Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e20323135303236.roa
File:                     34352e39352e36372e302f32342d3234203d3e20323135303236.roa (raw, json)
Hash identifier:          8l4a/6R0X8QPR1Jn6/FHylecZk9PBXk5NjSZK2UdGFo=
Subject key identifier:   1A:06:AF:09:CF:F6:98:AA:FC:36:0F:F5:01:A8:69:9A:9A:29:71:AC
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       12BA72F55496D92D27DE1A0CF853F7CB7A273806
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e20323135303236.roa
Signing time:             Tue 04 Feb 2025 11:25:26 +0000
ROA not before:           Tue 04 Feb 2025 11:20:26 +0000
ROA not after:            Tue 03 Feb 2026 11:25:26 +0000
asID:                     215026
IP address blocks:        45.95.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 17:40:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:ba:72:f5:54:96:d9:2d:27:de:1a:0c:f8:53:f7:cb:7a:27:38:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Feb  4 11:20:26 2025 GMT
            Not After : Feb  3 11:25:26 2026 GMT
        Subject: CN=1A06AF09CFF698AAFC360FF501A8699A9A2971AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:2a:e0:66:38:ab:dd:ca:d8:7d:37:8b:75:4e:
                    ed:aa:10:0a:2d:68:d7:0c:5b:bc:ae:50:e9:c6:c5:
                    9a:6e:92:bc:6d:9b:b3:06:88:9b:d7:8e:0f:5b:42:
                    b9:a9:c1:45:8e:8e:fb:bc:ef:3c:a9:d8:6a:19:46:
                    10:8b:66:8f:5e:90:b9:6c:a2:0c:9c:af:a2:65:03:
                    4e:43:3e:ae:ef:5a:eb:4e:79:3c:be:f0:a7:c9:af:
                    58:52:d1:92:f8:72:b4:b5:cb:18:32:cc:dc:d2:f6:
                    26:05:6a:1e:3c:a7:01:c1:d9:f4:96:08:81:09:29:
                    01:11:cf:a7:75:4e:82:39:dd:ec:1d:a7:d0:5a:e7:
                    12:90:1b:59:70:8e:06:ce:80:16:3c:c1:e5:f9:a4:
                    13:3d:91:a9:30:e1:7a:d8:34:21:03:45:9f:b6:4f:
                    80:1f:86:5a:ca:a2:f1:4c:3d:27:5d:55:82:c2:56:
                    4b:01:2e:df:25:f5:a5:03:d4:82:21:5e:da:ed:ac:
                    a9:1d:0f:66:39:84:de:fe:f4:28:f6:1a:d1:5f:00:
                    ed:b7:eb:59:68:7d:a2:d2:7d:e3:36:16:4d:54:4c:
                    4b:a3:be:38:1e:04:c8:7f:6f:9e:61:82:58:55:e1:
                    3a:24:6e:1a:1c:90:67:66:1a:a9:44:87:69:91:19:
                    14:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:06:AF:09:CF:F6:98:AA:FC:36:0F:F5:01:A8:69:9A:9A:29:71:AC
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e39352e36372e302f32342d3234203d3e20323135303236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:fb:cf:df:91:41:83:ea:cc:96:6d:8c:0f:2e:e8:b6:b7:76:
         3d:9a:96:c9:b6:2a:6a:8d:e0:da:f2:2c:62:42:b4:73:f4:4d:
         75:b9:2f:e7:3b:09:7a:d3:d7:e6:e2:83:19:38:45:0a:68:a6:
         89:d1:32:57:66:6c:0e:26:4a:2d:2f:8d:1a:1f:2c:64:ab:83:
         20:fc:52:41:8d:e1:f8:46:d1:e8:10:11:0a:39:52:94:3f:01:
         45:fa:4b:38:c2:be:c7:64:b3:84:c6:88:ec:a2:8c:30:16:1f:
         cf:8d:0f:86:d5:c9:29:1c:d5:2d:31:eb:63:42:e9:b0:7e:2c:
         56:cb:da:8a:5a:ea:78:4b:00:af:ef:5d:5d:90:b8:a0:78:cd:
         a0:2e:2a:8a:78:b5:b6:23:46:07:cf:f9:ee:ff:46:cd:f3:22:
         7a:de:f3:db:9b:36:65:d2:32:dd:22:f5:d7:23:e5:70:4a:00:
         5c:99:ca:84:f7:35:97:69:d5:95:87:3e:38:a3:fc:a7:1a:ed:
         58:ef:ff:a6:12:09:e3:a0:8e:3b:a5:fa:ee:ea:09:fd:7b:9d:
         11:7e:75:13:0e:c2:1e:e8:a6:1f:19:c8:50:4c:8e:aa:b2:ff:
         7d:b5:81:7e:5b:51:b8:1e:04:ca:00:48:ec:cb:56:ac:30:83:
         bd:89:45:25
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUErpy9VSW2S0n3hoM+FP3y3onOAYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTAyMDQxMTIwMjZaFw0yNjAyMDMxMTI1MjZaMDMxMTAvBgNV
BAMTKDFBMDZBRjA5Q0ZGNjk4QUFGQzM2MEZGNTAxQTg2OTlBOUEyOTcxQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0KuBmOKvdyth9N4t1Tu2qEAot
aNcMW7yuUOnGxZpukrxtm7MGiJvXjg9bQrmpwUWOjvu87zyp2GoZRhCLZo9ekLls
ogycr6JlA05DPq7vWutOeTy+8KfJr1hS0ZL4crS1yxgyzNzS9iYFah48pwHB2fSW
CIEJKQERz6d1ToI53ewdp9Ba5xKQG1lwjgbOgBY8weX5pBM9kakw4XrYNCEDRZ+2
T4AfhlrKovFMPSddVYLCVksBLt8l9aUD1IIhXtrtrKkdD2Y5hN7+9Cj2GtFfAO23
61lofaLSfeM2Fk1UTEujvjgeBMh/b55hglhV4TokbhockGdmGqlEh2mRGRQPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGgavCc/2mKr8Ng/1AahpmpopcawwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzkzNTJlMzYzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTMwMzIzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
QzANBgkqhkiG9w0BAQsFAAOCAQEAvvvP35FBg+rMlm2MDy7otrd2PZqWybYqao3g
2vIsYkK0c/RNdbkv5zsJetPX5uKDGThFCmimidEyV2ZsDiZKLS+NGh8sZKuDIPxS
QY3h+EbR6BARCjlSlD8BRfpLOMK+x2SzhMaI7KKMMBYfz40PhtXJKRzVLTHrY0Lp
sH4sVsvailrqeEsAr+9dXZC4oHjNoC4qini1tiNGB8/57v9GzfMiet7z25s2ZdIy
3SL11yPlcEoAXJnKhPc1l2nVlYc+OKP8pxrtWO//phIJ46COO6X67uoJ/XudEX51
Ew7CHuimHxnIUEyOqrL/fbWBfltRuB4EygBI7MtWrDCDvYlFJQ==
-----END CERTIFICATE-----