Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e203136323736.roa
File:                     34352e38382e31302e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          oq1s6EuXoyNXUWXJXrZ/2EMfKbLZoGre5Ord0XLcR/c=
Subject key identifier:   B7:B1:FA:89:CC:FB:C7:AB:42:2A:25:BE:73:86:E4:95:8F:2F:73:9B
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       0259C2A825E3BFF6170CD27A04B181A96DDEA61E
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e203136323736.roa
Signing time:             Thu 18 Sep 2025 08:36:52 +0000
ROA not before:           Thu 18 Sep 2025 08:31:52 +0000
ROA not after:            Thu 17 Sep 2026 08:36:52 +0000
asID:                     16276
IP address blocks:        45.88.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 03:07:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:59:c2:a8:25:e3:bf:f6:17:0c:d2:7a:04:b1:81:a9:6d:de:a6:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Sep 18 08:31:52 2025 GMT
            Not After : Sep 17 08:36:52 2026 GMT
        Subject: CN=B7B1FA89CCFBC7AB422A25BE7386E4958F2F739B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f3:3b:8f:6b:1f:47:a8:fd:9f:01:d7:b4:09:
                    dc:40:b2:01:c0:c1:4e:b3:b1:6a:6a:3c:b4:28:26:
                    07:b5:7b:c2:89:28:68:4b:1f:07:90:96:b6:dc:42:
                    17:56:3a:de:46:68:45:2b:41:9a:76:0e:a6:3b:21:
                    47:14:70:90:e8:1a:6e:5d:16:a3:65:e6:6b:a8:90:
                    b7:a9:28:da:9c:1c:49:ca:23:bf:de:d9:bf:f1:8e:
                    40:16:80:a5:a2:e1:e2:76:fc:e0:15:41:78:8f:f2:
                    ee:15:bd:d0:f6:1c:c4:71:35:47:2b:96:da:b2:97:
                    a4:78:8f:59:a9:eb:2f:90:cb:31:34:22:da:56:8c:
                    52:ba:58:90:d4:bc:7a:78:7b:46:01:62:72:1e:0f:
                    d6:f9:3d:6e:18:2d:fe:91:b6:52:f6:db:a5:bc:f6:
                    24:c0:29:28:52:17:95:fc:88:e3:d7:52:9a:98:5f:
                    0e:23:53:ef:7e:f7:61:54:e8:8c:21:dd:4e:f6:3e:
                    c7:8f:13:73:8e:98:aa:a0:e0:1a:f1:26:33:64:66:
                    f5:53:2f:22:76:a9:2a:c1:d3:8f:24:1e:c2:9a:44:
                    32:d9:61:5b:b9:75:5c:a6:60:38:85:95:05:13:da:
                    21:f1:b2:d4:37:5d:87:8a:75:be:17:ee:70:21:f2:
                    e3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B1:FA:89:CC:FB:C7:AB:42:2A:25:BE:73:86:E4:95:8F:2F:73:9B
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:fb:6d:7f:79:f3:ed:cb:1f:c4:e5:42:18:21:35:2d:1b:95:
         76:45:e6:ba:e8:8b:c6:9d:72:47:d9:ad:28:64:a7:62:cf:79:
         2e:9f:9d:f6:5a:e3:c3:72:aa:3c:43:24:88:09:8b:6e:ba:95:
         16:b3:e5:c2:4d:be:fe:12:89:03:ad:07:06:72:63:ec:87:ce:
         4b:76:04:b8:cf:7f:5c:07:cb:f9:b7:a7:3b:ca:75:88:50:2c:
         02:5e:6d:aa:57:c2:37:9e:32:53:71:c0:8e:d7:91:13:53:ee:
         e8:12:70:f3:d3:66:c8:49:86:77:93:bb:23:e8:65:41:e1:e2:
         dd:82:69:50:53:f2:26:72:4f:85:0c:40:d4:a2:9c:ba:60:7b:
         b4:85:0d:0e:ef:93:be:78:37:6c:a4:a1:61:d2:aa:e7:ad:78:
         a1:ad:a0:da:2e:ef:49:e8:6b:53:dc:cf:e9:42:d5:90:7d:d0:
         00:39:51:73:0e:ad:ab:b4:d8:bc:15:2b:08:56:92:ec:54:6d:
         b8:e7:2e:57:1e:6a:21:26:49:60:2c:fa:1a:5b:f3:3b:5d:70:
         4b:ed:72:af:93:65:21:e7:4d:62:fe:62:fa:81:4b:1c:ba:bc:
         ad:40:80:df:97:28:6e:fb:6d:c1:4b:d1:4b:05:91:1f:64:6c:
         8d:b3:04:bd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAlnCqCXjv/YXDNJ6BLGBqW3eph4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA5MTgwODMxNTJaFw0yNjA5MTcwODM2NTJaMDMxMTAvBgNV
BAMTKEI3QjFGQTg5Q0NGQkM3QUI0MjJBMjVCRTczODZFNDk1OEYyRjczOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN8zuPax9HqP2fAde0CdxAsgHA
wU6zsWpqPLQoJge1e8KJKGhLHweQlrbcQhdWOt5GaEUrQZp2DqY7IUcUcJDoGm5d
FqNl5muokLepKNqcHEnKI7/e2b/xjkAWgKWi4eJ2/OAVQXiP8u4VvdD2HMRxNUcr
ltqyl6R4j1mp6y+QyzE0ItpWjFK6WJDUvHp4e0YBYnIeD9b5PW4YLf6RtlL226W8
9iTAKShSF5X8iOPXUpqYXw4jU+9+92FU6Iwh3U72PsePE3OOmKqg4BrxJjNkZvVT
LyJ2qSrB048kHsKaRDLZYVu5dVymYDiFlQUT2iHxstQ3XYeKdb4X7nAh8uNjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUt7H6icz7x6tCKiW+c4bklY8vc5swHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzEzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzMjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWAow
DQYJKoZIhvcNAQELBQADggEBAKb7bX958+3LH8TlQhghNS0blXZF5rroi8adckfZ
rShkp2LPeS6fnfZa48NyqjxDJIgJi266lRaz5cJNvv4SiQOtBwZyY+yHzkt2BLjP
f1wHy/m3pzvKdYhQLAJebapXwjeeMlNxwI7XkRNT7ugScPPTZshJhneTuyPoZUHh
4t2CaVBT8iZyT4UMQNSinLpge7SFDQ7vk754N2ykoWHSqueteKGtoNou70noa1Pc
z+lC1ZB90AA5UXMOrau02LwVKwhWkuxUbbjnLlceaiEmSWAs+hpb8ztdcEvtcq+T
ZSHnTWL+YvqBSxy6vK1AgN+XKG77bcFL0UsFkR9kbI2zBL0=
-----END CERTIFICATE-----