Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2039333034.roa
File:                     3134362e31392e32322e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          I0Z4SQz8z8YpmplzirCItc3akQQRnaog6R3rCeJUBfA=
Subject key identifier:   E0:0D:D1:38:57:D3:6E:54:23:3A:04:9F:CA:DE:71:DD:D3:65:3C:1F
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       64412D0B6224A60E6A0735CF960E584A9F2D42BB
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 03 Jul 2025 13:57:22 +0000
ROA not before:           Thu 03 Jul 2025 13:52:22 +0000
ROA not after:            Thu 02 Jul 2026 13:57:22 +0000
asID:                     9304
IP address blocks:        146.19.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 04:37:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:41:2d:0b:62:24:a6:0e:6a:07:35:cf:96:0e:58:4a:9f:2d:42:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Jul  3 13:52:22 2025 GMT
            Not After : Jul  2 13:57:22 2026 GMT
        Subject: CN=E00DD13857D36E54233A049FCADE71DDD3653C1F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:94:12:68:e5:c5:d8:10:46:87:a8:0b:92:2d:
                    c2:ea:5b:3a:e4:df:38:fa:a2:40:e9:3e:69:c6:de:
                    8b:72:9b:a4:3a:36:50:98:a2:cb:10:e6:35:2e:17:
                    87:e9:bf:39:79:d3:10:28:06:c3:99:74:97:fc:bb:
                    47:d6:2d:ef:bd:af:69:90:f6:99:6f:e2:2b:a5:7d:
                    97:28:32:99:c3:c8:5b:67:f3:11:6d:93:29:b8:01:
                    29:99:a8:52:99:37:41:b7:ad:88:e5:d9:62:27:53:
                    8c:b2:b2:bb:b4:2a:39:70:fc:48:08:95:c5:b9:c8:
                    2b:03:51:ed:20:48:f3:ef:3e:fb:3e:60:38:c3:cd:
                    79:2a:7e:4b:c9:a8:23:2f:0b:25:dc:ec:e4:87:56:
                    c3:59:02:94:ac:e0:af:76:7d:f5:4d:09:98:61:2e:
                    8f:30:28:e9:c7:d3:33:5b:41:c8:95:c6:48:ea:e4:
                    b8:58:75:b3:1d:8c:c1:12:87:a1:a1:4b:82:65:14:
                    4c:d6:9a:6c:4b:24:c3:31:be:ec:db:2e:e9:3f:29:
                    d5:9a:a0:28:71:21:e1:47:60:6c:d0:4b:01:8a:07:
                    00:c2:16:f0:1a:d9:60:a7:a2:8c:6a:69:e4:30:bf:
                    0c:39:4f:d9:4e:e9:75:cf:d4:42:92:be:02:e6:5a:
                    77:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0D:D1:38:57:D3:6E:54:23:3A:04:9F:CA:DE:71:DD:D3:65:3C:1F
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/3134362e31392e32322e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:73:cd:9a:17:33:66:3e:a1:20:90:14:32:88:a4:42:6b:2d:
         be:29:a5:57:49:97:2d:ec:74:a9:ed:ee:be:11:1d:eb:1c:03:
         5e:5f:2e:e9:c3:b6:db:61:13:ea:67:ae:26:3d:d5:ff:e7:a0:
         c2:2f:c3:51:b3:b1:43:45:c6:aa:01:0f:95:6a:a2:ef:55:44:
         a8:38:e6:51:d9:eb:87:be:bd:5f:5d:13:c1:f7:5c:98:b5:90:
         88:ae:bb:cc:79:18:1c:12:7a:00:6b:f8:aa:87:b8:77:7c:53:
         ec:65:91:f0:97:a6:59:7b:1d:34:86:44:08:7d:2b:fd:a8:15:
         f0:10:27:a8:9e:8a:29:db:4a:2e:b2:c8:63:23:15:54:0b:49:
         84:05:21:9d:14:ad:a0:72:b6:15:22:41:f2:c4:d9:a9:04:05:
         6f:a5:f3:09:c0:4c:33:13:f9:79:e8:3d:30:9c:bc:29:6c:0e:
         90:60:8b:79:ae:a0:6e:df:79:41:c4:04:7d:a3:94:4d:52:48:
         a7:46:a8:5a:85:98:38:32:a3:54:a9:5b:e2:9d:d7:57:f8:a5:
         f5:9e:06:2b:11:58:71:fe:bb:11:4a:95:c9:a9:ed:ec:f6:a0:
         56:eb:43:28:da:ad:6d:64:47:12:59:37:e8:e7:ea:fc:1f:8b:
         1e:fb:6a:f8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZEEtC2Ikpg5qBzXPlg5YSp8tQrswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA3MDMxMzUyMjJaFw0yNjA3MDIxMzU3MjJaMDMxMTAvBgNV
BAMTKEUwMEREMTM4NTdEMzZFNTQyMzNBMDQ5RkNBREU3MURERDM2NTNDMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1lBJo5cXYEEaHqAuSLcLqWzrk
3zj6okDpPmnG3otym6Q6NlCYossQ5jUuF4fpvzl50xAoBsOZdJf8u0fWLe+9r2mQ
9plv4iulfZcoMpnDyFtn8xFtkym4ASmZqFKZN0G3rYjl2WInU4yysru0Kjlw/EgI
lcW5yCsDUe0gSPPvPvs+YDjDzXkqfkvJqCMvCyXc7OSHVsNZApSs4K92ffVNCZhh
Lo8wKOnH0zNbQciVxkjq5LhYdbMdjMESh6GhS4JlFEzWmmxLJMMxvuzbLuk/KdWa
oChxIeFHYGzQSwGKBwDCFvAa2WCnooxqaeQwvww5T9lO6XXP1EKSvgLmWneJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4A3ROFfTblQjOgSfyt5x3dNlPB8wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzEzNDM2MmUzMTM5MmUzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSExYw
DQYJKoZIhvcNAQELBQADggEBAF5zzZoXM2Y+oSCQFDKIpEJrLb4ppVdJly3sdKnt
7r4RHescA15fLunDttthE+pnriY91f/noMIvw1GzsUNFxqoBD5Vqou9VRKg45lHZ
64e+vV9dE8H3XJi1kIiuu8x5GBwSegBr+KqHuHd8U+xlkfCXpll7HTSGRAh9K/2o
FfAQJ6ieiinbSi6yyGMjFVQLSYQFIZ0UraBythUiQfLE2akEBW+l8wnATDMT+Xno
PTCcvClsDpBgi3muoG7feUHEBH2jlE1SSKdGqFqFmDgyo1SpW+Kd11f4pfWeBisR
WHH+uxFKlcmp7ez2oFbrQyjarW1kRxJZN+jn6vwfix77avg=
-----END CERTIFICATE-----