Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e20383334.roa
File:                     34352e38382e31302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          POUpRgN5qdMsbQEFK5LGwzI+Qb8xkYHB5gBMO7uNDbY=
Subject key identifier:   74:5D:A4:6F:59:1C:52:3E:3B:9D:E8:A3:AF:6E:F5:C6:B1:16:83:0D
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       332814107803245284023B16F0BB895BC913E21F
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e20383334.roa
Signing time:             Thu 06 Nov 2025 07:36:23 +0000
ROA not before:           Thu 06 Nov 2025 07:31:23 +0000
ROA not after:            Thu 05 Nov 2026 07:36:23 +0000
asID:                     834
IP address blocks:        45.88.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 09:54:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:28:14:10:78:03:24:52:84:02:3b:16:f0:bb:89:5b:c9:13:e2:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Nov  6 07:31:23 2025 GMT
            Not After : Nov  5 07:36:23 2026 GMT
        Subject: CN=745DA46F591C523E3B9DE8A3AF6EF5C6B116830D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3e:4b:ad:c7:80:b2:6f:32:81:4c:fa:f0:e3:
                    22:63:51:43:a0:ea:9d:d4:a6:17:a3:21:67:7c:07:
                    54:9a:6a:cd:a1:71:b0:6c:45:bc:9d:cc:2b:5a:8e:
                    a8:52:2b:89:b5:1e:ae:98:9b:69:44:1b:93:de:3b:
                    48:49:13:73:38:cb:4e:60:3f:ae:89:78:38:5b:81:
                    05:aa:a0:5c:bb:23:e7:41:80:64:2e:6d:d0:9e:fa:
                    33:62:f9:cd:63:6a:69:41:04:c1:21:62:a7:d2:8e:
                    70:cc:e8:db:14:7d:9f:e9:78:12:f7:34:1a:30:2b:
                    15:ed:37:9e:58:b3:b2:87:50:06:b8:cf:71:b5:af:
                    e4:c2:cf:65:09:27:05:5e:0c:19:b6:1a:ab:78:a2:
                    a0:e8:a4:f0:38:32:d0:59:f6:8e:e6:45:95:54:52:
                    1e:61:75:90:17:33:5a:20:39:39:13:96:97:db:18:
                    24:3c:41:18:1a:e8:a8:1a:44:db:48:f6:8a:f1:52:
                    38:45:dc:0c:49:06:b1:92:c4:ce:84:ca:4b:fd:a4:
                    86:ee:06:3b:70:44:78:b2:5f:1a:c3:15:1d:65:0c:
                    c0:02:3d:5a:53:a6:31:56:8d:1d:bd:3e:b0:56:73:
                    bd:23:21:32:fa:44:e7:f8:8a:45:58:13:82:26:95:
                    52:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:5D:A4:6F:59:1C:52:3E:3B:9D:E8:A3:AF:6E:F5:C6:B1:16:83:0D
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:fd:00:38:ad:c6:2d:9c:30:63:18:95:5e:6d:29:68:e5:11:
         86:2a:49:d3:dc:63:62:4a:bf:47:e4:6d:bb:ac:fb:69:6c:5b:
         fa:8e:20:94:4c:f8:ac:7a:b5:d2:6e:a7:59:d3:33:1f:ac:24:
         5b:a3:45:d0:bd:2a:44:4c:47:3d:05:3a:fc:39:8a:e1:3c:62:
         aa:42:84:60:9f:69:d0:fd:1a:62:7d:c0:4e:e5:1b:71:61:a7:
         b9:4a:70:09:46:d0:68:db:9a:6c:ef:53:1b:b1:a0:90:42:fd:
         9f:31:82:1d:39:6a:2e:e5:bd:91:cb:fd:09:41:86:9d:1e:7c:
         6f:e0:15:15:db:63:3c:49:56:7e:bc:92:1a:53:70:7a:9a:c5:
         78:31:6d:00:41:f7:db:c9:cd:b2:07:6d:29:06:ab:6a:9a:f2:
         65:26:96:7d:a1:1d:bd:b0:3c:80:a6:a3:63:a1:8e:85:5d:11:
         63:34:8c:9d:c5:c0:f4:e2:a1:f8:a9:f2:48:3e:96:7d:29:9d:
         31:48:b7:11:75:a9:3d:d8:ba:41:7a:cc:25:f7:85:54:c1:81:
         5a:1e:b4:e7:98:b5:cd:bc:6e:1c:58:51:c9:c1:0b:fb:d7:22:
         7d:38:e4:78:40:bb:19:ee:ae:8f:44:c5:78:29:63:27:9d:23:
         e7:25:ef:fa
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUMygUEHgDJFKEAjsW8LuJW8kT4h8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTExMDYwNzMxMjNaFw0yNjExMDUwNzM2MjNaMDMxMTAvBgNV
BAMTKDc0NURBNDZGNTkxQzUyM0UzQjlERThBM0FGNkVGNUM2QjExNjgzMEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrPkutx4CybzKBTPrw4yJjUUOg
6p3UphejIWd8B1Saas2hcbBsRbydzCtajqhSK4m1Hq6Ym2lEG5PeO0hJE3M4y05g
P66JeDhbgQWqoFy7I+dBgGQubdCe+jNi+c1jamlBBMEhYqfSjnDM6NsUfZ/peBL3
NBowKxXtN55Ys7KHUAa4z3G1r+TCz2UJJwVeDBm2Gqt4oqDopPA4MtBZ9o7mRZVU
Uh5hdZAXM1ogOTkTlpfbGCQ8QRga6KgaRNtI9orxUjhF3AxJBrGSxM6Eykv9pIbu
BjtwRHiyXxrDFR1lDMACPVpTpjFWjR29PrBWc70jITL6ROf4ikVYE4ImlVKDAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUdF2kb1kcUj47neijr271xrEWgw0wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzEzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1YCjANBgkq
hkiG9w0BAQsFAAOCAQEARf0AOK3GLZwwYxiVXm0paOURhipJ09xjYkq/R+Rtu6z7
aWxb+o4glEz4rHq10m6nWdMzH6wkW6NF0L0qRExHPQU6/DmK4TxiqkKEYJ9p0P0a
Yn3ATuUbcWGnuUpwCUbQaNuabO9TG7GgkEL9nzGCHTlqLuW9kcv9CUGGnR58b+AV
FdtjPElWfrySGlNweprFeDFtAEH328nNsgdtKQarapryZSaWfaEdvbA8gKajY6GO
hV0RYzSMncXA9OKh+KnySD6WfSmdMUi3EXWpPdi6QXrMJfeFVMGBWh6055i1zbxu
HFhRycEL+9cifTjkeEC7Ge6uj0TFeCljJ50j5yXv+g==
-----END CERTIFICATE-----