Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
File:                     34352e382e3137352e302f32342d3234203d3e2037353632.roa (raw, json)
Hash identifier:          gPOJ5OYy4C3HcRMZFW4SHF49vn1yyv2a5aCn7ZHuj8I=
Subject key identifier:   53:93:22:8B:44:B9:98:C0:82:01:BD:D6:D3:36:23:32:95:5F:85:7B
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       5767B0653B2FB2A2C7E5829041F5AAA85C75F4EC
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
Signing time:             Thu 08 May 2025 16:54:07 +0000
ROA not before:           Thu 08 May 2025 16:49:07 +0000
ROA not after:            Thu 07 May 2026 16:54:07 +0000
asID:                     7562
IP address blocks:        45.8.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:67:b0:65:3b:2f:b2:a2:c7:e5:82:90:41:f5:aa:a8:5c:75:f4:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:07 2025 GMT
            Not After : May  7 16:54:07 2026 GMT
        Subject: CN=5393228B44B998C08201BDD6D3362332955F857B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:57:4b:fd:b2:c3:a5:de:c5:86:9a:63:bd:0b:
                    99:f5:44:29:f1:53:ff:f8:b2:95:17:63:e4:ae:8f:
                    be:25:8d:4a:4d:85:94:44:d1:8d:f5:8e:98:48:fb:
                    14:67:8f:34:03:4d:be:4f:91:77:13:62:e8:72:21:
                    80:e9:a8:15:b8:e7:7a:77:44:7c:a3:5d:c1:80:73:
                    c0:db:40:f5:55:d2:91:fa:f8:fc:85:c8:4c:a9:ba:
                    e1:15:cf:5d:c8:57:9c:71:5a:e2:89:37:e3:23:05:
                    38:9f:65:fe:1e:7c:db:63:7b:d0:e4:fb:1d:f0:cc:
                    99:81:14:00:73:e1:c0:22:0f:d6:09:c0:56:32:73:
                    ca:2e:7d:30:57:4e:79:91:bf:e6:af:1b:74:ab:0f:
                    32:70:e3:c4:43:f4:e9:52:fb:7f:15:86:59:43:fe:
                    e9:ed:bb:76:63:b8:88:45:d4:52:9c:3a:43:9b:c0:
                    68:a9:91:d2:61:41:33:02:8d:01:a2:96:65:a7:26:
                    d8:5b:56:33:c4:06:74:1d:15:da:c4:a0:70:06:b3:
                    b7:85:80:76:d2:79:fa:b7:4e:ba:c9:1a:23:42:43:
                    42:e2:02:d9:75:23:0f:90:43:57:36:1b:9b:04:08:
                    00:68:4b:fb:23:0d:31:96:8d:e5:34:8a:3b:5c:bc:
                    b1:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:93:22:8B:44:B9:98:C0:82:01:BD:D6:D3:36:23:32:95:5F:85:7B
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:1a:9a:ea:6a:de:41:11:92:c2:64:be:da:2e:8e:ba:13:27:
         00:fd:9c:92:1c:6d:12:69:d3:bd:60:01:69:4c:08:c9:91:5a:
         f8:35:0a:18:4a:40:af:dd:1e:6a:8f:91:2f:6f:f6:f8:5e:ef:
         e5:b8:11:8a:2e:e3:ea:93:4d:5e:02:b0:d8:fa:2b:bf:9a:80:
         73:06:d0:bc:01:55:fc:71:40:fc:05:5a:cc:17:ef:19:7a:71:
         31:b7:57:55:6c:b7:fd:e2:0b:e1:86:ce:69:69:dc:90:66:f8:
         dd:89:2d:2c:5f:95:ae:9c:c8:a4:03:25:19:f1:3f:34:87:fa:
         e5:00:ce:a9:55:93:87:aa:cc:54:b9:fd:e6:d7:02:a8:d4:57:
         7d:32:00:bc:ac:97:d4:ec:22:4c:d3:35:bf:71:79:37:f8:da:
         48:8b:a4:ad:a0:0c:fa:cb:c6:bb:50:b0:60:5f:6d:b6:12:ef:
         12:a3:53:b1:ef:78:33:92:ae:1e:5e:a2:64:1b:a1:84:2d:39:
         2d:e8:85:63:81:1d:fc:15:eb:fb:53:78:57:bc:64:2c:6b:1f:
         0c:cd:f9:29:67:49:93:1d:6d:d2:16:90:e1:c9:88:8a:f9:40:
         cf:7c:c3:01:66:10:8b:0b:1f:0b:f8:7a:23:d8:0f:7c:33:11:
         71:56:32:5e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUV2ewZTsvsqLH5YKQQfWqqFx19OwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDdaFw0yNjA1MDcxNjU0MDdaMDMxMTAvBgNV
BAMTKDUzOTMyMjhCNDRCOTk4QzA4MjAxQkRENkQzMzYyMzMyOTU1Rjg1N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/V0v9ssOl3sWGmmO9C5n1RCnx
U//4spUXY+Suj74ljUpNhZRE0Y31jphI+xRnjzQDTb5PkXcTYuhyIYDpqBW453p3
RHyjXcGAc8DbQPVV0pH6+PyFyEypuuEVz13IV5xxWuKJN+MjBTifZf4efNtje9Dk
+x3wzJmBFABz4cAiD9YJwFYyc8oufTBXTnmRv+avG3SrDzJw48RD9OlS+38VhllD
/untu3ZjuIhF1FKcOkObwGipkdJhQTMCjQGilmWnJthbVjPEBnQdFdrEoHAGs7eF
gHbSefq3TrrJGiNCQ0LiAtl1Iw+QQ1c2G5sECABoS/sjDTGWjeU0ijtcvLGfAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUU5Mii0S5mMCCAb3W0zYjMpVfhXswHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzUzNjMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQivMA0G
CSqGSIb3DQEBCwUAA4IBAQDJGprqat5BEZLCZL7aLo66EycA/ZySHG0SadO9YAFp
TAjJkVr4NQoYSkCv3R5qj5Evb/b4Xu/luBGKLuPqk01eArDY+iu/moBzBtC8AVX8
cUD8BVrMF+8ZenExt1dVbLf94gvhhs5padyQZvjdiS0sX5WunMikAyUZ8T80h/rl
AM6pVZOHqsxUuf3m1wKo1Fd9MgC8rJfU7CJM0zW/cXk3+NpIi6StoAz6y8a7ULBg
X222Eu8So1Ox73gzkq4eXqJkG6GELTkt6IVjgR38Fev7U3hXvGQsax8MzfkpZ0mT
HW3SFpDhyYiK+UDPfMMBZhCLCx8L+Hoj2A98MxFxVjJe
-----END CERTIFICATE-----