Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31312e302f32342d3234203d3e20323131343135.roa
File:                     34352e38382e31312e302f32342d3234203d3e20323131343135.roa (raw, json)
Hash identifier:          8S+s7zX0/TVUfJYDyhi9uvck98NpcZ10C34g0dxy76g=
Subject key identifier:   0C:9E:E9:58:C3:35:CF:2E:E8:4D:66:5E:4E:52:69:BE:4D:58:56:0A
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       25690231A346076DEAD7FA392BD86F0ED8895053
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31312e302f32342d3234203d3e20323131343135.roa
Signing time:             Mon 25 Aug 2025 09:54:13 +0000
ROA not before:           Mon 25 Aug 2025 09:49:13 +0000
ROA not after:            Mon 24 Aug 2026 09:54:13 +0000
asID:                     211415
IP address blocks:        45.88.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:69:02:31:a3:46:07:6d:ea:d7:fa:39:2b:d8:6f:0e:d8:89:50:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Aug 25 09:49:13 2025 GMT
            Not After : Aug 24 09:54:13 2026 GMT
        Subject: CN=0C9EE958C335CF2EE84D665E4E5269BE4D58560A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:16:79:af:49:1d:bb:cc:aa:9e:5a:59:78:72:
                    b7:d7:9b:90:0d:a9:41:7d:fe:7d:0d:30:9e:0d:11:
                    7e:5c:d5:05:12:d5:7d:4a:b6:29:c2:bc:5b:08:a3:
                    46:e2:c8:df:28:de:2a:43:7c:e7:d4:1f:02:90:45:
                    f1:3c:3e:44:44:8d:ca:17:bc:1e:a5:6d:a2:a5:68:
                    34:b6:a9:c7:01:f2:8b:5f:c4:99:1f:48:99:fd:7b:
                    30:e8:44:d1:b3:fe:d1:7a:b5:4f:1b:f7:51:52:34:
                    d3:1d:5d:4f:91:a5:b7:b9:99:76:68:5d:33:89:b7:
                    43:e8:54:8a:4b:d8:bd:9f:b1:f6:a2:62:74:e1:3b:
                    01:78:c5:a2:d7:95:22:89:4c:a3:1b:80:7a:b3:ac:
                    c8:9a:0c:7f:b6:c9:a3:01:d3:f8:b4:db:eb:92:40:
                    5f:4f:04:ae:bd:0c:93:ee:a9:6f:63:03:e4:95:0d:
                    97:5a:e3:7c:d8:86:f1:19:08:b0:86:4d:c8:43:af:
                    dd:92:a7:42:83:15:64:be:e9:79:50:3a:c9:0e:5d:
                    2b:14:d0:ed:3c:82:08:1a:a3:be:62:b7:e6:97:b3:
                    bb:fe:85:55:8d:3a:46:c7:d6:89:39:92:47:3c:e4:
                    8f:0c:9e:f6:dd:34:60:31:a2:fe:57:7b:f4:25:27:
                    a0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9E:E9:58:C3:35:CF:2E:E8:4D:66:5E:4E:52:69:BE:4D:58:56:0A
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e31312e302f32342d3234203d3e20323131343135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a6:60:95:b4:ed:de:f9:ba:67:3f:cd:db:4f:2b:2e:c2:08:
         47:56:c0:62:8e:3c:f7:6d:2d:01:85:22:ed:5c:d3:08:35:d6:
         e0:20:19:4c:b5:89:90:01:55:ef:62:aa:74:a5:af:c4:01:8e:
         ca:35:af:3f:d3:85:e4:5e:9e:d7:96:e3:5f:6f:dd:33:84:ab:
         d0:69:40:b0:c7:57:87:10:10:15:52:5f:bd:6d:31:46:56:1d:
         f0:e8:04:20:91:b8:e7:bc:9e:91:dd:4b:df:6d:0d:65:83:dc:
         26:55:6e:00:04:66:1b:2a:af:4b:cc:36:7b:50:79:a7:df:ab:
         3d:59:7d:ee:19:6d:71:b5:81:f8:e3:47:58:75:72:d7:d0:70:
         41:1a:69:c3:88:9f:eb:e1:a5:c8:4e:3c:46:1c:87:42:26:3f:
         76:22:ea:ee:cf:f0:f9:d0:d8:a0:24:45:b1:c0:1f:4c:9d:f3:
         02:6f:7d:59:ad:f0:43:2b:b8:67:cf:50:a8:64:1d:cc:78:2f:
         46:50:4b:ce:31:84:ac:05:87:53:90:4b:42:67:61:00:8a:51:
         9a:7b:28:f2:e8:3e:ab:43:3d:9f:47:73:c9:dc:d0:2b:49:73:
         ba:bf:0b:57:9d:b1:62:88:8e:23:1a:4e:7c:52:07:aa:80:b6:
         de:dd:70:33
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJWkCMaNGB23q1/o5K9hvDtiJUFMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA4MjUwOTQ5MTNaFw0yNjA4MjQwOTU0MTNaMDMxMTAvBgNV
BAMTKDBDOUVFOTU4QzMzNUNGMkVFODRENjY1RTRFNTI2OUJFNEQ1ODU2MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqFnmvSR27zKqeWll4crfXm5AN
qUF9/n0NMJ4NEX5c1QUS1X1KtinCvFsIo0biyN8o3ipDfOfUHwKQRfE8PkREjcoX
vB6lbaKlaDS2qccB8otfxJkfSJn9ezDoRNGz/tF6tU8b91FSNNMdXU+Rpbe5mXZo
XTOJt0PoVIpL2L2fsfaiYnThOwF4xaLXlSKJTKMbgHqzrMiaDH+2yaMB0/i02+uS
QF9PBK69DJPuqW9jA+SVDZda43zYhvEZCLCGTchDr92Sp0KDFWS+6XlQOskOXSsU
0O08gggao75it+aXs7v+hVWNOkbH1ok5kkc85I8MnvbdNGAxov5Xe/QlJ6BxAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDJ7pWMM1zy7oTWZeTlJpvk1YVgowHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzEzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMTM0MzEzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Y
CzANBgkqhkiG9w0BAQsFAAOCAQEAmqZglbTt3vm6Zz/N208rLsIIR1bAYo48920t
AYUi7VzTCDXW4CAZTLWJkAFV72KqdKWvxAGOyjWvP9OF5F6e15bjX2/dM4Sr0GlA
sMdXhxAQFVJfvW0xRlYd8OgEIJG457yekd1L320NZYPcJlVuAARmGyqvS8w2e1B5
p9+rPVl97hltcbWB+ONHWHVy19BwQRppw4if6+GlyE48RhyHQiY/diLq7s/w+dDY
oCRFscAfTJ3zAm99Wa3wQyu4Z89QqGQdzHgvRlBLzjGErAWHU5BLQmdhAIpRmnso
8ug+q0M9n0dzydzQK0lzur8LV52xYoiOIxpOfFIHqoC23t1wMw==
-----END CERTIFICATE-----