Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20383334.roa
File:                     34352e36362e36332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          sEgCiTdKWVCXu/d5z0ga/auyfNaYgNDwWsE3XxZT3rE=
Subject key identifier:   F8:E9:EE:7E:3F:99:2D:E8:1A:DF:DF:2A:15:26:C4:BA:43:E7:1E:F7
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       7CCE75CC3BE3C7B282FF2193BA24D29ED6BB359F
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20383334.roa
Signing time:             Fri 28 Mar 2025 02:23:40 +0000
ROA not before:           Fri 28 Mar 2025 02:18:40 +0000
ROA not after:            Fri 27 Mar 2026 02:23:40 +0000
asID:                     834
IP address blocks:        45.66.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 05:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:ce:75:cc:3b:e3:c7:b2:82:ff:21:93:ba:24:d2:9e:d6:bb:35:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: Mar 28 02:18:40 2025 GMT
            Not After : Mar 27 02:23:40 2026 GMT
        Subject: CN=F8E9EE7E3F992DE81ADFDF2A1526C4BA43E71EF7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:cb:15:1c:a9:ad:49:3b:67:e5:8c:ee:f5:89:
                    f1:67:98:be:aa:6b:9f:aa:70:a5:66:cb:5a:a9:b1:
                    63:96:6b:08:27:4a:70:2f:77:51:01:a3:67:6d:11:
                    02:98:31:62:2d:70:ec:2c:46:76:70:00:23:ba:6b:
                    38:07:a4:db:28:54:5b:4a:e7:34:25:d7:83:bc:6f:
                    67:82:13:48:e9:2b:46:60:b6:b0:67:b8:36:aa:8e:
                    d7:29:fc:ce:fa:1e:c3:33:c4:65:65:72:95:c7:3c:
                    65:6e:b9:e6:cf:69:6d:d8:5c:16:77:8d:e7:45:ef:
                    0a:e9:5c:6b:53:76:e3:f2:f4:b7:4b:50:a3:3c:fb:
                    04:66:31:72:3b:ca:1c:1a:5a:1d:63:13:dd:4b:ce:
                    29:5c:2c:ac:36:1e:cc:4a:70:ed:fc:e4:f6:3b:b3:
                    c9:3a:7f:8a:81:2a:8e:5c:88:10:cf:a8:0e:0c:35:
                    01:4a:05:99:29:30:fc:66:90:c6:00:4f:4d:e1:44:
                    b0:7e:66:1f:e1:e3:04:a9:42:ee:af:f5:f2:e5:38:
                    c6:99:75:b5:d1:be:7a:7c:56:ed:09:8e:a3:a3:7e:
                    70:c6:55:c6:3b:26:f5:68:8d:d9:dd:83:22:32:41:
                    50:49:eb:5c:c9:f4:09:e4:2f:7d:70:d7:a3:5e:53:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:E9:EE:7E:3F:99:2D:E8:1A:DF:DF:2A:15:26:C4:BA:43:E7:1E:F7
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:71:cb:6f:94:10:2b:ef:39:4d:76:40:a8:74:96:de:d5:b3:
         a7:c6:c5:41:32:bb:21:05:f5:c7:d6:eb:09:6f:7a:32:56:2a:
         21:d8:5b:f7:c3:e9:e9:e5:55:a0:22:d3:d5:59:f8:d1:b5:14:
         be:22:7b:5e:3f:0e:6c:0a:67:c6:f0:cd:47:b1:ea:9f:7d:4b:
         3b:45:6e:79:2a:01:f0:34:25:f6:c9:8d:cf:46:f2:34:6e:37:
         dd:57:67:36:0a:71:21:fb:fd:c6:6b:c4:24:8c:bc:1e:e8:c5:
         c1:cb:87:57:b5:8a:2b:5b:87:ed:dc:b8:3e:8c:b2:8d:45:8c:
         12:79:ab:22:f9:cd:e1:ae:03:1e:0f:d5:53:d1:c3:c5:cc:1d:
         f0:77:e7:b0:ab:6c:90:e8:b8:76:d8:ee:e7:4d:21:8e:33:d0:
         c1:6c:9f:f2:9c:6f:f7:33:80:f2:1e:aa:46:3d:23:40:8f:4e:
         36:1d:61:b0:f4:3a:a4:2f:b3:9f:f3:67:88:cd:e4:0a:be:ae:
         cc:81:25:dc:b8:6e:b2:e9:78:06:7e:fe:6d:b2:38:d6:1d:73:
         03:94:29:59:26:ed:d3:15:53:c4:be:5c:07:d9:1b:92:2c:8d:
         07:fd:57:c8:96:a2:ca:3a:9d:52:8a:51:cd:ef:03:d9:e5:bd:
         18:a1:9f:39
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUfM51zDvjx7KC/yGTuiTSnta7NZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTAzMjgwMjE4NDBaFw0yNjAzMjcwMjIzNDBaMDMxMTAvBgNV
BAMTKEY4RTlFRTdFM0Y5OTJERTgxQURGREYyQTE1MjZDNEJBNDNFNzFFRjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoyxUcqa1JO2fljO71ifFnmL6q
a5+qcKVmy1qpsWOWawgnSnAvd1EBo2dtEQKYMWItcOwsRnZwACO6azgHpNsoVFtK
5zQl14O8b2eCE0jpK0ZgtrBnuDaqjtcp/M76HsMzxGVlcpXHPGVuuebPaW3YXBZ3
jedF7wrpXGtTduPy9LdLUKM8+wRmMXI7yhwaWh1jE91LzilcLKw2HsxKcO385PY7
s8k6f4qBKo5ciBDPqA4MNQFKBZkpMPxmkMYAT03hRLB+Zh/h4wSpQu6v9fLlOMaZ
dbXRvnp8Vu0JjqOjfnDGVcY7JvVojdndgyIyQVBJ61zJ9AnkL31w16NeU9RzAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU+Onufj+ZLega398qFSbEukPnHvcwHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1CPzANBgkq
hkiG9w0BAQsFAAOCAQEA6nHLb5QQK+85TXZAqHSW3tWzp8bFQTK7IQX1x9brCW96
MlYqIdhb98Pp6eVVoCLT1Vn40bUUviJ7Xj8ObApnxvDNR7Hqn31LO0VueSoB8DQl
9smNz0byNG433VdnNgpxIfv9xmvEJIy8HujFwcuHV7WKK1uH7dy4PoyyjUWMEnmr
IvnN4a4DHg/VU9HDxcwd8HfnsKtskOi4dtju500hjjPQwWyf8pxv9zOA8h6qRj0j
QI9ONh1hsPQ6pC+zn/NniM3kCr6uzIEl3Lhusul4Bn7+bbI41h1zA5QpWSbt0xVT
xL5cB9kbkiyNB/1XyJaiyjqdUopRze8D2eW9GKGfOQ==
-----END CERTIFICATE-----