Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136322e302f32332d3332203d3e203531313637.roa
File:                     34352e31302e3136322e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          UuXJWIRohYF/fy2+IXyLVASogJkOiBP2YSKE+cDdEhI=
Subject key identifier:   F6:B1:E8:2C:8D:BE:C6:F3:88:C8:10:A1:77:FE:88:E1:23:84:3D:4D
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3A46B480EC7896AC0B3257D295EDB9584132385F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136322e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 23 Apr 2025 13:46:08 +0000
ROA not before:           Wed 23 Apr 2025 13:41:08 +0000
ROA not after:            Wed 22 Apr 2026 13:46:08 +0000
asID:                     51167
IP address blocks:        45.10.162.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:46:b4:80:ec:78:96:ac:0b:32:57:d2:95:ed:b9:58:41:32:38:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr 23 13:41:08 2025 GMT
            Not After : Apr 22 13:46:08 2026 GMT
        Subject: CN=F6B1E82C8DBEC6F388C810A177FE88E123843D4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:98:79:36:60:22:66:4d:c0:c2:53:de:87:f6:
                    27:cf:fd:a5:6a:ad:83:91:d1:81:86:30:61:bd:3e:
                    fe:32:90:5c:b6:7a:3a:8e:24:22:2d:73:af:98:94:
                    65:fe:40:ee:21:9c:18:97:4c:70:24:8b:fa:69:43:
                    03:4b:33:ec:e1:49:1f:78:83:65:83:8d:56:68:79:
                    72:26:00:c6:43:06:16:a1:91:73:e5:6d:25:cd:20:
                    07:5f:ef:75:0e:98:93:81:ff:dd:bc:2a:05:1b:62:
                    4f:3c:38:86:d5:21:ba:6c:31:15:65:11:2e:d7:86:
                    b5:e4:6e:56:26:4b:53:8b:45:f5:2a:c0:55:98:ba:
                    af:77:fd:eb:e3:48:cd:60:9a:48:ed:96:6e:6c:99:
                    57:ba:62:6d:d2:33:3b:dd:38:05:d1:d3:b7:f0:c9:
                    88:36:5c:39:a1:d3:1d:b7:57:c2:b5:a8:79:11:fa:
                    76:ea:cf:69:01:e8:3b:76:f1:d7:9b:9d:76:c8:41:
                    b2:a3:0c:d9:8c:ba:1c:6e:a8:2a:d5:60:af:3e:60:
                    ba:90:7f:4f:3d:8d:b2:45:e5:ca:eb:7c:3f:fd:fc:
                    d3:9c:c8:0f:b7:61:d9:31:38:1b:a7:0b:7f:36:57:
                    97:ad:f2:c3:5d:e7:b5:28:88:74:5a:28:9b:62:47:
                    4b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B1:E8:2C:8D:BE:C6:F3:88:C8:10:A1:77:FE:88:E1:23:84:3D:4D
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136322e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:8a:66:ce:5c:a3:5a:43:28:70:f3:ee:c3:a9:ee:90:76:54:
         f1:34:17:d0:37:e2:c3:3a:da:83:ef:52:6d:a9:6d:47:c1:9b:
         67:e8:dd:bd:1d:76:3f:55:a5:44:a7:4a:86:04:c0:8c:fc:74:
         fd:ab:a4:1a:f4:aa:45:af:3a:c9:d3:ac:2a:2c:c5:35:6b:50:
         ee:d5:db:01:be:51:0c:41:2f:85:a2:1b:ca:7b:58:03:7d:a1:
         1f:a4:51:34:f6:75:45:2e:bb:3a:72:ed:61:6a:39:a7:a8:44:
         56:3a:66:e0:95:47:c0:6f:f7:00:d8:17:32:0c:53:b6:5e:60:
         02:c6:51:f6:8b:ce:6d:af:82:2e:b4:bb:88:1e:c3:b0:0c:d3:
         be:e0:ef:b4:e0:f5:eb:28:e2:6a:15:6e:50:36:e0:73:a4:7f:
         00:c3:90:14:a5:12:65:99:6a:17:95:9b:f2:41:b1:b1:27:66:
         b7:07:27:06:7b:61:39:86:bb:a6:3d:3f:e1:59:a3:70:26:67:
         18:2a:fe:39:e9:ac:7e:da:d8:99:b2:b4:7d:bc:1a:ce:0c:69:
         92:05:b3:6a:28:b1:71:37:be:c2:53:40:4e:15:e9:30:1f:7f:
         f0:39:97:a1:47:81:a2:82:ca:1a:6e:69:78:b9:3e:de:5e:aa:
         0d:a1:79:4a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOka0gOx4lqwLMlfSle25WEEyOF8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTA0MjMxMzQxMDhaFw0yNjA0MjIxMzQ2MDhaMDMxMTAvBgNV
BAMTKEY2QjFFODJDOERCRUM2RjM4OEM4MTBBMTc3RkU4OEUxMjM4NDNENEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDimHk2YCJmTcDCU96H9ifP/aVq
rYOR0YGGMGG9Pv4ykFy2ejqOJCItc6+YlGX+QO4hnBiXTHAki/ppQwNLM+zhSR94
g2WDjVZoeXImAMZDBhahkXPlbSXNIAdf73UOmJOB/928KgUbYk88OIbVIbpsMRVl
ES7XhrXkblYmS1OLRfUqwFWYuq93/evjSM1gmkjtlm5smVe6Ym3SMzvdOAXR07fw
yYg2XDmh0x23V8K1qHkR+nbqz2kB6Dt28debnXbIQbKjDNmMuhxuqCrVYK8+YLqQ
f089jbJF5crrfD/9/NOcyA+3YdkxOBunC382V5et8sNd57UoiHRaKJtiR0vlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU9rHoLI2+xvOIyBChd/6I4SOEPU0wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzMDJlMzEzNjMy
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
ojANBgkqhkiG9w0BAQsFAAOCAQEAMYpmzlyjWkMocPPuw6nukHZU8TQX0Dfiwzra
g+9SbaltR8GbZ+jdvR12P1WlRKdKhgTAjPx0/aukGvSqRa86ydOsKizFNWtQ7tXb
Ab5RDEEvhaIbyntYA32hH6RRNPZ1RS67OnLtYWo5p6hEVjpm4JVHwG/3ANgXMgxT
tl5gAsZR9ovOba+CLrS7iB7DsAzTvuDvtOD16yjiahVuUDbgc6R/AMOQFKUSZZlq
F5Wb8kGxsSdmtwcnBnthOYa7pj0/4VmjcCZnGCr+OemsftrYmbK0fbwazgxpkgWz
aiixcTe+wlNAThXpMB9/8DmXoUeBooLKGm5peLk+3l6qDaF5Sg==
-----END CERTIFICATE-----