Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32342d3234203d3e2039303039.roa
File:                     34352e3135362e35322e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          TVTxbW5Hn/uwBDAOJAxsysgEid6g/rYwKpFkj0KhHLI=
Subject key identifier:   53:28:64:5D:03:9D:0A:7E:A5:B5:D7:B4:97:2C:13:2A:CB:06:8E:77
Certificate issuer:       /CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
Certificate serial:       0D018AD99951BF2C7C34664EA299428942CA512D
Authority key identifier: 92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32342d3234203d3e2039303039.roa
Signing time:             Sun 12 Oct 2025 01:05:54 +0000
ROA not before:           Sun 12 Oct 2025 01:00:54 +0000
ROA not after:            Sun 11 Oct 2026 01:05:54 +0000
asID:                     9009
IP address blocks:        45.156.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:01:8a:d9:99:51:bf:2c:7c:34:66:4e:a2:99:42:89:42:ca:51:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f49de8684f1287f4f6cb185d5cf7de80c90b94
        Validity
            Not Before: Oct 12 01:00:54 2025 GMT
            Not After : Oct 11 01:05:54 2026 GMT
        Subject: CN=5328645D039D0A7EA5B5D7B4972C132ACB068E77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c5:29:45:41:80:ef:78:ac:42:33:f6:11:c7:
                    1c:60:0d:56:65:18:e3:e9:a9:73:e5:f2:fe:ad:2c:
                    58:30:6c:d9:d1:60:64:52:47:8b:91:a1:16:fd:70:
                    0c:c0:01:11:24:2e:b8:98:b0:3f:70:04:ee:c8:e8:
                    dc:c6:4a:53:89:da:64:95:eb:d4:7b:42:47:88:45:
                    9c:a7:77:a9:cc:a8:37:2d:11:3d:c9:7e:41:de:34:
                    9b:e7:da:97:d7:8d:aa:7b:7e:e1:9f:82:f3:54:92:
                    57:2f:86:d4:8f:37:0d:f1:88:b6:34:79:c3:b0:e9:
                    2e:3b:db:53:90:b4:a0:b2:3a:4e:5e:a0:d5:70:fd:
                    32:fb:d5:e4:e4:ed:38:c4:07:53:5a:f0:03:be:0c:
                    e7:3f:ae:a1:84:ea:00:1b:c9:92:e5:35:d3:42:8c:
                    b7:d0:a4:0b:30:f6:18:72:64:44:3f:ff:71:eb:91:
                    59:2d:1a:8b:66:0a:65:d9:18:2d:7d:a4:12:e8:db:
                    7f:f8:21:65:b7:32:b7:f8:a2:52:9b:00:1f:2e:a6:
                    fc:79:c7:57:2f:84:5d:64:e8:04:50:c2:c4:50:3f:
                    63:be:c4:17:fa:11:0d:0d:fe:78:8c:90:ad:b2:48:
                    ae:4f:bd:c3:7b:d3:c2:98:72:ba:6e:53:ef:db:18:
                    7b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:28:64:5D:03:9D:0A:7E:A5:B5:D7:B4:97:2C:13:2A:CB:06:8E:77
            X509v3 Authority Key Identifier:
                keyid:92:F4:9D:E8:68:4F:12:87:F4:F6:CB:18:5D:5C:F7:DE:80:C9:0B:94

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/92F49DE8684F1287F4F6CB185D5CF7DE80C90B94.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvSd6GhPEof09ssYXVz33oDJC5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/60923389-2bde-43e0-b0d5-fc244a6303d0/0/34352e3135362e35322e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:61:dd:38:9e:41:78:c6:3d:ac:78:61:d5:9c:fa:93:d7:5e:
         9a:f6:2f:6e:9b:c5:54:09:9b:73:6e:02:fe:1a:48:76:b3:69:
         7e:f4:e7:9e:22:3d:3f:ff:07:77:e3:f2:c4:a1:73:ab:16:98:
         ea:e9:ba:87:be:04:b6:17:0b:bc:95:9a:23:31:8b:69:8c:1a:
         75:32:bc:35:de:9f:53:f3:77:2f:2b:14:20:2f:d8:da:b8:3d:
         99:ce:5d:3c:d7:01:78:46:3d:23:c2:65:cb:5f:79:51:15:14:
         06:46:91:6f:4f:f6:24:f7:17:de:27:70:b1:1d:3d:4f:b1:a1:
         bf:f9:d3:22:14:f0:3d:02:3e:98:7a:0c:a8:3e:1d:93:38:f1:
         38:e9:46:d0:dd:bb:b2:e2:81:da:8f:42:9b:b0:35:57:2c:41:
         87:d5:ea:17:84:fb:3b:e5:73:d0:ce:a8:bb:40:37:a8:74:85:
         ab:16:36:43:59:e9:88:bf:f2:07:36:e0:96:8d:9b:84:c8:4e:
         9d:b9:5d:6e:2a:37:b2:8b:c0:24:35:47:5c:1a:13:9b:14:c5:
         ee:82:3e:43:82:45:3a:e6:31:7f:df:44:2c:56:0d:19:58:1e:
         74:c4:1b:b2:7d:4e:bc:e1:d6:94:42:20:88:88:0d:94:2c:56:
         d8:d5:2c:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDQGK2ZlRvyx8NGZOoplCiULKUS0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTJmNDlkZTg2ODRmMTI4N2Y0ZjZjYjE4NWQ1Y2Y3ZGU4
MGM5MGI5NDAeFw0yNTEwMTIwMTAwNTRaFw0yNjEwMTEwMTA1NTRaMDMxMTAvBgNV
BAMTKDUzMjg2NDVEMDM5RDBBN0VBNUI1RDdCNDk3MkMxMzJBQ0IwNjhFNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3xSlFQYDveKxCM/YRxxxgDVZl
GOPpqXPl8v6tLFgwbNnRYGRSR4uRoRb9cAzAAREkLriYsD9wBO7I6NzGSlOJ2mSV
69R7QkeIRZynd6nMqDctET3JfkHeNJvn2pfXjap7fuGfgvNUklcvhtSPNw3xiLY0
ecOw6S4721OQtKCyOk5eoNVw/TL71eTk7TjEB1Na8AO+DOc/rqGE6gAbyZLlNdNC
jLfQpAsw9hhyZEQ//3HrkVktGotmCmXZGC19pBLo23/4IWW3Mrf4olKbAB8upvx5
x1cvhF1k6ARQwsRQP2O+xBf6EQ0N/niMkK2ySK5PvcN708KYcrpuU+/bGHuJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUyhkXQOdCn6ltde0lywTKssGjncwHwYDVR0j
BBgwFoAUkvSd6GhPEof09ssYXVz33oDJC5QwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNjA5MjMzODktMmJkZS00M2UwLWIwZDUtZmMyNDRhNjMw
M2QwLzAvOTJGNDlERTg2ODRGMTI4N0Y0RjZDQjE4NUQ1Q0Y3REU4MEM5MEI5NC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2t2U2Q2R2hQRW9mMDlzc1lYVnozM29E
SkM1US5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNjA5MjMzODkt
MmJkZS00M2UwLWIwZDUtZmMyNDRhNjMwM2QwLzAvMzQzNTJlMzEzNTM2MmUzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnDQw
DQYJKoZIhvcNAQELBQADggEBAChh3TieQXjGPax4YdWc+pPXXpr2L26bxVQJm3Nu
Av4aSHazaX70554iPT//B3fj8sShc6sWmOrpuoe+BLYXC7yVmiMxi2mMGnUyvDXe
n1Pzdy8rFCAv2Nq4PZnOXTzXAXhGPSPCZctfeVEVFAZGkW9P9iT3F94ncLEdPU+x
ob/50yIU8D0CPph6DKg+HZM48TjpRtDdu7LigdqPQpuwNVcsQYfV6heE+zvlc9DO
qLtAN6h0hasWNkNZ6Yi/8gc24JaNm4TITp25XW4qN7KLwCQ1R1waE5sUxe6CPkOC
RTrmMX/fRCxWDRlYHnTEG7J9Trzh1pRCIIiIDZQsVtjVLB0=
-----END CERTIFICATE-----