Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203631333137.roa
File:                     34352e39352e3231352e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          jtw5h4s7N892mHMRX7q1v9D/8tuL7heVW+cms9i1OJM=
Subject key identifier:   AE:C8:97:5B:B5:64:EA:7F:61:C6:61:BF:66:AE:32:E7:45:2E:66:A7
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       0628C820E60958C308FFEF0587F7CC2720A9B41C
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 07 Aug 2025 19:44:36 +0000
ROA not before:           Thu 07 Aug 2025 19:39:36 +0000
ROA not after:            Thu 06 Aug 2026 19:44:36 +0000
asID:                     61317
IP address blocks:        45.95.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:28:c8:20:e6:09:58:c3:08:ff:ef:05:87:f7:cc:27:20:a9:b4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Aug  7 19:39:36 2025 GMT
            Not After : Aug  6 19:44:36 2026 GMT
        Subject: CN=AEC8975BB564EA7F61C661BF66AE32E7452E66A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ba:ef:8c:c4:2d:1c:8d:98:58:00:ec:3d:c5:
                    eb:64:df:c7:23:5a:e1:a8:98:dc:7e:81:84:3f:0b:
                    9b:84:dd:dd:ed:5a:dc:e3:72:b1:db:2f:bb:cd:96:
                    71:19:ae:36:b5:59:e3:dc:6c:cc:1e:e6:ca:d3:0d:
                    4c:a4:f3:e8:ed:47:ef:e2:1d:35:3b:7e:b7:2c:29:
                    27:6c:e5:84:d1:23:fa:b1:6a:ff:b9:2d:df:88:61:
                    7e:95:b2:90:7a:a4:e4:6a:60:53:3a:0f:24:ae:8b:
                    d3:81:de:93:cd:44:bb:0e:9e:46:3f:ca:ae:78:39:
                    ac:7a:4c:5f:e9:23:48:0e:c9:67:2c:63:a0:73:a9:
                    6a:07:f3:26:45:c7:82:d7:fb:91:aa:34:66:93:de:
                    57:3a:30:b5:04:53:7b:d5:43:a4:1d:03:ee:1e:04:
                    ff:ca:7e:72:94:c4:d4:5d:c1:6b:36:a4:92:61:5e:
                    75:77:e6:61:4e:90:1a:b8:82:9f:22:36:df:f4:85:
                    b3:1d:98:9f:23:8f:31:41:59:ad:ed:2a:00:f5:99:
                    89:0d:f4:25:e4:e9:5c:47:74:69:16:06:61:4c:17:
                    00:f8:d8:f4:33:06:6c:a7:70:e7:45:57:b4:b6:4a:
                    bf:46:e5:26:d3:17:99:b9:a8:4d:30:43:df:fb:fb:
                    82:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C8:97:5B:B5:64:EA:7F:61:C6:61:BF:66:AE:32:E7:45:2E:66:A7
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231352e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f7:c5:9a:85:0a:a0:80:09:b8:38:33:e2:c8:f6:d3:6a:3c:
         0d:7a:40:a4:c0:21:58:08:78:40:6d:72:3c:09:5c:aa:42:0e:
         ab:41:28:33:7a:f6:78:ff:dc:b4:2c:64:a6:7b:de:8f:ac:1b:
         b4:af:a1:0f:95:12:3a:f7:9a:08:9a:67:df:50:c2:c4:4c:46:
         ce:7a:3d:eb:5d:4d:73:17:67:0e:63:88:62:59:e9:66:b7:95:
         17:c7:93:5c:63:b0:a4:29:3b:4f:66:55:47:f1:1d:05:00:90:
         06:ec:59:0a:33:3c:7f:73:35:f1:c2:a5:c9:b9:fe:b3:28:53:
         82:a5:f9:ac:7e:1f:a7:98:7d:ac:4e:3e:bb:dc:0e:a7:a2:20:
         f3:7a:11:7e:2c:39:34:84:b5:b4:c0:70:67:e4:fe:6f:76:4d:
         68:70:03:4a:a0:13:5e:c9:cf:d5:10:e2:6f:8d:8a:cd:27:1b:
         6a:99:94:49:47:8a:e5:22:28:e2:ce:f0:99:b4:08:ae:29:f7:
         39:da:09:66:2a:c4:60:9a:fd:d5:e3:96:5a:26:cc:bc:a1:44:
         3e:ea:6f:7e:02:03:03:41:38:9a:00:ac:e8:5b:f2:6f:fb:f5:
         ef:28:64:e7:e7:8e:e2:21:76:bb:c4:8c:f4:e0:1d:7b:0e:90:
         16:e1:96:03
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBijIIOYJWMMI/+8Fh/fMJyCptBwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNTA4MDcxOTM5MzZaFw0yNjA4MDYxOTQ0MzZaMDMxMTAvBgNV
BAMTKEFFQzg5NzVCQjU2NEVBN0Y2MUM2NjFCRjY2QUUzMkU3NDUyRTY2QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNuu+MxC0cjZhYAOw9xetk38cj
WuGomNx+gYQ/C5uE3d3tWtzjcrHbL7vNlnEZrja1WePcbMwe5srTDUyk8+jtR+/i
HTU7frcsKSds5YTRI/qxav+5Ld+IYX6VspB6pORqYFM6DySui9OB3pPNRLsOnkY/
yq54Oax6TF/pI0gOyWcsY6BzqWoH8yZFx4LX+5GqNGaT3lc6MLUEU3vVQ6QdA+4e
BP/KfnKUxNRdwWs2pJJhXnV35mFOkBq4gp8iNt/0hbMdmJ8jjzFBWa3tKgD1mYkN
9CXk6VxHdGkWBmFMFwD42PQzBmyncOdFV7S2Sr9G5SbTF5m5qE0wQ9/7+4LRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrsiXW7Vk6n9hxmG/Zq4y50UuZqcwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1f
1zANBgkqhkiG9w0BAQsFAAOCAQEAkffFmoUKoIAJuDgz4sj202o8DXpApMAhWAh4
QG1yPAlcqkIOq0EoM3r2eP/ctCxkpnvej6wbtK+hD5USOveaCJpn31DCxExGzno9
611NcxdnDmOIYlnpZreVF8eTXGOwpCk7T2ZVR/EdBQCQBuxZCjM8f3M18cKlybn+
syhTgqX5rH4fp5h9rE4+u9wOp6Ig83oRfiw5NIS1tMBwZ+T+b3ZNaHADSqATXsnP
1RDib42KzScbapmUSUeK5SIo4s7wmbQIrin3OdoJZirEYJr91eOWWibMvKFEPupv
fgIDA0E4mgCs6Fvyb/v17yhk5+eO4iF2u8SM9OAdew6QFuGWAw==
-----END CERTIFICATE-----