Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133372e302f32342d3234203d3e20383334.roa
File:                     34352e39312e3133372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          EEEXwcWu8Yx8lMVBEfNswML7ReLbWJ+q3fsRwI7n+yo=
Subject key identifier:   0A:5D:E3:4A:02:9C:7D:51:0E:2D:C8:91:AC:E5:16:FD:F9:EE:5D:64
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7D4E71AE213E7D6A512AE02CA164D572779EF769
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133372e302f32342d3234203d3e20383334.roa
Signing time:             Wed 04 Jun 2025 12:47:55 +0000
ROA not before:           Wed 04 Jun 2025 12:42:55 +0000
ROA not after:            Wed 03 Jun 2026 12:47:55 +0000
asID:                     834
IP address blocks:        45.91.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 00:05:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:4e:71:ae:21:3e:7d:6a:51:2a:e0:2c:a1:64:d5:72:77:9e:f7:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun  4 12:42:55 2025 GMT
            Not After : Jun  3 12:47:55 2026 GMT
        Subject: CN=0A5DE34A029C7D510E2DC891ACE516FDF9EE5D64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8a:c8:4a:94:c4:89:1a:7a:b0:f1:96:ff:60:
                    6e:90:67:c2:0d:ac:64:5b:3d:56:0b:ed:6e:14:73:
                    64:37:5e:a2:1e:d3:fc:4e:65:de:35:fc:15:eb:f1:
                    53:78:9a:dd:1d:f3:7f:bd:e4:e8:95:96:8d:fc:24:
                    4d:82:d0:7b:7c:e7:b5:09:42:6d:87:79:6b:0f:0d:
                    71:69:e1:04:ca:12:dd:fe:93:38:17:64:6b:32:c7:
                    94:d5:92:7c:4b:31:d6:79:20:1a:6a:0f:61:b9:9c:
                    a9:bf:89:b4:88:70:1f:38:f2:e1:4c:82:bb:4a:17:
                    82:12:6a:1d:55:be:a9:b2:0d:f8:cf:2c:de:f2:db:
                    ef:5c:e3:f3:72:7e:7f:59:be:f2:ef:10:fe:1d:d6:
                    e0:70:6d:e9:0c:d3:39:7b:3d:8a:ab:0e:83:b5:c8:
                    b8:cb:b8:dd:35:33:66:a1:dc:c1:b2:51:e8:ae:64:
                    55:5a:7c:52:d0:69:31:33:2d:0e:b8:09:f4:c6:88:
                    ec:38:a0:9f:87:77:88:94:b0:ba:2e:ba:b7:b6:01:
                    35:ec:bb:d0:23:0e:46:76:59:6b:1f:60:5f:2d:36:
                    0f:d5:81:a1:0a:7b:55:c6:31:1a:63:7a:9e:9e:61:
                    f2:92:4e:2d:28:f0:9e:e8:c8:2f:7f:35:b7:06:8f:
                    d2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:5D:E3:4A:02:9C:7D:51:0E:2D:C8:91:AC:E5:16:FD:F9:EE:5D:64
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e39312e3133372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:74:cb:05:f8:47:77:4a:3c:19:c3:f2:a2:1e:48:5b:d6:7e:
         4f:a5:dc:92:b8:f4:41:ef:18:35:1b:9b:51:9d:be:88:cc:1e:
         66:ec:13:c4:1c:46:0f:4d:5f:35:a8:c4:60:fc:cd:01:57:1c:
         06:5f:79:4c:5b:42:17:3d:3d:34:fd:db:38:b3:15:f4:4d:67:
         00:d9:87:75:69:d8:15:5e:6a:d6:eb:03:f6:57:a5:6c:65:0b:
         0e:f6:4e:4e:13:69:a4:3b:93:32:66:f6:01:a6:20:bc:e7:72:
         58:d5:be:ec:e7:49:04:1e:43:69:00:5c:9e:b9:39:7e:88:34:
         b6:8b:90:05:18:c5:09:71:e5:8b:77:58:61:5b:c4:31:1e:ac:
         40:cc:20:fa:1d:f5:eb:9a:f0:d7:9c:8e:1d:d8:24:59:0b:41:
         8f:46:46:96:e9:a4:7e:be:ea:58:c0:18:e3:12:f9:f3:21:f8:
         21:4a:36:4e:ce:f2:ac:0e:c2:af:b9:51:db:07:ec:4b:51:1f:
         3e:34:a4:03:12:f7:60:b6:e8:03:57:e7:73:47:d1:30:60:c8:
         62:85:c3:fb:1c:85:11:61:19:c5:6a:52:5f:2c:1e:33:af:53:
         26:3e:b7:10:72:e3:6a:50:cf:e0:db:16:97:4b:66:01:8a:49:
         c1:a7:7c:88
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUfU5xriE+fWpRKuAsoWTVcnee92kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MDQxMjQyNTVaFw0yNjA2MDMxMjQ3NTVaMDMxMTAvBgNV
BAMTKDBBNURFMzRBMDI5QzdENTEwRTJEQzg5MUFDRTUxNkZERjlFRTVENjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4ishKlMSJGnqw8Zb/YG6QZ8IN
rGRbPVYL7W4Uc2Q3XqIe0/xOZd41/BXr8VN4mt0d83+95OiVlo38JE2C0Ht857UJ
Qm2HeWsPDXFp4QTKEt3+kzgXZGsyx5TVknxLMdZ5IBpqD2G5nKm/ibSIcB848uFM
grtKF4ISah1VvqmyDfjPLN7y2+9c4/Nyfn9ZvvLvEP4d1uBwbekM0zl7PYqrDoO1
yLjLuN01M2ah3MGyUeiuZFVafFLQaTEzLQ64CfTGiOw4oJ+Hd4iUsLouure2ATXs
u9AjDkZ2WWsfYF8tNg/VgaEKe1XGMRpjep6eYfKSTi0o8J7oyC9/NbcGj9LHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUCl3jSgKcfVEOLciRrOUW/fnuXWQwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzkzMTJlMzEzMzM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVuJMA0G
CSqGSIb3DQEBCwUAA4IBAQA7dMsF+Ed3SjwZw/KiHkhb1n5PpdySuPRB7xg1G5tR
nb6IzB5m7BPEHEYPTV81qMRg/M0BVxwGX3lMW0IXPT00/ds4sxX0TWcA2Yd1adgV
XmrW6wP2V6VsZQsO9k5OE2mkO5MyZvYBpiC853JY1b7s50kEHkNpAFyeuTl+iDS2
i5AFGMUJceWLd1hhW8QxHqxAzCD6HfXrmvDXnI4d2CRZC0GPRkaW6aR+vupYwBjj
EvnzIfghSjZOzvKsDsKvuVHbB+xLUR8+NKQDEvdgtugDV+dzR9EwYMhihcP7HIUR
YRnFalJfLB4zr1MmPrcQcuNqUM/g2xaXS2YBiknBp3yI
-----END CERTIFICATE-----