuJEDYXu/mva07iJ0o94JlJPh8LCZR7ReXl0PrlJ0Ps3Frcdhrh5mZ
wdwSr4yF4MnsL3U56Rr0pR6doqa43sgCfVrNen91goY9PXM=
-----END CERTIFICATE-----