Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203239383032.roa
File:                     34352e39352e3231352e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          Q1OlQJwADffmDxnZKj7bvhSo1kOL5aXrHpMtVtZFtuQ=
Subject key identifier:   CA:58:C0:33:13:99:59:85:3F:4E:6B:0D:7F:07:BD:AF:8E:35:E2:D2
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       583E37575E914A928DD752D5D2D06A6DA24C1652
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203239383032.roa
Signing time:             Thu 07 Aug 2025 15:18:13 +0000
ROA not before:           Thu 07 Aug 2025 15:13:13 +0000
ROA not after:            Thu 06 Aug 2026 15:18:13 +0000
asID:                     29802
IP address blocks:        45.95.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:3e:37:57:5e:91:4a:92:8d:d7:52:d5:d2:d0:6a:6d:a2:4c:16:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Aug  7 15:13:13 2025 GMT
            Not After : Aug  6 15:18:13 2026 GMT
        Subject: CN=CA58C033139959853F4E6B0D7F07BDAF8E35E2D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:0a:15:db:a8:43:0e:43:50:11:15:a8:66:
                    26:b6:6f:3e:cf:33:e7:3c:ad:f6:ad:de:ec:76:d1:
                    ad:ab:07:35:da:1b:05:06:cf:7f:4a:6d:35:6d:1a:
                    9c:9f:5e:77:99:79:47:63:bb:29:81:8b:1e:53:ce:
                    88:38:e9:34:12:d0:ca:c2:65:66:d3:d4:a0:2a:b2:
                    dd:fb:17:88:21:6a:4d:f5:1d:ac:38:3e:61:e5:00:
                    71:73:5c:54:ef:c9:74:5f:74:8d:3f:b2:d7:07:66:
                    fd:d1:b6:57:fd:57:34:f3:fe:83:26:ce:d2:c7:c1:
                    48:54:5c:5c:41:0b:2c:d5:3d:cd:e2:15:27:a4:54:
                    83:1e:c9:15:59:76:db:0f:e9:cb:ae:4b:f6:99:a4:
                    a3:21:52:88:2a:4a:cd:09:d8:b9:6b:f3:66:4b:67:
                    42:25:42:9b:17:1b:be:d0:19:e5:5f:8c:2b:e3:35:
                    8f:e9:d1:a9:dd:82:9d:9c:e2:61:66:a5:a1:7f:52:
                    90:07:57:12:ee:ea:d1:3a:2a:14:6e:c2:dc:34:86:
                    32:c3:be:f8:6d:b3:ed:27:ef:9b:1d:1d:66:c0:32:
                    a7:f4:8e:a0:c7:e0:de:b1:29:43:b6:41:60:4a:b6:
                    17:aa:b2:85:af:58:4a:e9:d1:c4:2c:9e:88:e0:6f:
                    a0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:58:C0:33:13:99:59:85:3F:4E:6B:0D:7F:07:BD:AF:8E:35:E2:D2
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:1c:be:01:c0:6d:07:70:d2:d8:36:53:13:ae:dc:ec:1f:1a:
         29:f3:bd:bc:64:33:50:3e:9e:3b:99:c5:7c:f8:5c:60:51:a2:
         f3:bc:66:5f:6e:bd:fb:46:f4:68:ed:95:f2:8a:a3:05:25:a2:
         2f:fc:52:ff:c4:20:f8:fd:4b:31:8f:07:ae:94:25:36:ab:4e:
         e0:b9:af:4a:3d:be:40:91:ad:52:e7:b4:7a:9f:89:c3:bd:48:
         d6:cf:dc:f6:69:b8:eb:ea:5a:6e:30:ba:91:34:17:c1:31:1f:
         52:68:14:82:27:6b:2c:c1:3d:10:36:55:5f:be:06:f2:4f:69:
         c4:0b:49:63:9f:7e:d6:98:e4:41:3e:6f:42:6c:8d:9e:26:6c:
         92:64:bc:1c:5b:63:86:10:63:52:e6:f7:da:8e:6d:0a:b3:3b:
         8f:74:36:6f:be:50:de:ce:ff:e3:d5:9b:3b:a0:8c:a3:de:ed:
         b2:59:59:d6:a3:33:f4:f3:b1:58:d6:13:75:e7:0b:3b:c4:af:
         d4:9c:8c:9d:e0:73:72:ef:4e:bc:18:56:86:43:8f:f3:c9:d7:
         4b:20:b9:9e:a7:5d:50:be:92:2f:93:0a:67:b5:74:03:78:81:
         48:b0:32:60:10:1e:78:90:c2:bc:03:d1:60:84:66:72:f7:48:
         f9:3a:ed:09
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWD43V16RSpKN11LV0tBqbaJMFlIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA4MDcxNTEzMTNaFw0yNjA4MDYxNTE4MTNaMDMxMTAvBgNV
BAMTKENBNThDMDMzMTM5OTU5ODUzRjRFNkIwRDdGMDdCREFGOEUzNUUyRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC85QoV26hDDkNQERWoZia2bz7P
M+c8rfat3ux20a2rBzXaGwUGz39KbTVtGpyfXneZeUdjuymBix5Tzog46TQS0MrC
ZWbT1KAqst37F4ghak31Haw4PmHlAHFzXFTvyXRfdI0/stcHZv3Rtlf9VzTz/oMm
ztLHwUhUXFxBCyzVPc3iFSekVIMeyRVZdtsP6cuuS/aZpKMhUogqSs0J2Llr82ZL
Z0IlQpsXG77QGeVfjCvjNY/p0andgp2c4mFmpaF/UpAHVxLu6tE6KhRuwtw0hjLD
vvhts+0n75sdHWbAMqf0jqDH4N6xKUO2QWBKtheqsoWvWErp0cQsnojgb6BrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyljAMxOZWYU/TmsNfwe9r4414tIwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
1zANBgkqhkiG9w0BAQsFAAOCAQEAEBy+AcBtB3DS2DZTE67c7B8aKfO9vGQzUD6e
O5nFfPhcYFGi87xmX269+0b0aO2V8oqjBSWiL/xS/8Qg+P1LMY8HrpQlNqtO4Lmv
Sj2+QJGtUue0ep+Jw71I1s/c9mm46+pabjC6kTQXwTEfUmgUgidrLME9EDZVX74G
8k9pxAtJY59+1pjkQT5vQmyNniZskmS8HFtjhhBjUub32o5tCrM7j3Q2b75Q3s7/
49WbO6CMo97tsllZ1qMz9POxWNYTdecLO8Sv1JyMneBzcu9OvBhWhkOP88nXSyC5
nqddUL6SL5MKZ7V0A3iBSLAyYBAeeJDCvAPRYIRmcvdI+TrtCQ==
-----END CERTIFICATE-----