Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa
File:                     34352e36352e3131392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          o5D3mQ3fIT4ZozQhiBkA5GBVSeYgZ046TyZe5kjgSyA=
Subject key identifier:   76:00:B1:65:4A:FF:45:23:04:29:26:7A:11:A8:0A:43:5A:B1:7B:5F
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       717EDA2AABE2D7420F3B0D304D2451D27AA19769
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa
Signing time:             Sat 05 Jul 2025 00:01:11 +0000
ROA not before:           Fri 04 Jul 2025 23:56:11 +0000
ROA not after:            Sat 04 Jul 2026 00:01:11 +0000
asID:                     834
IP address blocks:        45.65.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:7e:da:2a:ab:e2:d7:42:0f:3b:0d:30:4d:24:51:d2:7a:a1:97:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Jul  4 23:56:11 2025 GMT
            Not After : Jul  4 00:01:11 2026 GMT
        Subject: CN=7600B1654AFF45230429267A11A80A435AB17B5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f1:9a:94:e6:c3:32:0e:18:8b:9e:5e:de:93:
                    d0:7f:51:04:a9:cc:a8:93:a9:91:c4:98:d6:3e:af:
                    5a:34:b1:0d:4c:3e:8b:98:72:9f:65:d9:94:95:48:
                    7a:62:2b:1c:15:3b:99:59:ce:2f:b6:fa:b2:b5:b6:
                    8b:5d:d3:94:6a:ff:fe:01:d2:52:2e:b9:72:8c:62:
                    9d:66:23:5d:f0:17:f5:2c:78:9e:a3:d5:08:75:1d:
                    ae:1b:cf:60:fd:ff:37:75:d0:64:27:58:b3:b1:0b:
                    7a:fe:2f:8b:73:96:15:b7:ed:f3:5b:31:29:96:c8:
                    c4:11:51:03:e2:0d:4e:97:68:c0:89:ef:4e:b5:75:
                    f1:76:02:b9:d2:a8:c0:4d:9b:c5:e2:bd:cf:87:b5:
                    c8:44:97:f9:a5:07:14:45:e2:d7:a4:6a:7b:19:fc:
                    31:ef:0e:ec:4a:06:a4:d8:d3:1c:b0:a6:1f:a4:a0:
                    93:9f:b2:dd:6b:54:60:61:c3:bc:93:15:e1:fe:77:
                    01:9c:0f:f7:6b:85:a1:48:e3:7d:6a:91:ac:58:e9:
                    7a:93:14:d0:bc:1b:f5:b9:d8:a6:1d:07:79:c6:fd:
                    55:74:fe:0f:ad:5a:4d:8b:b1:60:87:47:96:45:56:
                    16:f1:35:07:11:d9:6b:7d:5f:73:37:7b:9c:ef:e6:
                    8e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:00:B1:65:4A:FF:45:23:04:29:26:7A:11:A8:0A:43:5A:B1:7B:5F
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:06:ae:f2:2a:13:56:70:d9:26:5c:0d:c4:4a:5d:15:c2:4f:
         38:0c:95:a8:e4:05:63:ef:19:78:4f:09:2a:77:5d:d7:2f:4a:
         25:aa:fc:3f:74:eb:a8:66:04:b4:8f:02:11:8b:f9:19:35:cd:
         94:ef:0b:da:33:0c:9e:34:11:22:e8:9e:44:cf:6f:e6:34:d2:
         8e:ce:10:9e:4e:40:54:ea:b7:44:12:a1:d8:c7:3f:b4:b5:6a:
         40:1f:6d:e3:9b:7b:8f:86:7b:88:61:70:a8:f2:b8:34:84:cc:
         1d:d1:a7:84:0d:bb:27:95:39:ef:79:03:66:08:9a:f4:bf:6c:
         4f:00:a1:67:5b:4f:1b:61:5b:b9:78:1a:8f:67:f9:97:07:19:
         9b:07:47:8b:0d:1a:d9:77:73:da:fc:e4:a1:be:2a:85:a3:9e:
         1e:b4:72:e3:16:d0:4c:9d:24:ac:a0:c8:a1:30:af:cb:0f:29:
         70:f9:63:a6:07:54:f1:b5:9f:33:f7:be:8f:3b:5d:23:f2:dc:
         84:0b:b5:82:5e:7e:84:14:eb:13:b2:3d:65:b6:22:d5:81:4b:
         68:2a:2f:95:01:17:35:01:12:43:49:ef:0c:40:90:4d:ce:43:
         14:25:64:f5:53:0e:cc:35:41:af:fb:ea:01:93:7f:2a:01:f7:
         92:0b:e6:fe
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUcX7aKqvi10IPOw0wTSRR0nqhl2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTA3MDQyMzU2MTFaFw0yNjA3MDQwMDAxMTFaMDMxMTAvBgNV
BAMTKDc2MDBCMTY1NEFGRjQ1MjMwNDI5MjY3QTExQTgwQTQzNUFCMTdCNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl8ZqU5sMyDhiLnl7ek9B/UQSp
zKiTqZHEmNY+r1o0sQ1MPouYcp9l2ZSVSHpiKxwVO5lZzi+2+rK1totd05Rq//4B
0lIuuXKMYp1mI13wF/UseJ6j1Qh1Ha4bz2D9/zd10GQnWLOxC3r+L4tzlhW37fNb
MSmWyMQRUQPiDU6XaMCJ7061dfF2ArnSqMBNm8Xivc+HtchEl/mlBxRF4tekansZ
/DHvDuxKBqTY0xywph+koJOfst1rVGBhw7yTFeH+dwGcD/drhaFI431qkaxY6XqT
FNC8G/W52KYdB3nG/VV0/g+tWk2LsWCHR5ZFVhbxNQcR2Wt9X3M3e5zv5o4FAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUdgCxZUr/RSMEKSZ6EagKQ1qxe18wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUF3MA0G
CSqGSIb3DQEBCwUAA4IBAQC7Bq7yKhNWcNkmXA3ESl0Vwk84DJWo5AVj7xl4Twkq
d13XL0olqvw/dOuoZgS0jwIRi/kZNc2U7wvaMwyeNBEi6J5Ez2/mNNKOzhCeTkBU
6rdEEqHYxz+0tWpAH23jm3uPhnuIYXCo8rg0hMwd0aeEDbsnlTnveQNmCJr0v2xP
AKFnW08bYVu5eBqPZ/mXBxmbB0eLDRrZd3Pa/OShviqFo54etHLjFtBMnSSsoMih
MK/LDylw+WOmB1TxtZ8z976PO10j8tyEC7WCXn6EFOsTsj1ltiLVgUtoKi+VARc1
ARJDSe8MQJBNzkMUJWT1Uw7MNUGv++oBk38qAfeSC+b+
-----END CERTIFICATE-----