Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231392e302f32342d3234203d3e203633343733.roa
File:                     34352e36372e3231392e302f32342d3234203d3e203633343733.roa (raw, json)
Hash identifier:          5IpDaqIpw2rf9aEgO+m+21TZ4EcMKWDFbygTaQoX31U=
Subject key identifier:   59:AD:A0:D7:54:54:22:BC:59:57:34:38:A0:F9:10:80:97:55:E6:C0
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       016F2DAD440B06091DF5527674DD62CA60DAA014
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231392e302f32342d3234203d3e203633343733.roa
Signing time:             Mon 06 Oct 2025 10:47:49 +0000
ROA not before:           Mon 06 Oct 2025 10:42:49 +0000
ROA not after:            Mon 05 Oct 2026 10:47:49 +0000
asID:                     63473
IP address blocks:        45.67.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 02:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6f:2d:ad:44:0b:06:09:1d:f5:52:76:74:dd:62:ca:60:da:a0:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct  6 10:42:49 2025 GMT
            Not After : Oct  5 10:47:49 2026 GMT
        Subject: CN=59ADA0D7545422BC59573438A0F910809755E6C0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:74:5c:80:08:17:bb:38:c1:ba:15:27:cb:44:
                    53:7b:40:d7:2a:ed:da:b9:ca:b8:8d:db:c0:a0:88:
                    9a:6e:1e:5c:b4:6f:93:2a:c5:c2:0f:83:dd:d0:ea:
                    97:30:60:5b:36:10:51:3c:64:d8:99:23:66:ec:62:
                    8a:08:55:24:3d:aa:11:d1:0a:72:14:87:60:ec:77:
                    72:1f:01:de:e6:66:0f:91:0f:d2:eb:9d:d7:34:9c:
                    68:57:3c:43:5b:c8:cf:11:61:9f:65:47:4e:e7:f2:
                    95:1e:a4:55:96:53:6d:3a:6b:73:12:8a:bd:87:f1:
                    06:b8:56:bc:df:41:15:e4:4a:04:7d:b4:59:ec:b3:
                    e2:89:ac:a3:b5:1d:4b:02:1b:12:5f:5f:3a:6b:4e:
                    b5:b7:e8:d0:28:f8:a6:ab:1e:62:ef:77:10:27:70:
                    07:f9:fa:bb:4e:fb:bf:f0:18:01:c8:c4:f5:b2:05:
                    b9:32:26:8e:ea:13:0b:a7:27:0e:2e:92:48:f4:8a:
                    3e:fc:b8:ba:e0:d4:34:f7:49:a1:78:72:9f:be:c4:
                    08:59:6f:89:e0:52:9c:02:ef:b8:89:6a:ef:10:41:
                    af:36:e7:73:c0:4f:5c:77:fd:33:00:1c:d4:79:ab:
                    fe:39:cf:7c:4e:a6:6a:ca:dc:18:e8:a4:cd:48:98:
                    d0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:AD:A0:D7:54:54:22:BC:59:57:34:38:A0:F9:10:80:97:55:E6:C0
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e36372e3231392e302f32342d3234203d3e203633343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:0b:b5:97:d5:fd:bf:82:a0:af:c6:f6:62:32:c9:e7:31:db:
         5d:cb:7c:40:13:dd:c9:47:5c:a1:db:3a:42:0d:34:41:a7:91:
         c8:cd:07:3c:2d:c6:78:01:7d:07:de:53:64:48:48:b1:d9:79:
         43:b7:0d:9e:14:63:d0:6b:29:4a:34:74:2d:e0:98:c0:e2:9a:
         b8:b9:d7:9f:b1:86:c4:b9:17:a4:ef:b7:32:5f:6f:b5:e7:53:
         e9:2e:95:a8:31:7c:c4:1f:2b:af:f8:e8:e3:f4:09:a8:4b:d2:
         99:d9:98:4d:0c:2d:b0:39:6e:e6:dc:3d:4e:81:b9:f7:a5:9a:
         5b:2f:ce:c4:17:ed:55:d2:da:4b:52:c0:2a:9d:ca:72:9a:7e:
         32:e3:a0:15:17:cb:0d:5c:78:07:a6:da:a7:8b:c4:34:47:0b:
         ea:a4:77:4a:aa:4c:6e:76:91:fa:e6:2e:33:db:00:46:08:89:
         c4:b4:1d:65:a0:53:3b:2e:9f:7a:1b:4b:21:61:4d:f4:83:4e:
         be:53:56:ea:e8:61:a5:fe:53:52:40:76:43:3c:b2:86:95:6a:
         97:d0:f6:a8:68:9d:d5:d3:d8:86:3d:58:c5:e1:59:c1:a6:9a:
         cd:2d:75:2e:58:09:8a:8f:4e:ee:8c:8c:07:cf:65:aa:9c:8e:
         5a:55:13:32
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAW8trUQLBgkd9VJ2dN1iymDaoBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMDYxMDQyNDlaFw0yNjEwMDUxMDQ3NDlaMDMxMTAvBgNV
BAMTKDU5QURBMEQ3NTQ1NDIyQkM1OTU3MzQzOEEwRjkxMDgwOTc1NUU2QzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0dFyACBe7OMG6FSfLRFN7QNcq
7dq5yriN28CgiJpuHly0b5MqxcIPg93Q6pcwYFs2EFE8ZNiZI2bsYooIVSQ9qhHR
CnIUh2Dsd3IfAd7mZg+RD9Lrndc0nGhXPENbyM8RYZ9lR07n8pUepFWWU206a3MS
ir2H8Qa4VrzfQRXkSgR9tFnss+KJrKO1HUsCGxJfXzprTrW36NAo+KarHmLvdxAn
cAf5+rtO+7/wGAHIxPWyBbkyJo7qEwunJw4ukkj0ij78uLrg1DT3SaF4cp++xAhZ
b4ngUpwC77iJau8QQa8253PAT1x3/TMAHNR5q/45z3xOpmrK3BjopM1ImNCrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWa2g11RUIrxZVzQ4oPkQgJdV5sAwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzYzNzJlMzIzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1D
2zANBgkqhkiG9w0BAQsFAAOCAQEAkgu1l9X9v4Kgr8b2YjLJ5zHbXct8QBPdyUdc
ods6Qg00QaeRyM0HPC3GeAF9B95TZEhIsdl5Q7cNnhRj0GspSjR0LeCYwOKauLnX
n7GGxLkXpO+3Ml9vtedT6S6VqDF8xB8rr/jo4/QJqEvSmdmYTQwtsDlu5tw9ToG5
96WaWy/OxBftVdLaS1LAKp3Kcpp+MuOgFRfLDVx4B6bap4vENEcL6qR3SqpMbnaR
+uYuM9sARgiJxLQdZaBTOy6fehtLIWFN9INOvlNW6uhhpf5TUkB2QzyyhpVql9D2
qGid1dPYhj1YxeFZwaaazS11LlgJio9O7oyMB89lqpyOWlUTMg==
-----END CERTIFICATE-----