Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136342e302f32322d3232203d3e2033333230.roa
File:                     3132382e36352e3136342e302f32322d3232203d3e2033333230.roa (raw, json)
Hash identifier:          jUzg8MFBi50HDoiq8ZBSiLc/BkEY3Sqp4qzgmYg5v/k=
Subject key identifier:   6D:21:85:9E:D1:20:79:4B:23:D8:EF:63:6A:7F:CE:6A:17:15:A5:3C
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       1416D7CE2AB7E070DC4FE42C9CF07105C05BB6A1
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136342e302f32322d3232203d3e2033333230.roa
Signing time:             Tue 25 Mar 2025 06:19:41 +0000
ROA not before:           Tue 25 Mar 2025 06:14:41 +0000
ROA not after:            Tue 24 Mar 2026 06:19:41 +0000
asID:                     3320
IP address blocks:        128.65.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:16:d7:ce:2a:b7:e0:70:dc:4f:e4:2c:9c:f0:71:05:c0:5b:b6:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Mar 25 06:14:41 2025 GMT
            Not After : Mar 24 06:19:41 2026 GMT
        Subject: CN=6D21859ED120794B23D8EF636A7FCE6A1715A53C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:83:96:9e:25:b5:b0:ca:ab:21:5a:76:87:8f:
                    8a:0b:1f:b3:53:4a:e3:e4:44:5b:1b:e8:f6:83:0e:
                    25:60:12:99:38:51:da:b7:90:39:06:09:d2:38:5f:
                    9b:57:29:e4:09:23:c0:8f:fd:6c:8b:23:df:9f:c0:
                    b9:59:a8:49:72:0c:90:f1:bb:94:3d:22:57:92:ed:
                    b5:90:9a:e2:f5:60:33:d2:45:21:02:3a:ad:cc:3c:
                    08:d7:4d:8a:7c:d3:fe:09:2d:48:21:cf:52:53:df:
                    b3:9f:a5:55:1c:13:76:3c:f0:ff:b0:38:4a:e2:a0:
                    35:25:4f:0e:3f:22:48:2e:f3:f1:74:71:b0:cd:1e:
                    46:9f:ea:dd:1c:c6:35:b0:0b:c0:d2:fc:1e:cb:35:
                    f0:4e:f5:86:8f:9e:35:d7:52:fd:b5:3b:7b:49:95:
                    c5:fb:cc:94:4b:c6:47:02:29:07:da:d8:b6:d7:3d:
                    6f:bf:38:18:32:a5:bf:58:1b:b2:30:3a:36:f2:10:
                    7b:f3:b6:df:b3:b5:bd:d3:eb:6e:8f:56:39:9f:e2:
                    79:19:46:ef:a6:2e:ee:59:2d:0a:2a:b6:41:f8:4a:
                    97:67:dd:a2:a6:be:c2:39:e2:74:96:13:f5:6b:11:
                    83:60:2d:cc:12:1b:75:e9:12:b1:da:4c:f7:c0:6c:
                    97:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:21:85:9E:D1:20:79:4B:23:D8:EF:63:6A:7F:CE:6A:17:15:A5:3C
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136342e302f32322d3232203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:29:cd:0d:6f:84:a3:f3:4b:42:86:75:22:03:da:6d:08:66:
         c2:b5:a8:f9:44:18:88:82:63:c5:04:73:f7:7a:52:1a:cf:56:
         50:8c:8d:63:8b:b6:c5:9d:78:15:52:e0:96:cc:9e:ab:99:e3:
         57:57:38:ab:c2:dc:a5:5d:9e:5e:51:95:4d:18:da:d7:a2:6e:
         f6:c7:c8:49:69:ec:9d:32:4f:4f:3f:e8:fc:38:1f:72:32:cb:
         db:dc:fc:29:49:42:ab:cc:89:69:1f:5a:9f:6c:bc:7e:a7:09:
         ea:bc:5c:0e:7b:60:0a:9f:47:28:3f:56:43:63:47:f4:af:5a:
         d1:c8:7a:4a:d0:cc:b9:8c:32:b0:62:99:e0:78:4f:c6:ad:b6:
         9d:91:04:98:6a:a8:11:ce:f6:38:5b:9c:21:96:d6:ba:73:6e:
         0b:99:23:82:c9:a2:1d:b5:ea:c3:17:ab:46:6b:7a:37:e7:b1:
         a2:40:44:fe:ba:40:06:65:5d:42:4b:05:d0:d8:e8:1a:41:80:
         35:94:04:65:dc:58:ce:3b:88:2e:db:69:f8:c4:68:7b:7f:4d:
         22:78:57:f3:8f:91:d7:6b:69:46:bc:26:6b:b1:72:79:70:e3:
         42:78:b5:c4:6a:57:c4:f5:a0:84:90:3a:84:02:52:7f:bc:2b:
         e9:dc:d6:fb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFBbXziq34HDcT+QsnPBxBcBbtqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTAzMjUwNjE0NDFaFw0yNjAzMjQwNjE5NDFaMDMxMTAvBgNV
BAMTKDZEMjE4NTlFRDEyMDc5NEIyM0Q4RUY2MzZBN0ZDRTZBMTcxNUE1M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEg5aeJbWwyqshWnaHj4oLH7NT
SuPkRFsb6PaDDiVgEpk4Udq3kDkGCdI4X5tXKeQJI8CP/WyLI9+fwLlZqElyDJDx
u5Q9IleS7bWQmuL1YDPSRSECOq3MPAjXTYp80/4JLUghz1JT37OfpVUcE3Y88P+w
OErioDUlTw4/Ikgu8/F0cbDNHkaf6t0cxjWwC8DS/B7LNfBO9YaPnjXXUv21O3tJ
lcX7zJRLxkcCKQfa2LbXPW+/OBgypb9YG7IwOjbyEHvztt+ztb3T626PVjmf4nkZ
Ru+mLu5ZLQoqtkH4Spdn3aKmvsI54nSWE/VrEYNgLcwSG3XpErHaTPfAbJdNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUbSGFntEgeUsj2O9jan/OahcVpTwwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzMjM4MmUzNjM1MmUzMTM2
MzQyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAoBB
pDANBgkqhkiG9w0BAQsFAAOCAQEAZCnNDW+Eo/NLQoZ1IgPabQhmwrWo+UQYiIJj
xQRz93pSGs9WUIyNY4u2xZ14FVLglsyeq5njV1c4q8LcpV2eXlGVTRja16Ju9sfI
SWnsnTJPTz/o/DgfcjLL29z8KUlCq8yJaR9an2y8fqcJ6rxcDntgCp9HKD9WQ2NH
9K9a0ch6StDMuYwysGKZ4HhPxq22nZEEmGqoEc72OFucIZbWunNuC5kjgsmiHbXq
wxerRmt6N+exokBE/rpABmVdQksF0NjoGkGANZQEZdxYzjuILttp+MRoe39NInhX
84+R12tpRrwma7FyeXDjQni1xGpXxPWghJA6hAJSf7wr6dzW+w==
-----END CERTIFICATE-----