Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35392e302f32342d3234203d3e20383334.roa
File:                     34352e3135382e35392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          DeZPhZSdL14M33XwqO+y+oH2uU3mqD+IM2R3WKAMwA0=
Subject key identifier:   91:AE:90:8D:23:5E:A4:BE:2E:08:39:B8:05:A1:F1:63:B6:52:45:88
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       3D66F68640FEF1553DD06F5526907C2267D43F97
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 01 Jun 2026 12:19:06 +0000
ROA not before:           Mon 01 Jun 2026 12:14:06 +0000
ROA not after:            Mon 31 May 2027 12:19:06 +0000
asID:                     834
IP address blocks:        45.158.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:66:f6:86:40:fe:f1:55:3d:d0:6f:55:26:90:7c:22:67:d4:3f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun  1 12:14:06 2026 GMT
            Not After : May 31 12:19:06 2027 GMT
        Subject: CN=91AE908D235EA4BE2E0839B805A1F163B6524588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6c:d3:34:fa:1e:35:1a:cd:9c:4c:93:41:a5:
                    1f:78:7c:0f:a9:3a:d8:4a:e1:02:82:73:2b:14:50:
                    f5:3a:d1:26:48:3e:28:7a:68:39:2f:d8:f3:8a:ed:
                    1d:e0:45:5c:ae:29:bd:8e:1e:4f:62:dc:07:59:ee:
                    c0:67:5a:23:d4:ef:21:93:aa:ed:93:49:fb:da:aa:
                    66:e9:90:b0:e3:9c:dc:ae:a1:41:39:a7:84:2f:2b:
                    e1:89:b0:5a:fd:1d:f8:62:eb:87:2f:30:02:7e:cd:
                    c7:b4:9e:df:e1:e5:0f:b6:9f:1c:ae:e5:65:66:82:
                    08:46:0b:2b:b9:7f:25:55:80:1d:e9:0a:2f:70:81:
                    55:8a:ad:f5:99:50:e6:b5:a9:78:8d:df:87:bc:70:
                    7d:5b:01:3c:e6:35:55:cc:f8:50:a9:ea:c0:18:b4:
                    c0:8c:60:8c:81:28:0c:e3:d0:35:9e:a6:76:71:d8:
                    6a:c1:25:01:ce:d4:37:1b:34:67:c8:36:dd:55:4c:
                    ca:74:14:fa:8e:85:b0:39:ae:bf:f2:04:9c:29:a1:
                    18:06:c4:23:8d:4f:26:0a:df:7b:e0:40:3c:5e:dd:
                    e4:be:0d:37:58:48:01:85:72:45:01:5b:0a:1d:65:
                    cc:9b:d1:13:8f:74:1e:fd:5d:9e:46:f6:b3:32:c7:
                    3e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:AE:90:8D:23:5E:A4:BE:2E:08:39:B8:05:A1:F1:63:B6:52:45:88
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3135382e35392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ea:d2:32:2a:c0:89:b3:5a:28:2a:3e:2d:8c:c9:51:2b:0a:
         a0:18:a9:cd:d4:35:cf:8d:1c:7b:37:e8:40:c4:17:8e:4b:e3:
         e5:3f:65:44:e3:65:0a:17:54:1d:43:a0:84:fb:4b:57:c0:6b:
         3a:d4:ef:06:82:f8:d8:f6:37:d6:3c:85:d1:7f:fb:1f:5d:bf:
         57:a4:d5:ad:a4:d0:18:da:12:d1:8e:33:7a:d0:2e:cb:86:cf:
         86:31:d7:3a:4a:c8:a1:70:cb:d7:38:3e:a1:47:a2:8c:0e:db:
         2b:5a:96:e9:0e:6f:5a:2f:e6:ab:1e:13:d8:b0:38:97:2e:a7:
         32:84:03:10:5e:a2:4b:e5:9a:18:5c:5e:5b:ea:5e:a7:65:76:
         df:bb:b1:9e:87:9b:3c:27:82:a0:a4:1a:f8:cd:ef:a7:e6:16:
         e2:0e:81:ef:8c:c8:c6:8b:ff:39:72:c0:ab:59:b8:e0:43:0f:
         4f:17:69:ea:5a:03:5f:ad:f2:f9:60:0e:95:7c:be:d5:fe:8a:
         d0:ae:6f:34:f1:98:77:c6:01:0b:3d:5f:ec:8e:3b:1f:49:95:
         c7:e9:be:d5:8d:c8:bf:bf:5d:ae:77:7a:4d:09:00:b7:9d:45:
         f2:ae:1c:bf:de:69:f2:fc:89:29:be:d9:f4:fd:ea:c7:4b:8a:
         2a:6a:a2:8d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUPWb2hkD+8VU90G9VJpB8ImfUP5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA2MDExMjE0MDZaFw0yNzA1MzExMjE5MDZaMDMxMTAvBgNV
BAMTKDkxQUU5MDhEMjM1RUE0QkUyRTA4MzlCODA1QTFGMTYzQjY1MjQ1ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAbNM0+h41Gs2cTJNBpR94fA+p
OthK4QKCcysUUPU60SZIPih6aDkv2POK7R3gRVyuKb2OHk9i3AdZ7sBnWiPU7yGT
qu2TSfvaqmbpkLDjnNyuoUE5p4QvK+GJsFr9Hfhi64cvMAJ+zce0nt/h5Q+2nxyu
5WVmgghGCyu5fyVVgB3pCi9wgVWKrfWZUOa1qXiN34e8cH1bATzmNVXM+FCp6sAY
tMCMYIyBKAzj0DWepnZx2GrBJQHO1DcbNGfINt1VTMp0FPqOhbA5rr/yBJwpoRgG
xCONTyYK33vgQDxe3eS+DTdYSAGFckUBWwodZcyb0ROPdB79XZ5G9rMyxz53AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUka6QjSNepL4uCDm4BaHxY7ZSRYgwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzNTM4MmUzNTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ47MA0G
CSqGSIb3DQEBCwUAA4IBAQAn6tIyKsCJs1ooKj4tjMlRKwqgGKnN1DXPjRx7N+hA
xBeOS+PlP2VE42UKF1QdQ6CE+0tXwGs61O8GgvjY9jfWPIXRf/sfXb9XpNWtpNAY
2hLRjjN60C7Lhs+GMdc6SsihcMvXOD6hR6KMDtsrWpbpDm9aL+arHhPYsDiXLqcy
hAMQXqJL5ZoYXF5b6l6nZXbfu7Geh5s8J4KgpBr4ze+n5hbiDoHvjMjGi/85csCr
WbjgQw9PF2nqWgNfrfL5YA6VfL7V/orQrm808Zh3xgELPV/sjjsfSZXH6b7Vjci/
v12ud3pNCQC3nUXyrhy/3mny/Ikpvtn0/erHS4oqaqKN
-----END CERTIFICATE-----