Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323038343833.roa
File:                     34352e3135382e35372e302f32342d3234203d3e20323038343833.roa (raw, json)
Hash identifier:          qdL70MCWffQOBsNASz6zAJHmvjWf2cnnTHqEzRy1SSI=
Subject key identifier:   F7:28:3A:66:36:E3:32:E9:7D:D7:98:67:73:25:A5:AB:08:5F:5E:5F
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       4EA40E4F39F1EA9CBEB2825ADD4D4D7EA3D59976
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323038343833.roa
Signing time:             Mon 30 Jun 2025 13:05:06 +0000
ROA not before:           Mon 30 Jun 2025 13:00:06 +0000
ROA not after:            Mon 29 Jun 2026 13:05:06 +0000
asID:                     208483
IP address blocks:        45.158.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 21:26:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:a4:0e:4f:39:f1:ea:9c:be:b2:82:5a:dd:4d:4d:7e:a3:d5:99:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 30 13:00:06 2025 GMT
            Not After : Jun 29 13:05:06 2026 GMT
        Subject: CN=F7283A6636E332E97DD798677325A5AB085F5E5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0e:4c:20:d8:9d:5a:ef:4a:cd:a6:28:97:bb:
                    35:a5:31:53:40:3f:e4:09:54:fa:06:5c:81:7e:37:
                    e8:65:17:4d:8a:c7:59:34:48:82:de:4d:90:2e:cb:
                    a0:ff:85:98:a3:fd:19:a9:f0:00:82:ed:e8:d1:e3:
                    ad:6b:67:2d:8c:01:03:68:b1:5f:0b:2d:0f:b5:9c:
                    eb:43:8f:b7:ab:12:31:c9:6c:6f:35:eb:69:61:60:
                    d9:68:20:7b:86:09:ea:7a:11:7d:12:71:e0:08:4c:
                    5d:f8:ec:dc:92:d1:01:95:b6:51:da:ba:22:dc:1b:
                    84:29:49:83:e3:33:6f:a6:a7:77:a9:be:00:c3:c0:
                    49:fe:ba:bc:5a:0c:43:c7:24:75:65:bf:29:e2:7e:
                    89:6f:27:3f:89:73:cf:93:9a:6b:0e:48:36:ee:e1:
                    d8:a4:38:c6:3d:5d:9b:ab:9e:63:46:08:8f:fa:be:
                    6a:e1:fa:3c:84:5a:4c:ab:69:30:71:a9:6f:ce:49:
                    bf:f4:2e:1a:34:ca:cb:a8:bd:dd:33:44:cb:7d:f1:
                    60:32:1f:36:0a:f6:60:f2:0b:86:51:fd:78:a3:e4:
                    42:e5:26:a6:ad:b7:46:47:7a:b7:36:db:59:e0:9f:
                    8d:bf:6a:8a:b3:93:6f:f1:c0:25:aa:3c:14:79:e0:
                    b9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:28:3A:66:36:E3:32:E9:7D:D7:98:67:73:25:A5:AB:08:5F:5E:5F
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35372e302f32342d3234203d3e20323038343833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:02:26:0a:ef:a9:5b:26:4c:32:98:b4:93:c2:d1:5e:3c:12:
         b8:3c:24:12:a5:7d:c7:ad:94:2f:72:e7:8e:a9:ea:b7:91:6d:
         a6:8a:52:43:a7:fa:d2:f6:f4:7f:ee:2b:1f:bf:18:0c:8f:3f:
         c2:a2:16:2b:eb:f6:55:01:dc:1b:8f:3f:63:3a:87:86:af:4f:
         29:8c:b7:12:bb:bd:dd:34:40:5d:84:af:14:4b:03:68:9f:72:
         b1:9a:f4:d2:ed:a5:8f:1c:e3:f9:8c:ff:62:bf:ac:b3:e2:4c:
         81:57:e6:9c:37:38:be:c1:4b:eb:c9:26:13:95:3d:83:1e:fd:
         e4:e3:14:26:a2:55:53:96:9b:75:0e:a4:e3:fb:a1:45:38:72:
         06:2b:00:46:b6:3c:29:8b:db:ad:45:c6:f2:62:0f:94:dd:1d:
         48:a0:79:f6:a4:e3:67:d1:fe:b8:ae:d1:2f:de:1e:1b:be:af:
         38:ef:b9:45:af:ab:fd:f6:48:b5:52:a2:7b:77:e3:ef:94:0e:
         9e:a6:d9:58:44:d8:53:3f:6c:05:de:26:33:6d:7b:33:55:86:
         df:14:02:70:3d:7a:a8:86:47:48:de:d7:da:71:83:ed:68:ee:
         56:16:48:ce:41:2a:88:64:f9:75:ef:29:10:d1:25:e1:67:50:
         c9:13:89:67
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUTqQOTznx6py+soJa3U1NfqPVmXYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MzAxMzAwMDZaFw0yNjA2MjkxMzA1MDZaMDMxMTAvBgNV
BAMTKEY3MjgzQTY2MzZFMzMyRTk3REQ3OTg2NzczMjVBNUFCMDg1RjVFNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDkwg2J1a70rNpiiXuzWlMVNA
P+QJVPoGXIF+N+hlF02Kx1k0SILeTZAuy6D/hZij/Rmp8ACC7ejR461rZy2MAQNo
sV8LLQ+1nOtDj7erEjHJbG8162lhYNloIHuGCep6EX0SceAITF347NyS0QGVtlHa
uiLcG4QpSYPjM2+mp3epvgDDwEn+urxaDEPHJHVlvynifolvJz+Jc8+TmmsOSDbu
4dikOMY9XZurnmNGCI/6vmrh+jyEWkyraTBxqW/OSb/0Lho0ysuovd0zRMt98WAy
HzYK9mDyC4ZR/Xij5ELlJqatt0ZHerc221ngn42/aoqzk2/xwCWqPBR54LkBAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU9yg6ZjbjMul915hncyWlqwhfXl8wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwga0GCCsGAQUFBwELBIGgMIGdMIGaBggrBgEFBQcwC4aBjXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzNTM4MmUzNTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM4MzQzODMzLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA
LZ45MA0GCSqGSIb3DQEBCwUAA4IBAQChAiYK76lbJkwymLSTwtFePBK4PCQSpX3H
rZQvcueOqeq3kW2milJDp/rS9vR/7isfvxgMjz/CohYr6/ZVAdwbjz9jOoeGr08p
jLcSu73dNEBdhK8USwNon3KxmvTS7aWPHOP5jP9iv6yz4kyBV+acNzi+wUvrySYT
lT2DHv3k4xQmolVTlpt1DqTj+6FFOHIGKwBGtjwpi9utRcbyYg+U3R1IoHn2pONn
0f64rtEv3h4bvq8477lFr6v99ki1UqJ7d+PvlA6eptlYRNhTP2wF3iYzbXszVYbf
FAJwPXqohkdI3tfacYPtaO5WFkjOQSqIZPl17ykQ0SXhZ1DJE4ln
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:53:30 2025 by rpki-client