Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39392e302f32342d3234203d3e20383334.roa
File:                     34352e3133322e39392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          jQiBkH6/tWErSzKnTSzOLZZUisqHk9ro3Z2CU6b96qg=
Subject key identifier:   F6:85:00:67:39:8A:A0:A2:02:CC:13:8E:AD:FC:B7:50:4A:9A:A2:82
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       DD2A17BBC60138E90F2F452C466B7AEC89E923
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 05 May 2025 18:15:47 +0000
ROA not before:           Mon 05 May 2025 18:10:47 +0000
ROA not after:            Mon 04 May 2026 18:15:47 +0000
asID:                     834
IP address blocks:        45.132.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            dd:2a:17:bb:c6:01:38:e9:0f:2f:45:2c:46:6b:7a:ec:89:e9:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: May  5 18:10:47 2025 GMT
            Not After : May  4 18:15:47 2026 GMT
        Subject: CN=F6850067398AA0A202CC138EADFCB7504A9AA282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:48:7e:40:ef:c8:ef:36:9c:a3:d2:21:8a:b8:
                    e1:0c:50:7a:01:d4:e7:c4:74:fb:30:6f:4a:b8:c7:
                    63:d7:40:35:63:57:fd:36:68:c5:52:1a:47:b6:82:
                    6f:9c:cd:bb:d1:15:98:d9:05:0b:c5:54:d2:e2:82:
                    d8:48:f3:ed:2d:a9:35:0d:44:cc:4f:8a:e6:15:f7:
                    9b:fc:45:d0:b9:0a:85:13:4f:12:a8:39:6a:47:3a:
                    fd:00:1d:4c:06:1d:21:85:8d:f0:77:ad:9a:35:3e:
                    e0:64:c1:c4:8c:8f:41:b3:a0:32:70:b5:b6:02:69:
                    8b:57:ad:5c:85:ca:7d:bb:c7:48:0a:12:5f:f1:00:
                    4c:1a:07:2c:2f:d4:52:7f:25:ae:c7:4d:95:c5:f7:
                    9b:6e:4d:91:d0:f1:47:81:64:54:d6:4f:d4:f7:6b:
                    c4:65:c8:fc:48:14:cc:51:75:cc:dc:be:cb:cc:78:
                    62:3c:d2:4d:e1:c3:52:9f:fe:5d:db:da:19:37:13:
                    da:32:04:0a:55:58:7f:93:04:be:e0:3b:7b:45:94:
                    11:a9:a0:9e:cd:01:75:35:31:09:c0:22:c4:36:eb:
                    c1:36:e2:9d:e2:26:57:bb:c1:8f:8f:5f:81:18:15:
                    bf:db:7c:31:5e:0b:b3:b5:31:59:1e:38:86:17:28:
                    db:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:85:00:67:39:8A:A0:A2:02:CC:13:8E:AD:FC:B7:50:4A:9A:A2:82
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:bb:4b:4a:61:6f:58:bb:88:7e:08:16:13:ab:bf:1e:25:23:
         f2:f7:46:6f:19:c2:34:aa:a8:d7:19:8f:8d:6b:d0:f9:e5:0e:
         73:4d:2f:b3:6c:51:dc:67:c1:d5:fa:cb:91:69:47:8f:6b:ec:
         58:e0:2a:f2:82:11:b1:4b:9d:7d:33:a3:d1:99:6d:ad:50:1a:
         ac:be:bf:88:4c:f3:11:12:e7:9a:d9:88:48:9e:45:62:3e:21:
         96:05:22:ed:e1:f6:ef:62:40:78:33:21:72:89:08:5d:3b:d1:
         51:41:63:ef:23:23:a7:22:cd:e7:1b:c6:62:e2:43:c5:f5:b0:
         7c:6b:e6:f4:b5:23:58:3c:9a:27:de:5a:14:d7:9e:75:f8:9c:
         53:d3:57:6c:4e:3c:89:40:8d:59:e8:9f:a5:49:47:e8:76:69:
         da:20:50:7c:f3:c4:60:92:6d:a4:de:9e:9e:fc:1e:ac:ed:48:
         56:96:4a:7a:3f:c0:4d:01:a3:cd:ad:41:c9:08:07:5a:6e:fa:
         96:72:b2:be:55:31:f2:c3:56:14:ea:0d:67:59:b5:80:e7:5c:
         0a:53:b7:cc:23:0b:fa:4c:ab:f3:6b:59:b9:77:eb:be:fc:9b:
         aa:c1:f3:ca:7d:52:4e:9d:b6:e1:4e:f6:8e:44:1b:b8:07:c8:
         d0:0f:24:e6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAN0qF7vGATjpDy9FLEZreuyJ6SMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNTA1MDUxODEwNDdaFw0yNjA1MDQxODE1NDdaMDMxMTAvBgNV
BAMTKEY2ODUwMDY3Mzk4QUEwQTIwMkNDMTM4RUFERkNCNzUwNEE5QUEyODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcSH5A78jvNpyj0iGKuOEMUHoB
1OfEdPswb0q4x2PXQDVjV/02aMVSGke2gm+czbvRFZjZBQvFVNLigthI8+0tqTUN
RMxPiuYV95v8RdC5CoUTTxKoOWpHOv0AHUwGHSGFjfB3rZo1PuBkwcSMj0GzoDJw
tbYCaYtXrVyFyn27x0gKEl/xAEwaBywv1FJ/Ja7HTZXF95tuTZHQ8UeBZFTWT9T3
a8RlyPxIFMxRdczcvsvMeGI80k3hw1Kf/l3b2hk3E9oyBApVWH+TBL7gO3tFlBGp
oJ7NAXU1MQnAIsQ268E24p3iJle7wY+PX4EYFb/bfDFeC7O1MVkeOIYXKNubAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU9oUAZzmKoKICzBOOrfy3UEqaooIwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzMzMyMmUzOTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYRjMA0G
CSqGSIb3DQEBCwUAA4IBAQCZu0tKYW9Yu4h+CBYTq78eJSPy90ZvGcI0qqjXGY+N
a9D55Q5zTS+zbFHcZ8HV+suRaUePa+xY4CryghGxS519M6PRmW2tUBqsvr+ITPMR
Euea2YhInkViPiGWBSLt4fbvYkB4MyFyiQhdO9FRQWPvIyOnIs3nG8Zi4kPF9bB8
a+b0tSNYPJon3loU1551+JxT01dsTjyJQI1Z6J+lSUfodmnaIFB888Rgkm2k3p6e
/B6s7UhWlkp6P8BNAaPNrUHJCAdabvqWcrK+VTHyw1YU6g1nWbWA51wKU7fMIwv6
TKvza1m5d+u+/JuqwfPKfVJOnbbhTvaORBu4B8jQDyTm
-----END CERTIFICATE-----