Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa
File:                     34352e38382e382e302f32342d3234203d3e20323031393439.roa (raw, json)
Hash identifier:          +cn/HoK+oYEcSR5pDXZXsbQ404gHhu7pStUUogb/v/E=
Subject key identifier:   9C:25:0E:7E:0B:D6:BB:4F:00:60:A6:B6:D6:39:12:58:DD:66:51:F6
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       501F1107767F55308DD91B17CF59C8D93558EB04
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa
Signing time:             Sun 23 Feb 2025 12:53:10 +0000
ROA not before:           Sun 23 Feb 2025 12:48:10 +0000
ROA not after:            Sun 22 Feb 2026 12:53:10 +0000
asID:                     201949
IP address blocks:        45.88.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:07:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:1f:11:07:76:7f:55:30:8d:d9:1b:17:cf:59:c8:d9:35:58:eb:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Feb 23 12:48:10 2025 GMT
            Not After : Feb 22 12:53:10 2026 GMT
        Subject: CN=9C250E7E0BD6BB4F0060A6B6D6391258DD6651F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:31:f6:ca:d5:8e:d5:83:d1:04:9f:45:66:6e:
                    4a:e4:d7:bb:8b:e9:11:bd:48:2c:73:af:33:26:79:
                    4a:9b:9c:78:0b:8f:13:30:a9:9a:24:0c:d5:29:24:
                    62:4b:f8:61:4e:1a:c0:51:9b:15:08:45:85:bc:55:
                    dc:22:5a:b8:f6:9f:73:52:f0:83:f0:c2:09:af:63:
                    b6:cd:b9:06:8b:90:a9:12:01:f4:d6:93:ec:5a:95:
                    72:08:c7:45:4d:38:22:9f:2e:f9:6d:eb:21:c8:cb:
                    45:2e:9b:ed:fd:e0:ad:af:64:ea:67:a9:bc:a8:96:
                    5e:ae:c0:2d:7d:cd:dd:ba:c3:95:b3:78:8a:ef:72:
                    f6:c6:0d:72:29:40:82:c2:29:84:78:2c:ee:c7:cc:
                    e5:b4:44:80:26:8d:b5:6a:fb:19:00:1b:2d:b6:95:
                    18:d5:38:00:bd:9a:6f:73:98:df:b2:57:47:69:ad:
                    b6:7c:8a:a8:a8:ef:ff:12:ad:e6:e2:f0:a1:8f:66:
                    ab:61:56:6f:30:8a:93:5f:57:8d:f5:71:1c:6c:cf:
                    8f:8f:5b:d3:c6:fe:14:31:6f:e7:c3:a4:34:6b:d4:
                    24:7a:a6:df:7e:d5:e5:2a:39:2b:fe:73:08:2a:ff:
                    87:8e:4f:19:49:8a:f5:cf:29:f8:25:0d:2d:62:24:
                    38:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:25:0E:7E:0B:D6:BB:4F:00:60:A6:B6:D6:39:12:58:DD:66:51:F6
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e38382e382e302f32342d3234203d3e20323031393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:29:cf:ed:07:84:63:e7:d5:af:54:9e:6c:9f:ec:2b:74:fd:
         0f:0e:70:4b:ed:4a:56:ce:b4:fc:99:1f:65:9e:e1:91:59:28:
         a2:7d:f3:e2:ee:a3:a3:c5:65:44:67:1f:3c:35:85:c1:cc:5e:
         78:84:f2:aa:17:fe:8f:b9:9f:f3:56:4a:35:e5:d7:b1:67:12:
         f5:db:83:39:2d:de:8f:23:fb:40:0f:da:d4:46:5b:d7:bf:b1:
         4c:21:34:bf:27:4f:66:93:65:a7:bb:d2:60:3b:62:0c:3b:00:
         9b:a0:75:b3:0e:0a:f1:59:f2:c9:b5:4c:33:6b:83:40:c7:01:
         87:de:2b:76:78:7f:71:a4:e4:27:37:0a:fa:4e:5c:9f:02:55:
         e5:9c:20:10:9b:45:72:04:1e:b6:6d:85:ca:38:03:48:04:33:
         ae:e9:8d:3c:12:8e:c7:04:59:38:7d:bc:3b:29:e3:98:be:05:
         df:08:b2:1e:fe:7f:fe:31:d5:79:1b:49:07:93:35:92:30:da:
         4a:dd:fe:b3:ca:08:b6:d5:d5:d8:9f:91:a0:8c:00:74:78:6a:
         44:ad:32:61:64:b0:b3:6f:8e:d9:76:d4:24:e1:c4:75:22:eb:
         c5:9f:f9:7b:48:ea:9f:53:e9:c3:64:12:c3:6b:f9:14:ad:a4:
         53:23:f4:91
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUUB8RB3Z/VTCN2RsXz1nI2TVY6wQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTAyMjMxMjQ4MTBaFw0yNjAyMjIxMjUzMTBaMDMxMTAvBgNV
BAMTKDlDMjUwRTdFMEJENkJCNEYwMDYwQTZCNkQ2MzkxMjU4REQ2NjUxRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjMfbK1Y7Vg9EEn0Vmbkrk17uL
6RG9SCxzrzMmeUqbnHgLjxMwqZokDNUpJGJL+GFOGsBRmxUIRYW8VdwiWrj2n3NS
8IPwwgmvY7bNuQaLkKkSAfTWk+xalXIIx0VNOCKfLvlt6yHIy0Uum+394K2vZOpn
qbyoll6uwC19zd26w5WzeIrvcvbGDXIpQILCKYR4LO7HzOW0RIAmjbVq+xkAGy22
lRjVOAC9mm9zmN+yV0dprbZ8iqio7/8Srebi8KGPZqthVm8wipNfV431cRxsz4+P
W9PG/hQxb+fDpDRr1CR6pt9+1eUqOSv+cwgq/4eOTxlJivXPKfglDS1iJDhhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUnCUOfgvWu08AYKa21jkSWN1mUfYwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzgzODJlMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzEzOTM0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtWAgw
DQYJKoZIhvcNAQELBQADggEBAJcpz+0HhGPn1a9Unmyf7Ct0/Q8OcEvtSlbOtPyZ
H2We4ZFZKKJ98+Luo6PFZURnHzw1hcHMXniE8qoX/o+5n/NWSjXl17FnEvXbgzkt
3o8j+0AP2tRGW9e/sUwhNL8nT2aTZae70mA7Ygw7AJugdbMOCvFZ8sm1TDNrg0DH
AYfeK3Z4f3Gk5Cc3CvpOXJ8CVeWcIBCbRXIEHrZthco4A0gEM67pjTwSjscEWTh9
vDsp45i+Bd8Ish7+f/4x1XkbSQeTNZIw2krd/rPKCLbV1difkaCMAHR4akStMmFk
sLNvjtl21CThxHUi68Wf+XtI6p9T6cNkEsNr+RStpFMj9JE=
-----END CERTIFICATE-----