Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136382e302f32312d3234203d3e2036303739.roa
File:                     3132382e36352e3136382e302f32312d3234203d3e2036303739.roa (raw, json)
Hash identifier:          i6JhDTo2qgsHKnhvdAD8kBBVl6YUcjppNLTK7aRFku0=
Subject key identifier:   3F:F1:84:69:A2:76:A1:0C:AB:D6:C7:33:FE:D1:7B:AC:F9:2C:69:5F
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       1B010EFF12BE84728ED6708FE8BE3D4BDE2B95A2
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136382e302f32312d3234203d3e2036303739.roa
Signing time:             Wed 07 May 2025 05:28:20 +0000
ROA not before:           Wed 07 May 2025 05:23:20 +0000
ROA not after:            Wed 06 May 2026 05:28:20 +0000
asID:                     6079
IP address blocks:        128.65.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:01:0e:ff:12:be:84:72:8e:d6:70:8f:e8:be:3d:4b:de:2b:95:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: May  7 05:23:20 2025 GMT
            Not After : May  6 05:28:20 2026 GMT
        Subject: CN=3FF18469A276A10CABD6C733FED17BACF92C695F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c1:a5:14:b9:4b:fd:36:e9:06:a8:1b:b5:70:
                    e4:05:4f:57:6b:26:d5:29:8b:ac:23:a8:8c:1a:30:
                    a7:02:48:15:05:1e:2f:19:75:47:93:2b:55:fa:36:
                    e7:7f:fc:28:44:0b:01:95:c2:94:b9:3b:e1:36:61:
                    ed:b5:55:04:8c:47:4c:eb:8a:85:ae:ca:c0:8d:0c:
                    ff:78:c6:7c:c7:6d:f2:0b:10:78:d9:1f:b2:3a:e6:
                    e3:f7:86:b8:16:84:4d:5d:bb:37:3c:03:51:46:3f:
                    36:8a:a4:77:ad:4e:72:b8:4a:55:9b:d1:1f:0b:2e:
                    24:1d:c0:f5:aa:2c:c9:38:83:6e:a4:8f:bc:23:6b:
                    de:ec:37:dc:d7:28:2c:1e:4b:ca:aa:b2:0f:30:a0:
                    52:eb:ad:41:fe:ce:5d:ab:fe:23:3f:63:97:1d:f7:
                    e0:1b:c2:d8:ef:74:3e:07:67:bd:8c:56:3a:e1:22:
                    22:38:77:df:b9:50:17:bf:56:fb:6c:e5:35:58:d9:
                    6a:c0:d9:c9:39:b5:ff:d2:96:a6:13:bb:5a:1d:9e:
                    3b:a5:8b:ee:4f:29:f2:e4:a9:c2:89:cd:57:31:25:
                    54:42:ce:e6:f4:5b:a9:d1:93:c7:e8:87:f3:58:16:
                    ec:df:90:19:ef:20:27:89:42:01:09:20:6c:17:d2:
                    23:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F1:84:69:A2:76:A1:0C:AB:D6:C7:33:FE:D1:7B:AC:F9:2C:69:5F
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136382e302f32312d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0c:46:0c:25:79:66:ae:ef:1b:10:b1:35:0a:1d:01:6b:fd:df:
         d2:71:32:9a:b2:b8:16:1a:40:f9:bc:73:5a:8e:c3:4a:11:2f:
         8c:c5:8e:ef:f3:5a:36:7a:dd:2d:84:4b:56:59:db:0f:e1:38:
         3d:d5:e9:81:d2:29:4b:25:d9:c7:d3:53:48:f8:c2:1f:44:01:
         fc:86:e1:26:32:27:01:d2:b3:f6:77:9b:56:e8:a6:24:3a:9b:
         e7:94:f7:6b:d4:8f:9f:85:6d:1c:72:6a:0c:31:58:d0:ac:db:
         4e:e0:ab:a9:c2:2e:2e:8e:d2:11:49:ee:b3:a0:43:27:6c:4c:
         e7:c0:d7:d4:04:97:50:96:cd:f1:e3:e5:fd:b6:da:dc:4c:7e:
         08:18:f5:3c:34:06:9d:80:55:d4:38:81:c3:92:31:4d:07:84:
         76:30:35:a6:67:08:d2:cf:d8:74:53:1c:49:2b:c0:87:27:86:
         b3:73:3a:22:c7:e7:60:21:e3:d1:53:51:a4:89:21:5b:84:04:
         26:8d:f1:00:89:aa:92:a5:30:92:e3:57:0c:67:cd:07:a1:9a:
         20:3a:cc:1b:49:09:93:53:b8:7e:0d:a5:c9:2f:05:04:1c:60:
         c0:21:6a:24:e0:3c:55:9a:c0:47:3e:5c:5e:f5:fc:b6:c9:60:
         39:7a:7c:b8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGwEO/xK+hHKO1nCP6L49S94rlaIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTA1MDcwNTIzMjBaFw0yNjA1MDYwNTI4MjBaMDMxMTAvBgNV
BAMTKDNGRjE4NDY5QTI3NkExMENBQkQ2QzczM0ZFRDE3QkFDRjkyQzY5NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2waUUuUv9NukGqBu1cOQFT1dr
JtUpi6wjqIwaMKcCSBUFHi8ZdUeTK1X6Nud//ChECwGVwpS5O+E2Ye21VQSMR0zr
ioWuysCNDP94xnzHbfILEHjZH7I65uP3hrgWhE1duzc8A1FGPzaKpHetTnK4SlWb
0R8LLiQdwPWqLMk4g26kj7wja97sN9zXKCweS8qqsg8woFLrrUH+zl2r/iM/Y5cd
9+AbwtjvdD4HZ72MVjrhIiI4d9+5UBe/Vvts5TVY2WrA2ck5tf/SlqYTu1odnjul
i+5PKfLkqcKJzVcxJVRCzub0W6nRk8foh/NYFuzfkBnvICeJQgEJIGwX0iMtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUP/GEaaJ2oQyr1scz/tF7rPksaV8wHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzMjM4MmUzNjM1MmUzMTM2
MzgyZTMwMmYzMjMxMmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA4BB
qDANBgkqhkiG9w0BAQsFAAOCAQEADEYMJXlmru8bELE1Ch0Ba/3f0nEymrK4FhpA
+bxzWo7DShEvjMWO7/NaNnrdLYRLVlnbD+E4PdXpgdIpSyXZx9NTSPjCH0QB/Ibh
JjInAdKz9nebVuimJDqb55T3a9SPn4VtHHJqDDFY0KzbTuCrqcIuLo7SEUnus6BD
J2xM58DX1ASXUJbN8ePl/bba3Ex+CBj1PDQGnYBV1DiBw5IxTQeEdjA1pmcI0s/Y
dFMcSSvAhyeGs3M6IsfnYCHj0VNRpIkhW4QEJo3xAImqkqUwkuNXDGfNB6GaIDrM
G0kJk1O4fg2lyS8FBBxgwCFqJOA8VZrARz5cXvX8tslgOXp8uA==
-----END CERTIFICATE-----