Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e20313337323335.roa
File:                     34352e3134352e3234332e302f32342d3234203d3e20313337323335.roa (raw, json)
Hash identifier:          Vyj6lQsSFmsAqcK6RGLYVMn7iV5vJhAX4GBUoB1+oMo=
Subject key identifier:   3B:71:AE:4F:3C:06:59:79:19:B1:63:90:E2:75:C2:98:CD:E9:FF:08
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       141BC8614B56EFDA6DE9395CBD2931708A651036
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e20313337323335.roa
Signing time:             Thu 22 May 2025 09:01:38 +0000
ROA not before:           Thu 22 May 2025 08:56:38 +0000
ROA not after:            Thu 21 May 2026 09:01:38 +0000
asID:                     137235
IP address blocks:        45.145.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 22:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:1b:c8:61:4b:56:ef:da:6d:e9:39:5c:bd:29:31:70:8a:65:10:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: May 22 08:56:38 2025 GMT
            Not After : May 21 09:01:38 2026 GMT
        Subject: CN=3B71AE4F3C06597919B16390E275C298CDE9FF08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d7:52:92:6c:74:d0:62:aa:90:f1:1f:4e:6a:
                    76:f2:f9:63:d8:48:4c:26:19:88:27:28:6d:6f:9a:
                    f2:ee:29:7e:69:ce:c7:ed:a3:f6:70:24:e9:db:b2:
                    7c:a6:06:e5:40:f8:d9:3d:3d:9a:e2:72:e3:80:90:
                    8a:ef:80:f8:d5:74:8d:9a:01:bd:52:eb:d0:01:02:
                    3b:8e:37:5e:b5:a5:10:92:86:2c:72:25:74:ee:1d:
                    07:1b:7f:55:b6:0f:da:8c:6e:a3:93:a1:ec:d9:3f:
                    73:82:4c:08:fb:50:9e:a2:17:15:61:13:b7:92:69:
                    fe:2e:b9:17:7e:e4:b2:a8:cc:73:a2:74:40:a0:08:
                    94:f0:eb:91:58:6b:04:d7:3e:15:bf:b2:69:05:27:
                    94:5b:6e:15:ab:20:72:9f:ef:9b:33:82:bd:57:14:
                    2d:50:c9:26:70:33:e0:15:c3:c5:34:23:f6:07:f5:
                    c5:ea:45:df:d8:72:41:98:83:07:8f:57:9d:8a:87:
                    d4:5a:fe:2b:82:73:4a:a4:01:5d:91:1a:ac:ba:c8:
                    14:c9:b1:01:dc:b1:ae:01:bb:c4:b3:5c:9c:94:8f:
                    ac:ab:f4:df:de:78:70:85:97:d4:61:b5:96:20:af:
                    0c:10:fb:61:c1:90:5d:02:19:a1:3e:d9:e6:4d:3d:
                    e2:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:71:AE:4F:3C:06:59:79:19:B1:63:90:E2:75:C2:98:CD:E9:FF:08
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134352e3234332e302f32342d3234203d3e20313337323335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:d7:7e:48:49:00:59:85:0b:23:c8:db:d5:5f:dd:68:de:a0:
         67:0e:55:de:fd:bf:2f:d8:15:1f:2c:c8:ea:76:8a:59:89:21:
         07:ea:7d:7b:8b:74:29:14:48:ed:17:8b:74:96:51:8c:52:5a:
         b3:e5:3b:4a:b1:6c:90:97:89:f1:02:56:e9:01:a5:25:82:93:
         98:5a:63:27:26:55:bd:62:c2:4d:65:11:8f:65:30:15:be:12:
         d4:e0:2f:10:ee:8b:81:dc:07:c4:d7:d5:57:2e:8b:b7:93:df:
         68:a5:d6:3d:1c:17:e1:d1:41:27:cb:99:3e:fd:fb:c5:e5:84:
         d5:39:d9:2a:4c:18:65:4d:56:29:27:38:82:3d:5d:50:08:77:
         bd:35:e1:65:d6:06:5d:0b:d3:73:5f:1a:6b:24:26:f3:2e:9a:
         08:e2:3c:f9:1b:97:fc:f7:6b:5b:0c:05:a1:b5:cb:95:c3:55:
         8f:e9:5f:c9:25:0a:8e:b5:ae:73:9d:14:76:99:76:4a:98:45:
         92:cb:d9:87:61:9b:41:8b:34:74:cc:7f:b7:46:cc:9a:27:8b:
         9e:58:ad:42:93:9d:fa:25:58:9d:53:e1:5f:8f:fe:af:22:4b:
         fa:98:df:e4:01:1f:e5:d1:9d:3c:99:61:80:23:c3:1c:13:e5:
         f1:49:3f:72
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUFBvIYUtW79pt6TlcvSkxcIplEDYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA1MjIwODU2MzhaFw0yNjA1MjEwOTAxMzhaMDMxMTAvBgNV
BAMTKDNCNzFBRTRGM0MwNjU5NzkxOUIxNjM5MEUyNzVDMjk4Q0RFOUZGMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX11KSbHTQYqqQ8R9Oanby+WPY
SEwmGYgnKG1vmvLuKX5pzsfto/ZwJOnbsnymBuVA+Nk9PZricuOAkIrvgPjVdI2a
Ab1S69ABAjuON161pRCShixyJXTuHQcbf1W2D9qMbqOToezZP3OCTAj7UJ6iFxVh
E7eSaf4uuRd+5LKozHOidECgCJTw65FYawTXPhW/smkFJ5RbbhWrIHKf75szgr1X
FC1QySZwM+AVw8U0I/YH9cXqRd/YckGYgwePV52Kh9Ra/iuCc0qkAV2RGqy6yBTJ
sQHcsa4Bu8SzXJyUj6yr9N/eeHCFl9RhtZYgrwwQ+2HBkF0CGaE+2eZNPeKNAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUO3GuTzwGWXkZsWOQ4nXCmM3p/wgwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDM1MmUzMjM0
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzczMjMzMzUucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BAAtkfMwDQYJKoZIhvcNAQELBQADggEBAJbXfkhJAFmFCyPI29Vf3WjeoGcOVd79
vy/YFR8syOp2ilmJIQfqfXuLdCkUSO0Xi3SWUYxSWrPlO0qxbJCXifECVukBpSWC
k5haYycmVb1iwk1lEY9lMBW+EtTgLxDui4HcB8TX1Vcui7eT32il1j0cF+HRQSfL
mT79+8XlhNU52SpMGGVNViknOII9XVAId7014WXWBl0L03NfGmskJvMumgjiPPkb
l/z3a1sMBaG1y5XDVY/pX8klCo61rnOdFHaZdkqYRZLL2Ydhm0GLNHTMf7dGzJon
i55YrUKTnfolWJ1T4V+P/q8iS/qY3+QBH+XRnTyZYYAjwxwT5fFJP3I=
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:56:36 2025 by rpki-client