Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32322d3234203d3e2039303039.roa
File:                     34352e3135362e35322e302f32322d3234203d3e2039303039.roa (raw, json)
Hash identifier:          Bs9P6MukVIk3Mqg2bASja42eYp9YV11upUqwTKj8Pqc=
Subject key identifier:   46:29:2C:F8:45:B4:75:1C:DE:FE:5D:B3:52:7D:7B:5F:17:1C:9C:18
Certificate issuer:       /CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
Certificate serial:       151BF8883F8B986109A75D9BCA88D69490D4C282
Authority key identifier: 92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32322d3234203d3e2039303039.roa
Signing time:             Sun 12 Oct 2025 01:05:19 +0000
ROA not before:           Sun 12 Oct 2025 01:00:19 +0000
ROA not after:            Sun 11 Oct 2026 01:05:19 +0000
asID:                     9009
IP address blocks:        45.156.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:1b:f8:88:3f:8b:98:61:09:a7:5d:9b:ca:88:d6:94:90:d4:c2:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
        Validity
            Not Before: Oct 12 01:00:19 2025 GMT
            Not After : Oct 11 01:05:19 2026 GMT
        Subject: CN=46292CF845B4751CDEFE5DB3527D7B5F171C9C18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:18:8d:9f:52:89:46:a3:83:7f:fe:46:f5:6b:
                    51:a9:e5:ce:5f:81:ef:f9:0f:f8:10:80:84:6b:c3:
                    64:b4:fc:e5:7d:b6:83:fe:57:e0:f8:42:52:a8:78:
                    2c:51:45:09:1a:db:00:2a:f2:e6:6b:ba:0d:fd:57:
                    83:1e:e7:cc:72:e6:7c:1f:91:a1:0f:63:8c:20:43:
                    5a:2e:0b:0e:49:35:5d:58:27:ab:0d:16:83:e6:0a:
                    ac:4f:8e:82:9a:aa:83:0a:e5:12:7d:fb:8d:fd:ad:
                    c6:cd:bc:c1:ee:40:fe:6c:cd:8e:dc:f3:fc:a8:2f:
                    79:d4:f2:32:f5:4b:21:42:6a:dd:72:e1:50:d9:a4:
                    46:50:fe:92:fb:05:2f:9e:f7:b8:81:bd:3a:6c:16:
                    c9:87:f1:38:8b:b6:6b:c4:74:45:86:6f:0e:6a:a8:
                    40:3c:f5:e2:ef:a5:bf:e4:20:a2:5b:40:d0:93:9b:
                    99:1a:be:74:d4:52:da:c6:2d:53:3d:bf:bf:4a:48:
                    c7:e5:25:6b:49:7e:55:05:6b:a3:f7:b0:d3:a6:30:
                    1f:25:72:1b:5e:11:8e:d7:1e:bc:27:b2:71:bd:b2:
                    bb:3e:a2:22:31:f0:15:0d:5b:cc:af:90:e7:fc:a8:
                    eb:44:4c:22:1c:84:69:31:9c:18:24:d0:f2:a0:ea:
                    33:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:29:2C:F8:45:B4:75:1C:DE:FE:5D:B3:52:7D:7B:5F:17:1C:9C:18
            X509v3 Authority Key Identifier:
                keyid:92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32322d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:89:10:28:ed:96:83:a2:b5:89:92:0c:5f:5e:e7:d8:00:72:
         24:83:80:2c:aa:f6:20:7d:d9:65:e9:89:fc:d1:86:1b:2b:d8:
         49:5e:10:cb:fb:0c:59:47:27:04:64:a5:f5:6a:51:ad:74:5d:
         e3:18:56:d7:ad:a7:e4:b8:13:69:51:0b:19:76:63:f9:5e:71:
         ba:04:3d:e6:4d:9c:7b:97:4f:86:e0:b1:f5:63:8e:d3:0d:b1:
         3c:b7:cd:fd:dd:95:b6:c1:3e:28:69:7f:1d:5f:fe:cb:73:61:
         bb:7d:44:83:d5:10:ca:40:bf:93:ff:09:e0:86:47:11:11:a4:
         38:1a:29:5b:69:31:7d:c0:0b:d4:8e:91:e8:b3:41:29:a8:b9:
         ca:fc:5e:ce:6e:d4:2a:b0:96:e7:66:fd:d3:4e:52:53:93:e2:
         6b:31:bf:e0:3d:4e:29:90:a5:74:2c:36:bf:25:cc:19:c7:f1:
         6d:5e:3f:f5:d0:6e:30:47:c1:6f:15:31:0d:8f:e9:b6:da:e0:
         42:eb:25:b2:8e:74:b1:12:52:3d:7b:e3:5d:2d:9a:f5:eb:e7:
         bb:12:41:82:0c:22:73:f8:14:3e:df:05:a9:5b:c2:61:9f:f6:
         11:d9:cd:8b:a4:d7:44:a5:99:20:e8:ad:12:f5:36:a8:f5:94:
         6e:6c:77:57
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUFRv4iD+LmGEJp12byojWlJDUwoIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTJmNDlkZTg2ODRmMTI4N2Y0ZjZjYjE4NWQ1Y2Y3ZGU4
MGM5MGI5NDAeFw0yNTEwMTIwMTAwMTlaFw0yNjEwMTEwMTA1MTlaMDMxMTAvBgNV
BAMTKDQ2MjkyQ0Y4NDVCNDc1MUNERUZFNURCMzUyN0Q3QjVGMTcxQzlDMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGI2fUolGo4N//kb1a1Gp5c5f
ge/5D/gQgIRrw2S0/OV9toP+V+D4QlKoeCxRRQka2wAq8uZrug39V4Me58xy5nwf
kaEPY4wgQ1ouCw5JNV1YJ6sNFoPmCqxPjoKaqoMK5RJ9+439rcbNvMHuQP5szY7c
8/yoL3nU8jL1SyFCat1y4VDZpEZQ/pL7BS+e97iBvTpsFsmH8TiLtmvEdEWGbw5q
qEA89eLvpb/kIKJbQNCTm5kavnTUUtrGLVM9v79KSMflJWtJflUFa6P3sNOmMB8l
chteEY7XHrwnsnG9srs+oiIx8BUNW8yvkOf8qOtETCIchGkxnBgk0PKg6jPtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQURiks+EW0dRze/l2zUn17XxccnBgwHwYDVR0j
BBgwFoAUkvSd6GhPEof09ssYXVz33oDJC5QwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNjA5MjMzODktMmJkZS00M2UwLWIwZDUtZmMyNDRhNjMw
M2QwLzAvOTJGNDlERTg2ODRGMTI4N0Y0RjZDQjE4NUQ1Q0Y3REU4MEM5MEI5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2t2U2Q2R2hQRW9mMDlzc1lYVnozM29E
SkM1US5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNjA5MjMzODkt
MmJkZS00M2UwLWIwZDUtZmMyNDRhNjMwM2QwLzAvMzQzNTJlMzEzNTM2MmUzNTMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItnDQw
DQYJKoZIhvcNAQELBQADggEBADqJECjtloOitYmSDF9e59gAciSDgCyq9iB92WXp
ifzRhhsr2EleEMv7DFlHJwRkpfVqUa10XeMYVtetp+S4E2lRCxl2Y/lecboEPeZN
nHuXT4bgsfVjjtMNsTy3zf3dlbbBPihpfx1f/stzYbt9RIPVEMpAv5P/CeCGRxER
pDgaKVtpMX3AC9SOkeizQSmoucr8Xs5u1Cqwludm/dNOUlOT4msxv+A9TimQpXQs
Nr8lzBnH8W1eP/XQbjBHwW8VMQ2P6bba4ELrJbKOdLESUj17410tmvXr57sSQYIM
InP4FD7fBalbwmGf9hHZzYuk10SlmSDorRL1Nqj1lG5sd1c=
-----END CERTIFICATE-----