Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20383334.roa
File:                     34352e36362e36302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cob4jPxF3rrMg6hwki6aZSVe0/iQEcIhptQTeWjOdMo=
Subject key identifier:   74:82:D4:4F:C6:4A:8C:39:D9:A8:C1:D9:DF:EA:DB:9A:AF:E2:AC:8A
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       6572867C9401F6D46E52884B8C6D5829DC44BADF
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20383334.roa
Signing time:             Thu 22 May 2025 00:02:54 +0000
ROA not before:           Wed 21 May 2025 23:57:54 +0000
ROA not after:            Thu 21 May 2026 00:02:54 +0000
asID:                     834
IP address blocks:        45.66.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:72:86:7c:94:01:f6:d4:6e:52:88:4b:8c:6d:58:29:dc:44:ba:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: May 21 23:57:54 2025 GMT
            Not After : May 21 00:02:54 2026 GMT
        Subject: CN=7482D44FC64A8C39D9A8C1D9DFEADB9AAFE2AC8A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a2:11:e2:e0:25:00:c7:81:ed:77:20:83:1c:
                    e2:40:d9:6c:f8:05:e2:dd:2d:64:89:7b:63:5c:a2:
                    b8:17:cb:4c:ad:9c:8b:96:62:10:3a:d6:24:00:47:
                    f8:67:5b:86:53:ad:ee:3c:2f:cb:48:af:d3:2c:68:
                    28:13:09:7d:95:82:31:fc:9f:9a:c2:ee:a4:82:8d:
                    6f:a7:07:44:d0:98:af:e2:c4:a9:4f:8b:2c:6c:87:
                    96:b9:76:22:9e:56:4e:87:1b:c1:d1:25:5b:5a:2a:
                    e0:3a:52:a6:e7:25:57:b9:da:71:26:94:aa:37:9c:
                    ae:fb:ff:27:cd:2e:69:38:9f:7b:51:94:3a:7c:50:
                    34:56:8e:84:42:7d:ca:48:8b:16:56:c6:d7:79:c7:
                    76:51:8d:11:0e:98:ed:a1:69:a8:82:ce:17:1b:6d:
                    a4:ae:20:64:93:3b:f3:33:d3:e4:ff:c5:ea:90:33:
                    0c:45:cd:9c:66:36:0d:bc:68:48:38:94:a3:a6:87:
                    c4:e7:51:c9:99:67:03:19:df:94:7d:f0:4f:bd:ac:
                    75:34:ed:55:41:9a:da:dc:96:d7:f1:76:c4:89:90:
                    ad:08:20:b7:81:39:8d:8f:1f:6e:f0:4f:a2:ce:c9:
                    ff:79:11:47:f9:c5:f1:6b:46:f3:41:15:04:f8:37:
                    e2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:82:D4:4F:C6:4A:8C:39:D9:A8:C1:D9:DF:EA:DB:9A:AF:E2:AC:8A
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:1c:8d:3c:38:2c:4a:28:9d:b5:54:cd:9f:66:78:21:e2:5f:
         a0:83:16:b1:ae:37:45:82:00:0c:d4:fb:29:96:67:8f:bb:94:
         d6:4d:bc:f8:f3:0b:dd:27:1f:f4:13:25:7d:13:45:ab:34:9e:
         f0:59:87:4f:e8:d6:be:fe:d4:fa:3a:74:bc:8e:ee:38:c7:64:
         72:cc:40:7e:04:88:1f:c5:75:87:28:59:cb:d8:c7:65:ca:0b:
         df:ae:16:fe:d2:6f:b3:fe:22:92:ff:3e:91:69:89:5f:69:eb:
         d1:53:53:be:39:92:da:16:c8:15:9d:fd:31:2e:38:5a:0f:ea:
         7c:bb:26:d9:c7:c7:89:52:77:e7:ec:64:3d:27:59:90:a0:34:
         bc:f6:24:8c:80:e7:40:d3:75:6b:a8:64:58:ac:c0:50:17:31:
         26:25:2a:fe:5e:6e:67:03:14:c3:5b:e3:d6:a3:2a:b1:f2:10:
         d3:c2:20:2c:fe:8a:bd:8d:a7:16:1e:63:b5:b2:b4:34:5e:e2:
         e0:41:2f:47:d2:75:5d:10:6a:a2:48:a2:a2:44:a0:fa:d4:c9:
         42:1f:65:a0:fe:5a:18:22:c0:30:b1:12:7b:61:4f:10:e7:77:
         5b:aa:a2:03:f6:00:4b:da:50:91:cd:e7:af:ae:2d:bc:5f:20:
         5c:26:05:ac
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUZXKGfJQB9tRuUohLjG1YKdxEut8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTA1MjEyMzU3NTRaFw0yNjA1MjEwMDAyNTRaMDMxMTAvBgNV
BAMTKDc0ODJENDRGQzY0QThDMzlEOUE4QzFEOURGRUFEQjlBQUZFMkFDOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwohHi4CUAx4HtdyCDHOJA2Wz4
BeLdLWSJe2NcorgXy0ytnIuWYhA61iQAR/hnW4ZTre48L8tIr9MsaCgTCX2VgjH8
n5rC7qSCjW+nB0TQmK/ixKlPiyxsh5a5diKeVk6HG8HRJVtaKuA6UqbnJVe52nEm
lKo3nK77/yfNLmk4n3tRlDp8UDRWjoRCfcpIixZWxtd5x3ZRjREOmO2haaiCzhcb
baSuIGSTO/Mz0+T/xeqQMwxFzZxmNg28aEg4lKOmh8TnUcmZZwMZ35R98E+9rHU0
7VVBmtrcltfxdsSJkK0IILeBOY2PH27wT6LOyf95EUf5xfFrRvNBFQT4N+IdAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUdILUT8ZKjDnZqMHZ3+rbmq/irIowHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1CPDANBgkq
hkiG9w0BAQsFAAOCAQEAoRyNPDgsSiidtVTNn2Z4IeJfoIMWsa43RYIADNT7KZZn
j7uU1k28+PML3Scf9BMlfRNFqzSe8FmHT+jWvv7U+jp0vI7uOMdkcsxAfgSIH8V1
hyhZy9jHZcoL364W/tJvs/4ikv8+kWmJX2nr0VNTvjmS2hbIFZ39MS44Wg/qfLsm
2cfHiVJ35+xkPSdZkKA0vPYkjIDnQNN1a6hkWKzAUBcxJiUq/l5uZwMUw1vj1qMq
sfIQ08IgLP6KvY2nFh5jtbK0NF7i4EEvR9J1XRBqokiiokSg+tTJQh9loP5aGCLA
MLESe2FPEOd3W6qiA/YAS9pQkc3nr64tvF8gXCYFrA==
-----END CERTIFICATE-----