Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323135303531.roa
File:                     34352e382e3137332e302f32342d3234203d3e20323135303531.roa (raw, json)
Hash identifier:          KTke8ZWqVLA3ANHJ800vvcDHEpQ20KNFTJcuTxVUvFI=
Subject key identifier:   CA:C0:AA:87:60:1D:D6:9D:1B:41:45:CB:BE:99:8A:6D:D4:A7:FE:23
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       499ADEBED8A199C38988BF38570452C1DE29F10A
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323135303531.roa
Signing time:             Mon 21 Apr 2025 12:42:18 +0000
ROA not before:           Mon 21 Apr 2025 12:37:18 +0000
ROA not after:            Mon 20 Apr 2026 12:42:18 +0000
asID:                     215051
IP address blocks:        45.8.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:22:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:9a:de:be:d8:a1:99:c3:89:88:bf:38:57:04:52:c1:de:29:f1:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Apr 21 12:37:18 2025 GMT
            Not After : Apr 20 12:42:18 2026 GMT
        Subject: CN=CAC0AA87601DD69D1B4145CBBE998A6DD4A7FE23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:fc:30:e0:d4:45:31:73:e8:c2:d8:d3:70:34:
                    85:22:bc:b8:ae:e4:63:71:f0:d1:a7:69:c2:b4:d4:
                    ae:4a:28:5d:83:0c:55:9c:fa:9b:e9:bd:48:07:18:
                    82:09:70:b0:78:17:05:67:60:b1:55:1b:60:f5:86:
                    00:b8:bf:58:bc:64:03:51:30:ec:88:c5:20:c4:8e:
                    cb:97:5e:01:22:ba:68:de:b2:28:73:05:c2:66:9a:
                    ae:cb:13:b9:81:bb:84:79:03:23:98:b1:31:8c:9a:
                    e1:b1:d6:da:df:b2:87:c1:36:53:80:b7:fd:f3:e0:
                    ad:6d:f2:88:08:d1:46:7d:f4:fe:07:36:96:11:19:
                    90:6b:69:f5:20:47:79:2e:6e:c6:09:a6:ea:32:45:
                    36:70:0d:c5:3e:83:b1:fd:09:82:40:68:bc:4c:ae:
                    10:42:b7:44:29:1c:28:cd:98:67:13:78:fd:c4:c7:
                    14:97:f4:94:4b:eb:83:3f:64:d6:4f:7f:db:70:45:
                    10:ae:03:e5:79:6b:8c:cf:df:03:e0:f4:8f:d2:c3:
                    47:57:72:21:78:75:67:6e:0b:59:52:c8:94:5f:ab:
                    07:d0:a0:58:fb:6e:c7:a7:e3:35:96:2c:b7:e5:4b:
                    b0:13:b9:e6:bc:7f:79:eb:8a:90:b1:2e:b9:c0:05:
                    8c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:C0:AA:87:60:1D:D6:9D:1B:41:45:CB:BE:99:8A:6D:D4:A7:FE:23
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323135303531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:b6:51:5a:8d:4d:c0:8b:ed:ae:cf:aa:36:37:ed:73:7b:90:
         31:5e:60:9c:52:ee:ac:3f:c2:9f:77:ff:c9:84:91:49:55:1f:
         a1:c5:bf:3d:24:c0:b4:8e:2f:bf:64:07:8a:d8:12:8f:46:6a:
         b2:87:6e:2a:76:91:ac:06:49:cc:8f:0b:0d:de:8c:36:18:83:
         7e:23:a1:d7:5e:8b:e2:32:ea:4a:b5:7b:26:bc:5a:ca:40:15:
         e9:f4:5e:19:92:2b:d9:d6:e0:0a:74:8e:a5:14:82:35:36:aa:
         91:ab:3a:c6:47:d2:36:ea:80:e7:62:68:7c:62:38:1a:53:4a:
         00:bf:a3:8b:82:5c:c6:21:b3:54:ca:51:99:ec:3c:c9:31:fd:
         ad:6f:b0:e5:a5:a0:67:f2:ed:ad:d6:12:bc:7f:fe:a8:34:e4:
         38:13:6c:d4:1c:a7:5d:c0:94:8f:9a:dd:24:3c:72:65:e5:1c:
         48:c7:9d:78:6a:1c:62:00:6f:b6:ab:00:9e:9d:81:4f:75:c8:
         9a:3a:ba:fd:a9:e2:3a:67:56:5d:72:4b:8f:b7:8f:c2:3d:6d:
         1f:a0:10:ad:8f:d9:a2:fc:d9:5d:ec:dd:e3:23:fb:bd:fa:43:
         9e:23:15:53:3c:c3:bc:e8:84:8d:c6:33:8a:20:c2:73:98:c6:
         dc:3c:c5:5e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSZrevtihmcOJiL84VwRSwd4p8QowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA0MjExMjM3MThaFw0yNjA0MjAxMjQyMThaMDMxMTAvBgNV
BAMTKENBQzBBQTg3NjAxREQ2OUQxQjQxNDVDQkJFOTk4QTZERDRBN0ZFMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5/DDg1EUxc+jC2NNwNIUivLiu
5GNx8NGnacK01K5KKF2DDFWc+pvpvUgHGIIJcLB4FwVnYLFVG2D1hgC4v1i8ZANR
MOyIxSDEjsuXXgEiumjesihzBcJmmq7LE7mBu4R5AyOYsTGMmuGx1trfsofBNlOA
t/3z4K1t8ogI0UZ99P4HNpYRGZBrafUgR3kubsYJpuoyRTZwDcU+g7H9CYJAaLxM
rhBCt0QpHCjNmGcTeP3ExxSX9JRL64M/ZNZPf9twRRCuA+V5a4zP3wPg9I/Sw0dX
ciF4dWduC1lSyJRfqwfQoFj7bsen4zWWLLflS7ATuea8f3nripCxLrnABYyNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUysCqh2Ad1p0bQUXLvpmKbdSn/iMwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTMwMzUzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rTANBgkqhkiG9w0BAQsFAAOCAQEATrZRWo1NwIvtrs+qNjftc3uQMV5gnFLurD/C
n3f/yYSRSVUfocW/PSTAtI4vv2QHitgSj0ZqsoduKnaRrAZJzI8LDd6MNhiDfiOh
116L4jLqSrV7JrxaykAV6fReGZIr2dbgCnSOpRSCNTaqkas6xkfSNuqA52JofGI4
GlNKAL+ji4JcxiGzVMpRmew8yTH9rW+w5aWgZ/LtrdYSvH/+qDTkOBNs1BynXcCU
j5rdJDxyZeUcSMedeGocYgBvtqsAnp2BT3XImjq6/aniOmdWXXJLj7ePwj1tH6AQ
rY/ZovzZXezd4yP7vfpDniMVUzzDvOiEjcYziiDCc5jG3DzFXg==
-----END CERTIFICATE-----