Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39342e302f32332d3233203d3e203632323430.roa
File:                     33362e3235352e39342e302f32332d3233203d3e203632323430.roa (raw, json)
Hash identifier:          cEllpKs9D7QXOnlcaRDylPTaKGxvLoUwJx/hEnrKHPU=
Subject key identifier:   54:64:BD:05:F1:89:D2:5E:B1:90:40:CF:A3:FA:0B:8A:7F:0C:D3:57
Certificate issuer:       /CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
Certificate serial:       56D1A85506308485508F6699CB9A4504387B0C16
Authority key identifier: 3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39342e302f32332d3233203d3e203632323430.roa
Signing time:             Wed 26 Feb 2025 02:53:55 +0000
ROA not before:           Wed 26 Feb 2025 02:48:55 +0000
ROA not after:            Wed 25 Feb 2026 02:53:55 +0000
asID:                     62240
IP address blocks:        36.255.94.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 18:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d1:a8:55:06:30:84:85:50:8f:66:99:cb:9a:45:04:38:7b:0c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e870b9a7003c4fd9c51bd354a9defa3fb77b4a9
        Validity
            Not Before: Feb 26 02:48:55 2025 GMT
            Not After : Feb 25 02:53:55 2026 GMT
        Subject: CN=5464BD05F189D25EB19040CFA3FA0B8A7F0CD357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3e:93:de:12:19:99:3c:7c:d0:d7:ff:6a:2a:
                    d2:da:9f:27:09:2c:29:e4:32:a1:62:9c:1b:72:0c:
                    86:6b:a9:0b:09:82:28:2e:de:1c:a1:23:5b:dd:e9:
                    ba:12:55:7d:07:8a:6b:11:88:a1:d8:e5:77:8f:42:
                    52:6b:56:c0:10:e8:48:d1:67:52:b4:68:c4:d2:0d:
                    78:46:18:23:30:7d:b9:4a:f4:c2:f2:04:c6:c5:80:
                    b0:a8:ed:f4:ed:85:0f:d9:73:4f:a0:48:4f:25:23:
                    32:03:8c:33:c6:6e:e0:81:f9:40:5d:56:a6:1f:a1:
                    71:b7:44:d3:cc:2f:e0:a2:af:6d:e1:26:eb:a1:3d:
                    40:8f:d1:fa:ac:d2:05:39:21:2b:4e:9e:eb:54:9a:
                    b0:bf:10:da:17:b8:a0:b3:d8:64:35:90:6f:47:dd:
                    fb:3d:a1:a4:5c:b3:c6:e4:c4:4c:d8:ff:bc:46:a9:
                    cf:a5:28:6d:fc:3f:79:7e:e8:8e:fe:8e:11:95:2c:
                    09:54:31:e8:6a:51:6c:10:82:15:a3:31:73:00:89:
                    1a:4b:83:4a:54:c2:93:77:c5:15:8e:1f:0f:a4:bd:
                    65:a2:55:eb:0e:dd:80:af:94:24:46:51:c2:6b:29:
                    c1:97:32:b0:e3:2f:d2:67:9a:58:98:a4:33:b8:cc:
                    14:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:64:BD:05:F1:89:D2:5E:B1:90:40:CF:A3:FA:0B:8A:7F:0C:D3:57
            X509v3 Authority Key Identifier:
                keyid:3E:87:0B:9A:70:03:C4:FD:9C:51:BD:35:4A:9D:EF:A3:FB:77:B4:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/3E870B9A7003C4FD9C51BD354A9DEFA3FB77B4A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PocLmnADxP2cUb01Sp3vo_t3tKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c5d18e82-4d68-45a6-a5df-cac115ad2279/0/33362e3235352e39342e302f32332d3233203d3e203632323430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         cf:43:81:75:b1:e1:47:92:bf:a4:04:7f:cd:b0:60:4c:6c:96:
         51:16:c2:61:c0:e9:25:33:d9:8b:3d:ff:ac:56:d6:d0:e5:13:
         e2:db:c0:79:ac:4a:45:27:78:b2:e3:1d:99:5a:d1:81:4f:d1:
         e0:b4:76:57:ec:3d:21:27:3c:ba:2c:45:32:53:42:19:af:44:
         56:9a:d3:ba:ca:60:ae:bc:b2:f2:09:1c:1f:90:b7:ab:d3:22:
         f2:5d:e6:2a:3c:18:e8:e4:c3:f7:a5:3e:9a:9a:96:0f:ea:2d:
         39:36:2c:e8:2c:4c:51:a9:b8:3d:f0:84:e6:73:e5:a1:9e:01:
         26:3b:0b:b2:24:44:5c:48:b2:9a:b7:17:bd:26:e3:d5:6c:68:
         d2:9b:3e:2c:f7:9f:81:83:ab:32:25:e5:77:dd:9e:ef:a2:05:
         f6:ca:c2:93:68:cc:55:59:0a:d7:74:dc:5b:99:d1:bc:20:f4:
         e9:ec:31:b5:88:cd:dc:1a:61:0b:87:99:60:21:e6:aa:d0:9c:
         18:4e:dd:44:1b:bd:f5:ab:52:34:57:d9:55:b9:b0:08:f8:0a:
         b9:ac:d1:ed:eb:d6:3b:58:b0:00:33:49:44:e3:9a:e0:a7:3e:
         8a:95:c0:a7:11:9b:7a:49:8d:38:75:c0:ad:00:2d:b4:63:25:
         57:d9:43:70
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVtGoVQYwhIVQj2aZy5pFBDh7DBYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2U4NzBiOWE3MDAzYzRmZDljNTFiZDM1NGE5ZGVmYTNm
Yjc3YjRhOTAeFw0yNTAyMjYwMjQ4NTVaFw0yNjAyMjUwMjUzNTVaMDMxMTAvBgNV
BAMTKDU0NjRCRDA1RjE4OUQyNUVCMTkwNDBDRkEzRkEwQjhBN0YwQ0QzNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUPpPeEhmZPHzQ1/9qKtLanycJ
LCnkMqFinBtyDIZrqQsJgigu3hyhI1vd6boSVX0HimsRiKHY5XePQlJrVsAQ6EjR
Z1K0aMTSDXhGGCMwfblK9MLyBMbFgLCo7fTthQ/Zc0+gSE8lIzIDjDPGbuCB+UBd
VqYfoXG3RNPML+Cir23hJuuhPUCP0fqs0gU5IStOnutUmrC/ENoXuKCz2GQ1kG9H
3fs9oaRcs8bkxEzY/7xGqc+lKG38P3l+6I7+jhGVLAlUMehqUWwQghWjMXMAiRpL
g0pUwpN3xRWOHw+kvWWiVesO3YCvlCRGUcJrKcGXMrDjL9JnmliYpDO4zBTLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUVGS9BfGJ0l6xkEDPo/oLin8M01cwHwYDVR0j
BBgwFoAUPocLmnADxP2cUb01Sp3vo/t3tKkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzVkMThlODItNGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQy
Mjc5LzAvM0U4NzBCOUE3MDAzQzRGRDlDNTFCRDM1NEE5REVGQTNGQjc3QjRBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1BvY0xtbkFEeFAyY1ViMDFTcDN2b190
M3RLay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzVkMThlODIt
NGQ2OC00NWE2LWE1ZGYtY2FjMTE1YWQyMjc5LzAvMzMzNjJlMzIzNTM1MmUzOTM0
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzYzMjMyMzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAST/
XjANBgkqhkiG9w0BAQsFAAOCAQEAz0OBdbHhR5K/pAR/zbBgTGyWURbCYcDpJTPZ
iz3/rFbW0OUT4tvAeaxKRSd4suMdmVrRgU/R4LR2V+w9ISc8uixFMlNCGa9EVprT
uspgrryy8gkcH5C3q9Mi8l3mKjwY6OTD96U+mpqWD+otOTYs6CxMUam4PfCE5nPl
oZ4BJjsLsiREXEiymrcXvSbj1Wxo0ps+LPefgYOrMiXld92e76IF9srCk2jMVVkK
13TcW5nRvCD06ewxtYjN3BphC4eZYCHmqtCcGE7dRBu99atSNFfZVbmwCPgKuazR
7evWO1iwADNJROOa4Kc+ipXApxGbekmNOHXArQAttGMlV9lDcA==
-----END CERTIFICATE-----