Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39322e302f32342d3234203d3e20323039313831.roa
File:                     34352e38362e39322e302f32342d3234203d3e20323039313831.roa (raw, json)
Hash identifier:          gFPXsCrn7VghMZpPQmlNius+Qe9koRj6iqpgIDQpOY8=
Subject key identifier:   93:E7:97:61:14:50:98:97:C7:6C:98:19:CB:0E:4F:CD:C4:46:FA:7B
Certificate issuer:       /CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
Certificate serial:       4E27B3C333DC271FD50DD6BD4A02D9E34D0920FF
Authority key identifier: D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39322e302f32342d3234203d3e20323039313831.roa
Signing time:             Tue 13 May 2025 18:54:08 +0000
ROA not before:           Tue 13 May 2025 18:49:08 +0000
ROA not after:            Tue 12 May 2026 18:54:08 +0000
asID:                     209181
IP address blocks:        45.86.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 17:33:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:27:b3:c3:33:dc:27:1f:d5:0d:d6:bd:4a:02:d9:e3:4d:09:20:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d01ba013bc1e6d86f0d6d58eafa54e27fada3444
        Validity
            Not Before: May 13 18:49:08 2025 GMT
            Not After : May 12 18:54:08 2026 GMT
        Subject: CN=93E7976114509897C76C9819CB0E4FCDC446FA7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:93:ee:a9:7f:6f:fe:1d:44:6e:ed:cb:a0:e6:
                    94:09:0b:1f:01:56:41:6a:0f:5d:ef:36:3b:09:a8:
                    4f:a1:8f:4c:9f:f1:16:01:c9:fe:72:ef:49:7a:f3:
                    88:c5:9b:1c:50:34:2a:b1:b9:94:4f:f9:52:c3:ef:
                    07:96:5e:e5:28:10:3e:7f:3b:4b:2f:9b:26:a2:54:
                    02:33:5b:d0:2c:7e:8a:4c:cb:35:76:19:73:8e:c8:
                    67:19:ea:80:70:7c:6c:c7:42:1f:0b:8b:af:63:7d:
                    df:e6:30:54:b3:b0:fe:36:77:37:c7:a4:6e:3c:d0:
                    4a:1c:d3:6f:8b:d8:df:0a:8e:c3:5c:59:a2:a4:3c:
                    77:17:d2:93:8b:23:4c:2c:70:8a:4b:6a:89:4e:f0:
                    05:1d:93:37:12:2b:78:e9:c5:fd:4c:c3:27:00:f2:
                    98:19:45:81:f9:68:a5:11:2f:7d:87:28:e4:d2:ce:
                    d2:d3:df:b0:8e:6a:93:86:2f:8e:0c:57:40:37:bd:
                    01:9a:14:30:f6:c6:0a:aa:0b:e6:55:b5:cb:f2:6e:
                    34:d7:7f:f5:35:da:cd:5a:48:23:59:6d:14:41:c2:
                    5b:cd:14:db:df:3d:51:21:fe:a3:e0:89:72:cf:36:
                    3e:71:d7:2a:1c:2b:d3:cd:a8:13:f1:fa:58:d0:13:
                    09:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:E7:97:61:14:50:98:97:C7:6C:98:19:CB:0E:4F:CD:C4:46:FA:7B
            X509v3 Authority Key Identifier:
                keyid:D0:1B:A0:13:BC:1E:6D:86:F0:D6:D5:8E:AF:A5:4E:27:FA:DA:34:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/D01BA013BC1E6D86F0D6D58EAFA54E27FADA3444.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0BugE7webYbw1tWOr6VOJ_raNEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a522a52f-6534-4165-a6a7-ef9f74ef9431/1/34352e38362e39322e302f32342d3234203d3e20323039313831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:b3:04:6e:4b:57:4d:1f:cf:35:70:23:50:ad:5d:6c:8f:c7:
         76:11:c7:77:e6:c7:f2:f6:77:1d:3f:66:84:7a:25:9d:1a:26:
         33:60:f8:29:91:d9:81:b7:f8:3d:db:9a:3a:a0:0d:93:2d:ec:
         9c:9e:cc:d0:98:a6:4c:68:2a:eb:1c:bf:75:55:75:dc:e3:a7:
         e1:ba:09:96:ce:e9:7c:eb:e4:b8:a5:5e:39:0f:e9:cc:4a:72:
         5e:c0:f6:9b:0b:25:d1:e9:4e:59:e8:61:23:d5:ce:b6:01:69:
         b4:37:96:a2:d5:b9:8f:68:d1:3c:9c:e3:b4:35:af:4d:e2:a2:
         e1:b7:83:06:f3:f0:75:d5:36:68:cf:27:d2:2a:5c:5a:a0:2b:
         3b:df:af:1f:6d:53:f7:24:4c:15:d7:8a:1a:24:e7:8e:8e:68:
         91:05:6e:c0:69:ed:0c:a4:72:61:8d:bd:d3:af:6e:98:58:08:
         dd:c8:e7:5a:78:fe:be:fe:52:e4:56:59:b6:c2:9c:2d:09:e7:
         37:e3:ef:23:47:c2:bb:b0:42:03:84:f9:ab:ba:31:e7:53:1b:
         5b:13:37:01:bb:e0:6b:e4:ac:4c:3d:f7:9c:d4:d8:b0:18:6f:
         b4:6b:cd:74:2f:53:ba:36:1f:2f:3a:bb:15:12:ce:79:1c:81:
         2d:a3:a5:25
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTiezwzPcJx/VDda9SgLZ400JIP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDAxYmEwMTNiYzFlNmQ4NmYwZDZkNThlYWZhNTRlMjdm
YWRhMzQ0NDAeFw0yNTA1MTMxODQ5MDhaFw0yNjA1MTIxODU0MDhaMDMxMTAvBgNV
BAMTKDkzRTc5NzYxMTQ1MDk4OTdDNzZDOTgxOUNCMEU0RkNEQzQ0NkZBN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrk+6pf2/+HURu7cug5pQJCx8B
VkFqD13vNjsJqE+hj0yf8RYByf5y70l684jFmxxQNCqxuZRP+VLD7weWXuUoED5/
O0svmyaiVAIzW9AsfopMyzV2GXOOyGcZ6oBwfGzHQh8Li69jfd/mMFSzsP42dzfH
pG480Eoc02+L2N8KjsNcWaKkPHcX0pOLI0wscIpLaolO8AUdkzcSK3jpxf1MwycA
8pgZRYH5aKURL32HKOTSztLT37COapOGL44MV0A3vQGaFDD2xgqqC+ZVtcvybjTX
f/U12s1aSCNZbRRBwlvNFNvfPVEh/qPgiXLPNj5x1yocK9PNqBPx+ljQEwkRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUk+eXYRRQmJfHbJgZyw5PzcRG+nswHwYDVR0j
BBgwFoAU0BugE7webYbw1tWOr6VOJ/raNEQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYtNjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5
NDMxLzEvRDAxQkEwMTNCQzFFNkQ4NkYwRDZENThFQUZBNTRFMjdGQURBMzQ0NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBCdWdFN3dlYllidzF0V09yNlZPSl9y
YU5FUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTUyMmE1MmYt
NjUzNC00MTY1LWE2YTctZWY5Zjc0ZWY5NDMxLzEvMzQzNTJlMzgzNjJlMzkzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTMxMzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1W
XDANBgkqhkiG9w0BAQsFAAOCAQEAXrMEbktXTR/PNXAjUK1dbI/HdhHHd+bH8vZ3
HT9mhHolnRomM2D4KZHZgbf4PduaOqANky3snJ7M0JimTGgq6xy/dVV13OOn4boJ
ls7pfOvkuKVeOQ/pzEpyXsD2mwsl0elOWehhI9XOtgFptDeWotW5j2jRPJzjtDWv
TeKi4beDBvPwddU2aM8n0ipcWqArO9+vH21T9yRMFdeKGiTnjo5okQVuwGntDKRy
YY29069umFgI3cjnWnj+vv5S5FZZtsKcLQnnN+PvI0fCu7BCA4T5q7ox51MbWxM3
Abvga+SsTD33nNTYsBhvtGvNdC9TujYfLzq7FRLOeRyBLaOlJQ==
-----END CERTIFICATE-----