Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32382e302f32342d3234203d3e20323132323338.roa
File:                     34352e38302e32382e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          YDYOMyeNkRnr6yy7mHmQ6GlrZ9HlZyESz9Wg2Gzb0pU=
Subject key identifier:   FF:6F:94:14:7D:A1:DB:25:38:E8:A5:9D:E9:58:2E:DE:9B:B0:C3:11
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       70C87EB66A27F0E96444E04AF5ECBC088D262BC5
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32382e302f32342d3234203d3e20323132323338.roa
Signing time:             Mon 30 Jun 2025 21:30:09 +0000
ROA not before:           Mon 30 Jun 2025 21:25:09 +0000
ROA not after:            Mon 29 Jun 2026 21:30:09 +0000
asID:                     212238
IP address blocks:        45.80.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:c8:7e:b6:6a:27:f0:e9:64:44:e0:4a:f5:ec:bc:08:8d:26:2b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jun 30 21:25:09 2025 GMT
            Not After : Jun 29 21:30:09 2026 GMT
        Subject: CN=FF6F94147DA1DB2538E8A59DE9582EDE9BB0C311
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b0:d4:b7:95:77:ba:06:8a:04:eb:55:bf:7e:
                    2f:65:15:df:ab:02:8d:33:06:b9:81:85:53:ff:59:
                    ef:68:2c:a0:4e:a2:d4:b6:46:1a:ee:af:19:d0:a1:
                    46:c7:57:77:e4:fb:78:e4:8b:31:80:51:dc:4f:e7:
                    0e:b1:2c:4b:9a:e6:2f:04:bb:38:d6:04:b1:76:67:
                    c4:3d:9b:fa:ea:db:59:e2:ae:b3:d1:e4:a5:ec:1a:
                    1a:be:43:72:e2:6a:76:28:68:90:5a:fe:bf:8e:ec:
                    c8:aa:9b:2a:76:4b:93:c9:5e:70:9f:17:9d:cb:52:
                    3f:92:20:a9:e5:a2:7c:81:64:62:81:cc:45:b2:49:
                    4b:34:50:7a:a7:db:13:5f:8a:5f:d7:c0:84:a6:c6:
                    1b:ac:4e:aa:dd:a4:5a:ad:10:0f:fd:86:64:b4:2e:
                    5f:40:97:89:41:ad:0f:7a:7e:1e:78:25:6d:a1:a4:
                    53:99:fb:24:96:5e:61:56:41:3b:d7:97:10:0c:db:
                    e6:7d:b5:c8:3d:a8:dd:20:ce:12:db:f1:79:7e:df:
                    49:2b:1f:71:35:37:03:5c:ba:4e:33:0b:ad:36:3b:
                    43:e3:cf:2c:f1:27:66:d2:c3:36:70:51:16:04:e4:
                    92:5f:09:16:36:67:c9:93:d1:8c:f0:d5:88:6f:5e:
                    cc:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:6F:94:14:7D:A1:DB:25:38:E8:A5:9D:E9:58:2E:DE:9B:B0:C3:11
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38302e32382e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:9b:7a:50:ac:4f:4d:9d:08:fd:a6:6c:93:6f:d6:15:6b:5b:
         ab:42:e4:96:24:04:ad:22:f4:92:c7:88:48:9f:68:47:e1:06:
         99:06:82:3a:d7:e0:66:57:71:76:0b:3e:5b:24:da:33:fa:f6:
         5f:b3:e2:e9:e7:51:ca:5b:80:5a:eb:3c:ff:7e:ab:55:b5:fb:
         75:7f:d5:d9:de:32:9d:f8:ad:a6:95:ee:3e:af:63:ad:b3:b6:
         88:0a:11:33:ad:79:ab:ed:be:32:74:27:16:6f:ee:65:ca:7e:
         f9:cc:2b:ca:df:b3:03:71:91:96:47:af:a1:de:6b:34:17:46:
         9b:39:31:08:dc:c7:58:a2:1a:47:e7:d9:9a:f1:08:7d:7a:2b:
         8b:25:29:52:73:67:2e:29:21:62:e4:98:b0:59:6a:39:e4:ed:
         4b:e9:e2:8a:0f:63:3c:f6:44:8e:6d:2f:aa:09:e9:b3:66:ed:
         65:e2:49:85:25:6e:fb:bb:fd:c0:92:5c:d9:8e:9d:8e:4f:ad:
         48:9e:00:f0:68:91:22:f1:3e:53:1a:a3:ef:4a:ad:6a:c1:c2:
         99:7f:41:8e:b5:30:09:d3:27:6d:55:b1:a6:9b:fc:ea:52:c5:
         84:4a:c1:db:56:07:a3:70:4f:da:ad:0b:0d:8d:8e:79:58:99:
         61:26:bf:af
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcMh+tmon8OlkROBK9ey8CI0mK8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA2MzAyMTI1MDlaFw0yNjA2MjkyMTMwMDlaMDMxMTAvBgNV
BAMTKEZGNkY5NDE0N0RBMURCMjUzOEU4QTU5REU5NTgyRURFOUJCMEMzMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2sNS3lXe6BooE61W/fi9lFd+r
Ao0zBrmBhVP/We9oLKBOotS2RhrurxnQoUbHV3fk+3jkizGAUdxP5w6xLEua5i8E
uzjWBLF2Z8Q9m/rq21nirrPR5KXsGhq+Q3LianYoaJBa/r+O7Miqmyp2S5PJXnCf
F53LUj+SIKnlonyBZGKBzEWySUs0UHqn2xNfil/XwISmxhusTqrdpFqtEA/9hmS0
Ll9Al4lBrQ96fh54JW2hpFOZ+ySWXmFWQTvXlxAM2+Z9tcg9qN0gzhLb8Xl+30kr
H3E1NwNcuk4zC602O0PjzyzxJ2bSwzZwURYE5JJfCRY2Z8mT0Yzw1YhvXswBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU/2+UFH2h2yU46KWd6Vgu3puwwxEwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzMDJlMzIzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Q
HDANBgkqhkiG9w0BAQsFAAOCAQEAV5t6UKxPTZ0I/aZsk2/WFWtbq0LkliQErSL0
kseISJ9oR+EGmQaCOtfgZldxdgs+WyTaM/r2X7Pi6edRyluAWus8/36rVbX7dX/V
2d4ynfitppXuPq9jrbO2iAoRM615q+2+MnQnFm/uZcp++cwryt+zA3GRlkevod5r
NBdGmzkxCNzHWKIaR+fZmvEIfXoriyUpUnNnLikhYuSYsFlqOeTtS+niig9jPPZE
jm0vqgnps2btZeJJhSVu+7v9wJJc2Y6djk+tSJ4A8GiRIvE+Uxqj70qtasHCmX9B
jrUwCdMnbVWxppv86lLFhErB21YHo3BP2q0LDY2OeViZYSa/rw==
-----END CERTIFICATE-----