Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20323133333138.roa
File:                     34352e31322e38312e302f32342d3234203d3e20323133333138.roa (raw, json)
Hash identifier:          FUyZlPtF2x6g4FsLwN4G874YpbcD7yn04xBdfFnH8rs=
Subject key identifier:   57:4E:63:D1:3D:63:04:A6:E4:FD:6B:F2:CB:27:51:38:27:63:25:4B
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       17980D0CF1A5436884E9A0E148B0CFFF2F285D64
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20323133333138.roa
Signing time:             Thu 20 Feb 2025 20:32:08 +0000
ROA not before:           Thu 20 Feb 2025 20:27:08 +0000
ROA not after:            Thu 19 Feb 2026 20:32:08 +0000
asID:                     213318
IP address blocks:        45.12.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:98:0d:0c:f1:a5:43:68:84:e9:a0:e1:48:b0:cf:ff:2f:28:5d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 20 20:27:08 2025 GMT
            Not After : Feb 19 20:32:08 2026 GMT
        Subject: CN=574E63D13D6304A6E4FD6BF2CB2751382763254B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9c:69:e3:ba:c7:68:6a:38:9f:28:62:9f:72:
                    72:31:55:1e:d6:8f:25:55:7c:47:68:97:47:7e:37:
                    79:0a:4c:96:7c:14:dc:8f:64:01:aa:95:3f:6c:da:
                    e5:b8:f0:68:d4:c3:30:8b:85:a7:c9:cd:9e:ce:02:
                    35:f6:c9:64:a1:1d:aa:91:91:6f:6d:09:5f:0a:cb:
                    e0:f7:f5:ff:ca:82:d0:8a:ac:f4:77:c8:ef:7f:d9:
                    67:d4:39:76:fd:c5:61:9a:01:d7:94:3a:ba:b4:be:
                    ce:88:3b:a4:8c:24:e8:dd:fa:25:17:a8:bb:f5:f2:
                    e1:e8:0b:73:e8:82:8a:52:7b:dc:60:c9:34:ca:3a:
                    da:aa:b7:e8:3c:ec:e0:03:ed:15:e3:9c:69:26:cb:
                    42:bb:80:09:22:40:f8:7c:2b:c5:39:4d:66:88:c6:
                    10:a7:9d:ee:d5:bf:2f:9b:32:54:11:77:dc:f4:71:
                    e9:3b:81:b4:ed:f9:ac:7f:ed:cc:f5:89:7b:ab:90:
                    c4:d9:84:a2:18:b3:bd:90:0a:ef:e0:25:54:32:a7:
                    a5:87:99:3a:cc:96:5d:36:59:cd:ec:9a:0b:61:00:
                    9d:ea:38:8f:d3:7d:17:57:d3:df:c0:1a:df:2e:95:
                    88:ad:00:2d:4a:ab:53:c8:17:b6:08:d4:8a:00:86:
                    7b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:4E:63:D1:3D:63:04:A6:E4:FD:6B:F2:CB:27:51:38:27:63:25:4B
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20323133333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:bc:b5:31:31:12:4b:38:35:62:3f:c4:71:10:ea:33:d9:0f:
         4a:20:b4:56:7e:60:8b:c2:c4:69:17:5d:59:66:0c:3f:06:8f:
         09:a4:37:6b:89:2f:7f:41:db:a5:e0:bc:7c:96:68:be:ff:5f:
         5c:44:07:0a:f0:9e:a6:60:68:27:23:c6:7b:56:b3:4f:45:74:
         4b:54:7a:ac:52:be:71:16:4c:de:04:66:a0:52:10:75:9f:a4:
         a0:5b:c3:69:a9:43:52:5f:e8:d8:1b:15:01:57:6f:cd:e1:95:
         17:94:24:13:0e:06:df:2b:b3:88:60:79:24:e2:53:46:8f:a4:
         d7:33:a1:d7:34:66:6c:96:b0:fd:78:4c:27:2b:a0:8d:10:d2:
         8b:08:57:f5:38:09:2c:3e:f9:de:61:33:a6:8b:bf:d4:3e:5f:
         ee:62:ef:a1:97:c8:39:bc:21:7f:ae:42:4a:dc:5d:bb:b0:ff:
         ff:01:bb:75:ce:61:12:e6:80:b8:69:81:d0:ea:8f:8c:f4:1b:
         13:26:1b:cf:19:a6:28:2e:05:f3:b4:aa:49:f4:63:a6:cb:2d:
         c9:2e:df:0c:f9:57:53:90:da:3f:bb:6c:a6:99:24:1a:91:f3:
         a0:21:1a:a2:c3:09:c6:dd:95:f9:73:5a:22:0b:f8:9c:0d:28:
         5e:39:95:e5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUF5gNDPGlQ2iE6aDhSLDP/y8oXWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTAyMjAyMDI3MDhaFw0yNjAyMTkyMDMyMDhaMDMxMTAvBgNV
BAMTKDU3NEU2M0QxM0Q2MzA0QTZFNEZENkJGMkNCMjc1MTM4Mjc2MzI1NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1nGnjusdoajifKGKfcnIxVR7W
jyVVfEdol0d+N3kKTJZ8FNyPZAGqlT9s2uW48GjUwzCLhafJzZ7OAjX2yWShHaqR
kW9tCV8Ky+D39f/KgtCKrPR3yO9/2WfUOXb9xWGaAdeUOrq0vs6IO6SMJOjd+iUX
qLv18uHoC3PogopSe9xgyTTKOtqqt+g87OAD7RXjnGkmy0K7gAkiQPh8K8U5TWaI
xhCnne7Vvy+bMlQRd9z0cek7gbTt+ax/7cz1iXurkMTZhKIYs72QCu/gJVQyp6WH
mTrMll02Wc3smgthAJ3qOI/TfRdX09/AGt8ulYitAC1Kq1PIF7YI1IoAhnv/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUV05j0T1jBKbk/WvyyydROCdjJUswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMzMzMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0M
UTANBgkqhkiG9w0BAQsFAAOCAQEAL7y1MTESSzg1Yj/EcRDqM9kPSiC0Vn5gi8LE
aRddWWYMPwaPCaQ3a4kvf0HbpeC8fJZovv9fXEQHCvCepmBoJyPGe1azT0V0S1R6
rFK+cRZM3gRmoFIQdZ+koFvDaalDUl/o2BsVAVdvzeGVF5QkEw4G3yuziGB5JOJT
Ro+k1zOh1zRmbJaw/XhMJyugjRDSiwhX9TgJLD753mEzpou/1D5f7mLvoZfIObwh
f65CStxdu7D//wG7dc5hEuaAuGmB0OqPjPQbEyYbzxmmKC4F87SqSfRjpsstyS7f
DPlXU5DaP7tsppkkGpHzoCEaosMJxt2V+XNaIgv4nA0oXjmV5Q==
-----END CERTIFICATE-----