Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2039323934.roa
File:                     3134362e31392e32322e302f32342d3234203d3e2039323934.roa (raw, json)
Hash identifier:          4ThssK8ksZD7mFwPOIttfQuPgXi87SmagzrwaTeHUHI=
Subject key identifier:   06:D6:0B:DC:83:15:80:96:E0:8C:B5:52:09:EC:B6:27:40:65:7E:47
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       10BFD01D52BEF2AB3D26EFED669348BF3BE27C82
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2039323934.roa
Signing time:             Thu 06 Nov 2025 05:41:54 +0000
ROA not before:           Thu 06 Nov 2025 05:36:54 +0000
ROA not after:            Thu 05 Nov 2026 05:41:54 +0000
asID:                     9294
IP address blocks:        146.19.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 18:41:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:bf:d0:1d:52:be:f2:ab:3d:26:ef:ed:66:93:48:bf:3b:e2:7c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Nov  6 05:36:54 2025 GMT
            Not After : Nov  5 05:41:54 2026 GMT
        Subject: CN=06D60BDC83158096E08CB55209ECB62740657E47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:93:5f:34:dc:2a:16:81:4a:d3:82:26:e7:8a:
                    85:a1:8f:e9:ab:3d:f8:72:3b:90:3c:29:09:54:9d:
                    af:55:db:0d:8e:23:c5:09:f5:a0:0a:06:f3:74:9c:
                    75:88:a3:54:20:bb:5e:0f:3e:1d:95:c6:29:cc:12:
                    f4:1c:00:e8:20:d3:8b:8e:5b:a9:77:89:97:7b:df:
                    75:87:8f:dd:17:03:e8:85:6d:57:19:e2:1f:b9:0a:
                    0f:30:7b:be:21:c0:59:8e:7e:bf:77:28:0d:d0:27:
                    7e:74:b1:67:42:6a:1c:a1:50:0c:a6:ba:b6:8f:3f:
                    af:17:61:bd:dc:d4:22:b2:64:0e:42:18:bc:ce:18:
                    d0:5a:92:f1:06:b5:8a:79:16:f1:44:b4:d9:34:55:
                    f4:0a:bf:b6:8e:b2:34:9a:ee:dc:c5:e8:6d:bd:b5:
                    4a:d1:72:61:7e:6b:80:9d:e0:40:ad:3f:c9:d1:b6:
                    ee:45:80:e8:96:4f:f2:31:b5:99:36:b3:49:3e:27:
                    8b:61:71:88:b4:1f:1b:04:61:3a:3c:aa:41:6c:d9:
                    d6:aa:75:46:9f:c5:77:56:1c:24:90:a8:ab:71:07:
                    6b:95:3b:9a:82:fa:6d:0d:60:d7:c8:20:63:fa:28:
                    88:c6:70:cb:d9:30:71:60:ac:58:68:62:2c:c6:f3:
                    45:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D6:0B:DC:83:15:80:96:E0:8C:B5:52:09:EC:B6:27:40:65:7E:47
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2039323934.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:67:62:fa:2d:4a:ce:c1:3b:ab:71:8e:78:fd:7d:33:85:c0:
         bd:ee:6b:6a:69:08:fb:29:3c:fb:d7:89:d7:0d:c1:0e:5e:64:
         3c:e9:77:57:cf:2b:c7:8f:33:2d:f7:a2:49:46:91:71:08:44:
         1f:a7:c3:dd:96:b7:92:b2:07:52:f7:9c:4a:f8:0e:13:03:f2:
         c8:8d:d2:3f:05:f8:4c:a2:e8:14:34:b7:15:53:ab:1a:67:31:
         cf:99:60:ae:e3:a4:be:31:5f:ca:30:ae:15:79:94:a7:70:ac:
         88:e0:3a:19:72:24:1e:8e:86:18:56:0b:cf:8e:42:ec:f4:a4:
         55:3b:c1:63:bc:e8:e8:13:cb:b5:0b:08:bb:27:dd:47:49:c4:
         43:53:de:ef:16:1b:d5:fd:dc:19:a4:13:8f:35:ac:75:3f:b3:
         7b:99:1c:cd:94:73:ae:41:b6:79:36:17:af:08:f4:18:ee:b9:
         4e:28:95:92:ae:69:d7:98:62:41:f3:37:c5:1b:b2:65:b7:f5:
         be:e8:bb:15:de:a4:b6:36:31:71:65:33:29:7a:3e:c1:95:1a:
         51:d9:08:21:49:3c:87:f1:db:28:fa:aa:46:2f:79:87:bb:d9:
         a0:ba:94:0e:12:e2:b1:d1:01:4e:2d:f1:77:b3:7e:27:74:e6:
         4c:53:d9:5d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEL/QHVK+8qs9Ju/tZpNIvzvifIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTExMDYwNTM2NTRaFw0yNjExMDUwNTQxNTRaMDMxMTAvBgNV
BAMTKDA2RDYwQkRDODMxNTgwOTZFMDhDQjU1MjA5RUNCNjI3NDA2NTdFNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDk1803CoWgUrTgibnioWhj+mr
PfhyO5A8KQlUna9V2w2OI8UJ9aAKBvN0nHWIo1Qgu14PPh2VxinMEvQcAOgg04uO
W6l3iZd733WHj90XA+iFbVcZ4h+5Cg8we74hwFmOfr93KA3QJ350sWdCahyhUAym
uraPP68XYb3c1CKyZA5CGLzOGNBakvEGtYp5FvFEtNk0VfQKv7aOsjSa7tzF6G29
tUrRcmF+a4Cd4ECtP8nRtu5FgOiWT/IxtZk2s0k+J4thcYi0HxsEYTo8qkFs2daq
dUafxXdWHCSQqKtxB2uVO5qC+m0NYNfIIGP6KIjGcMvZMHFgrFhoYizG80WPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBtYL3IMVgJbgjLVSCey2J0BlfkcwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMjM5MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSExYw
DQYJKoZIhvcNAQELBQADggEBACFnYvotSs7BO6txjnj9fTOFwL3ua2ppCPspPPvX
idcNwQ5eZDzpd1fPK8ePMy33oklGkXEIRB+nw92Wt5KyB1L3nEr4DhMD8siN0j8F
+Eyi6BQ0txVTqxpnMc+ZYK7jpL4xX8owrhV5lKdwrIjgOhlyJB6OhhhWC8+OQuz0
pFU7wWO86OgTy7ULCLsn3UdJxENT3u8WG9X93BmkE481rHU/s3uZHM2Uc65Btnk2
F68I9BjuuU4olZKuadeYYkHzN8UbsmW39b7ouxXepLY2MXFlMyl6PsGVGlHZCCFJ
PIfx2yj6qkYveYe72aC6lA4S4rHRAU4t8Xezfid05kxT2V0=
-----END CERTIFICATE-----