Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20383334.roa
File:                     34352e36362e36332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +lxugZDOPYeNvwOMe73TcSTp+67iTBoQ2Mh6vI2juqw=
Subject key identifier:   8B:19:92:8A:8F:4C:3C:BA:59:F4:E2:F5:A6:BC:FE:93:48:56:8A:78
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       59C261D8C7024A25FF526AC260DD151AE1C1A9C8
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 05 Jun 2025 00:00:37 +0000
ROA not before:           Wed 04 Jun 2025 23:55:37 +0000
ROA not after:            Thu 04 Jun 2026 00:00:37 +0000
asID:                     834
IP address blocks:        45.66.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 11:03:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:c2:61:d8:c7:02:4a:25:ff:52:6a:c2:60:dd:15:1a:e1:c1:a9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: Jun  4 23:55:37 2025 GMT
            Not After : Jun  4 00:00:37 2026 GMT
        Subject: CN=8B19928A8F4C3CBA59F4E2F5A6BCFE9348568A78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e8:01:d1:fa:db:bf:6a:9c:4e:b4:10:d6:4d:
                    38:dd:ac:de:c1:e8:af:1b:b8:c7:75:0a:02:2f:87:
                    88:6c:c1:0b:bd:55:74:eb:1c:16:d1:2c:63:1c:2d:
                    da:94:db:91:6e:0d:06:21:4b:10:8c:09:a6:30:00:
                    6c:13:fe:fd:df:a9:55:91:4b:c9:f0:81:2e:04:b7:
                    10:67:cd:0b:05:a3:21:f6:24:e3:d1:f6:b0:e4:c3:
                    a3:4f:83:67:b5:8f:71:ba:1d:16:54:bb:78:02:61:
                    fc:25:8a:f7:27:49:ce:53:c4:52:3d:13:09:1b:c3:
                    13:8a:67:d1:6b:fe:76:bb:86:16:14:0e:dc:93:9f:
                    1a:14:a7:e2:52:8f:5f:d1:1e:e0:e3:b9:5b:d6:6b:
                    99:7a:e3:8b:86:7f:1c:f3:52:44:71:e4:44:12:25:
                    7b:8a:d0:f5:d3:b1:fe:5e:2d:cb:78:e9:a2:9a:ff:
                    59:22:5e:ef:60:77:55:98:bc:64:6b:12:be:d1:c4:
                    7f:cf:06:63:e8:8f:cd:a7:d6:d5:96:ad:4c:36:1a:
                    04:c2:10:31:92:e9:74:97:69:c9:a1:c8:8b:8e:df:
                    fa:bb:e7:e6:a3:3c:3c:f3:18:32:c9:45:0c:21:95:
                    15:cf:fe:ea:8d:a7:8a:17:e8:16:b0:c4:f2:c7:95:
                    02:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:19:92:8A:8F:4C:3C:BA:59:F4:E2:F5:A6:BC:FE:93:48:56:8A:78
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:6f:15:27:4c:40:27:8e:23:ee:2e:35:88:e9:da:42:a9:dd:
         33:ce:a1:1b:6b:73:a1:51:ba:15:1b:af:3b:23:22:a1:db:d5:
         c5:ef:c9:32:0c:c1:4e:65:2c:a8:9e:86:e8:6b:3b:23:4e:86:
         28:14:0b:75:6e:85:d5:72:7a:17:c5:64:9f:3e:9c:cb:24:47:
         97:36:4b:60:b7:ad:87:ab:ae:60:a2:b0:d1:cd:90:16:f3:17:
         b0:42:8a:ae:a9:42:94:ca:bf:8d:f2:9a:c2:87:ac:b8:c2:cd:
         9d:21:ba:74:a3:7a:fb:95:a0:ff:12:46:81:d2:86:42:67:2c:
         2b:88:d2:e5:90:06:99:6f:af:86:0b:90:fb:0f:8e:0f:04:de:
         01:13:32:72:b2:d5:99:d4:9b:f7:f4:3c:a8:cb:02:6c:ff:f3:
         9b:31:d2:27:53:a8:85:94:e8:5c:27:d1:1c:f3:4d:14:db:2d:
         1a:82:e9:7d:52:5e:71:16:e3:9f:e8:92:89:5e:44:a7:e8:7b:
         ee:92:6f:a1:c2:3b:21:10:99:07:9b:0d:5f:3f:8a:fc:3c:3b:
         0c:55:67:bf:1b:cf:4e:00:cd:4d:e6:6a:8b:57:c4:ec:71:41:
         c7:58:b6:a2:58:94:9c:31:91:5b:9b:cc:f9:a6:d0:9d:f9:66:
         4a:ec:de:c1
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUWcJh2McCSiX/UmrCYN0VGuHBqcgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTA2MDQyMzU1MzdaFw0yNjA2MDQwMDAwMzdaMDMxMTAvBgNV
BAMTKDhCMTk5MjhBOEY0QzNDQkE1OUY0RTJGNUE2QkNGRTkzNDg1NjhBNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi6AHR+tu/apxOtBDWTTjdrN7B
6K8buMd1CgIvh4hswQu9VXTrHBbRLGMcLdqU25FuDQYhSxCMCaYwAGwT/v3fqVWR
S8nwgS4EtxBnzQsFoyH2JOPR9rDkw6NPg2e1j3G6HRZUu3gCYfwlivcnSc5TxFI9
EwkbwxOKZ9Fr/na7hhYUDtyTnxoUp+JSj1/RHuDjuVvWa5l644uGfxzzUkRx5EQS
JXuK0PXTsf5eLct46aKa/1kiXu9gd1WYvGRrEr7RxH/PBmPoj82n1tWWrUw2GgTC
EDGS6XSXacmhyIuO3/q75+ajPDzzGDLJRQwhlRXP/uqNp4oX6BawxPLHlQLZAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUixmSio9MPLpZ9OL1prz+k0hWingwHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1CPzANBgkq
hkiG9w0BAQsFAAOCAQEA5G8VJ0xAJ44j7i41iOnaQqndM86hG2tzoVG6FRuvOyMi
odvVxe/JMgzBTmUsqJ6G6Gs7I06GKBQLdW6F1XJ6F8Vknz6cyyRHlzZLYLeth6uu
YKKw0c2QFvMXsEKKrqlClMq/jfKawoesuMLNnSG6dKN6+5Wg/xJGgdKGQmcsK4jS
5ZAGmW+vhguQ+w+ODwTeARMycrLVmdSb9/Q8qMsCbP/zmzHSJ1OohZToXCfRHPNN
FNstGoLpfVJecRbjn+iSiV5Ep+h77pJvocI7IRCZB5sNXz+K/Dw7DFVnvxvPTgDN
TeZqi1fE7HFBx1i2oliUnDGRW5vM+abQnflmSuzewQ==
-----END CERTIFICATE-----