Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137322e302f32342d3234203d3e20323035373333.roa
File:                     34352e382e3137322e302f32342d3234203d3e20323035373333.roa (raw, json)
Hash identifier:          1rINDmT9fsbaOlLLqeJ7eTf+zBwneu4N6jBRg+Yc4gc=
Subject key identifier:   AF:49:EB:44:6F:6B:E1:47:ED:4F:AB:76:36:7A:BD:53:88:9A:61:9F
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       3D5BFB1D1A19895015BA3FABFBEBE3FD87CBEDF1
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137322e302f32342d3234203d3e20323035373333.roa
Signing time:             Fri 03 Oct 2025 16:55:08 +0000
ROA not before:           Fri 03 Oct 2025 16:50:08 +0000
ROA not after:            Fri 02 Oct 2026 16:55:08 +0000
asID:                     205733
IP address blocks:        45.8.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:5b:fb:1d:1a:19:89:50:15:ba:3f:ab:fb:eb:e3:fd:87:cb:ed:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Oct  3 16:50:08 2025 GMT
            Not After : Oct  2 16:55:08 2026 GMT
        Subject: CN=AF49EB446F6BE147ED4FAB76367ABD53889A619F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c4:7a:b0:e7:9c:19:18:e9:8e:af:8c:95:fb:
                    c7:8f:5b:85:32:7c:98:56:4b:48:9f:4d:a5:c7:de:
                    cd:70:e2:8b:a8:09:06:d4:02:8c:c7:34:8b:5f:9c:
                    cb:d3:bc:78:21:17:28:02:5a:cf:26:e9:96:1f:6f:
                    dd:2e:8c:a5:6f:c3:64:44:1c:c5:3d:21:c0:87:e2:
                    32:9f:b8:06:94:5b:b4:c3:8f:bc:29:92:d3:05:c0:
                    53:7d:2e:da:5f:89:31:bb:0c:25:45:af:97:a8:4b:
                    a3:32:e3:91:23:97:99:9f:84:f8:dc:94:3e:a3:f7:
                    50:92:f2:a5:fc:8f:19:ed:ea:04:d6:bd:9d:bf:0a:
                    48:87:ec:da:d5:57:45:d1:33:82:26:2d:1a:cc:1b:
                    85:9e:d6:3e:ff:a6:06:98:22:3f:82:d6:2c:04:ac:
                    a3:7b:83:e0:b2:7f:e4:ef:33:73:80:6a:88:98:dd:
                    63:dc:37:f4:9e:43:56:12:16:b0:85:0d:9c:b9:39:
                    66:f6:0a:f2:25:33:98:a8:e5:21:2c:a8:c2:e6:21:
                    a7:2b:80:4e:25:b8:f9:99:48:86:ad:93:05:3c:8d:
                    40:28:9d:64:4d:dd:e9:1d:2f:b5:44:db:ca:9b:dc:
                    64:0d:7c:b7:67:e7:e0:f1:a8:7e:14:b7:bb:6b:87:
                    1c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:49:EB:44:6F:6B:E1:47:ED:4F:AB:76:36:7A:BD:53:88:9A:61:9F
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137322e302f32342d3234203d3e20323035373333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:6c:2f:e4:6d:64:db:40:3c:f9:82:d2:5c:f3:19:2b:d1:18:
         46:dc:e2:cf:4d:38:39:20:21:5e:c5:84:15:a2:cd:1f:92:14:
         2c:9f:24:52:30:f4:eb:25:b0:b9:ed:da:3f:3f:7d:aa:c8:8e:
         41:4c:2b:99:9f:48:05:97:64:c5:de:75:ba:aa:4c:1b:d4:4c:
         e0:15:9a:fe:fd:78:65:50:fe:a3:09:a9:02:84:71:d1:18:fc:
         39:19:38:d7:1f:2e:4d:89:7a:66:26:02:42:c8:05:01:d2:4e:
         ff:93:e2:e3:97:2a:bd:11:59:95:d2:57:be:e7:43:ca:c4:f3:
         0b:f9:c1:8b:5a:d7:2d:fe:73:38:97:fd:e1:47:4b:cf:98:3e:
         10:62:e1:11:e7:80:03:b1:eb:54:d7:d5:fa:dd:a8:19:a5:f8:
         9a:57:6b:87:22:ae:d3:2f:b3:5e:aa:0a:4a:3b:80:24:b5:7c:
         7e:d1:fb:c7:34:19:52:0a:61:fd:ed:24:24:97:6e:66:de:07:
         46:e1:75:06:b5:7b:0a:09:0f:bc:92:97:8a:0a:ee:49:89:6e:
         3b:71:e4:ec:3c:3c:dc:83:9b:21:3a:a4:b8:6d:85:22:9d:88:
         14:d6:fa:b1:80:08:c7:71:61:1e:ab:1c:1b:4b:c7:7e:98:9c:
         aa:ed:60:2b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPVv7HRoZiVAVuj+r++vj/YfL7fEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTEwMDMxNjUwMDhaFw0yNjEwMDIxNjU1MDhaMDMxMTAvBgNV
BAMTKEFGNDlFQjQ0NkY2QkUxNDdFRDRGQUI3NjM2N0FCRDUzODg5QTYxOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsxHqw55wZGOmOr4yV+8ePW4Uy
fJhWS0ifTaXH3s1w4ouoCQbUAozHNItfnMvTvHghFygCWs8m6ZYfb90ujKVvw2RE
HMU9IcCH4jKfuAaUW7TDj7wpktMFwFN9LtpfiTG7DCVFr5eoS6My45Ejl5mfhPjc
lD6j91CS8qX8jxnt6gTWvZ2/CkiH7NrVV0XRM4ImLRrMG4We1j7/pgaYIj+C1iwE
rKN7g+Cyf+TvM3OAaoiY3WPcN/SeQ1YSFrCFDZy5OWb2CvIlM5io5SEsqMLmIacr
gE4luPmZSIatkwU8jUAonWRN3ekdL7VE28qb3GQNfLdn5+DxqH4Ut7trhxy9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUr0nrRG9r4UftT6t2Nnq9U4iaYZ8wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzNTM3MzMzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rDANBgkqhkiG9w0BAQsFAAOCAQEAD2wv5G1k20A8+YLSXPMZK9EYRtziz004OSAh
XsWEFaLNH5IULJ8kUjD06yWwue3aPz99qsiOQUwrmZ9IBZdkxd51uqpMG9RM4BWa
/v14ZVD+owmpAoRx0Rj8ORk41x8uTYl6ZiYCQsgFAdJO/5Pi45cqvRFZldJXvudD
ysTzC/nBi1rXLf5zOJf94UdLz5g+EGLhEeeAA7HrVNfV+t2oGaX4mldrhyKu0y+z
XqoKSjuAJLV8ftH7xzQZUgph/e0kJJduZt4HRuF1BrV7CgkPvJKXigruSYluO3Hk
7Dw83IObITqkuG2FIp2IFNb6sYAIx3FhHqscG0vHfpicqu1gKw==
-----END CERTIFICATE-----