Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
File:                     34352e31332e3134382e302f32332d3233203d3e203632333837.roa (raw, json)
Hash identifier:          5EJNV4UhdWOuwnTNcgbmbjrtx0zc2Gwd0NznlniRrK0=
Subject key identifier:   B1:76:81:9C:76:D8:43:A9:85:31:5A:C0:A6:1A:8B:C6:8A:80:67:A4
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       067F1B7DA08628F526322C813D7D3839E1F8CCBB
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
Signing time:             Thu 08 May 2025 16:54:08 +0000
ROA not before:           Thu 08 May 2025 16:49:08 +0000
ROA not after:            Thu 07 May 2026 16:54:08 +0000
asID:                     62387
IP address blocks:        45.13.148.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:7f:1b:7d:a0:86:28:f5:26:32:2c:81:3d:7d:38:39:e1:f8:cc:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May  8 16:49:08 2025 GMT
            Not After : May  7 16:54:08 2026 GMT
        Subject: CN=B176819C76D843A985315AC0A61A8BC68A8067A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:59:b9:59:7f:c5:4f:43:21:8b:1e:b1:f6:c9:
                    66:e5:b8:fe:60:34:80:60:f4:50:03:19:3e:74:dd:
                    8b:9e:59:a2:4f:60:81:6b:85:ce:f1:4a:c5:91:81:
                    28:cb:c1:a2:e6:ff:ed:bb:e6:29:75:e9:38:a0:55:
                    5c:b3:bb:0f:95:9f:6c:ad:bb:00:6e:b1:b9:dd:cc:
                    2b:df:e4:d3:76:c6:44:b3:51:d3:ed:dc:38:6a:40:
                    d5:a2:4b:2b:7a:ae:25:dc:0d:33:99:9a:1a:c1:a9:
                    cf:5b:21:2c:ca:13:87:28:a2:1e:1d:d4:33:51:e3:
                    43:5c:e5:8b:d5:43:6e:d8:8a:99:26:bd:2b:6d:ca:
                    fc:84:84:18:e2:91:5a:43:9c:61:5b:b1:2d:7a:8c:
                    05:c0:1e:e2:8e:c3:fd:82:ed:cc:09:05:e5:61:d7:
                    8d:66:74:0e:31:bf:6d:2b:14:8f:32:39:a4:c7:1c:
                    12:88:2b:eb:93:23:80:51:16:31:dd:51:64:46:4a:
                    60:47:62:ec:c2:fc:fb:bf:72:1b:bf:f8:f4:e2:5a:
                    a0:37:ac:18:e7:4f:ff:43:9a:5b:21:5e:70:29:ba:
                    ee:89:2a:ae:61:59:a4:1e:3e:fa:ad:ed:25:2e:7e:
                    25:54:f6:a6:70:93:df:0e:ca:64:b9:ec:26:f8:7b:
                    c4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:76:81:9C:76:D8:43:A9:85:31:5A:C0:A6:1A:8B:C6:8A:80:67:A4
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:8e:76:6b:fb:58:01:4e:ad:a9:0f:62:7e:e6:d8:94:55:88:
         c7:ba:ab:0a:09:e3:2b:3b:f1:c9:37:97:d0:26:15:e1:a5:24:
         ef:4a:09:de:6f:ae:86:c6:c9:47:2e:02:66:54:3e:79:5c:83:
         4f:b4:e3:61:c2:0b:38:3a:e9:84:0e:46:56:b5:30:82:ce:52:
         fd:ad:8c:f6:0c:05:d3:86:de:2b:59:eb:ac:43:8a:1e:61:f8:
         dc:41:2e:ef:7c:01:2b:a1:eb:cb:4b:b0:07:b5:08:2e:f5:de:
         fe:91:d6:d1:3f:cd:2a:44:72:7e:3f:bc:5a:fe:47:9b:a5:1f:
         6f:3a:22:bd:bc:4b:4d:e5:d5:17:5f:c3:da:6f:84:08:99:82:
         c0:a1:0f:1c:14:24:75:d3:87:fe:d6:65:99:e2:96:48:34:06:
         5e:78:f9:26:d3:05:bd:b7:67:97:14:81:a7:c4:bf:e1:03:9b:
         be:1c:cc:3c:05:38:48:80:46:a5:a5:5b:4a:4c:90:e8:f2:16:
         e9:57:62:78:4c:73:f7:1f:6f:1e:25:5f:99:8c:ad:b9:9f:b3:
         5f:4e:25:06:b7:b6:bd:e6:97:b4:08:87:b5:54:40:a1:a2:1d:
         85:55:a6:e8:a8:c7:45:20:54:1b:27:04:b7:fd:d8:9e:71:3b:
         ab:c2:6d:73
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBn8bfaCGKPUmMiyBPX04OeH4zLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNTA1MDgxNjQ5MDhaFw0yNjA1MDcxNjU0MDhaMDMxMTAvBgNV
BAMTKEIxNzY4MTlDNzZEODQzQTk4NTMxNUFDMEE2MUE4QkM2OEE4MDY3QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgWblZf8VPQyGLHrH2yWbluP5g
NIBg9FADGT503YueWaJPYIFrhc7xSsWRgSjLwaLm/+275il16TigVVyzuw+Vn2yt
uwBusbndzCvf5NN2xkSzUdPt3DhqQNWiSyt6riXcDTOZmhrBqc9bISzKE4cooh4d
1DNR40Nc5YvVQ27YipkmvSttyvyEhBjikVpDnGFbsS16jAXAHuKOw/2C7cwJBeVh
141mdA4xv20rFI8yOaTHHBKIK+uTI4BRFjHdUWRGSmBHYuzC/Pu/chu/+PTiWqA3
rBjnT/9DmlshXnApuu6JKq5hWaQePvqt7SUufiVU9qZwk98OymS57Cb4e8RZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsXaBnHbYQ6mFMVrAphqLxoqAZ6QwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzYzMjMzMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0N
lDANBgkqhkiG9w0BAQsFAAOCAQEAwI52a/tYAU6tqQ9ifubYlFWIx7qrCgnjKzvx
yTeX0CYV4aUk70oJ3m+uhsbJRy4CZlQ+eVyDT7TjYcILODrphA5GVrUwgs5S/a2M
9gwF04beK1nrrEOKHmH43EEu73wBK6Hry0uwB7UILvXe/pHW0T/NKkRyfj+8Wv5H
m6UfbzoivbxLTeXVF1/D2m+ECJmCwKEPHBQkddOH/tZlmeKWSDQGXnj5JtMFvbdn
lxSBp8S/4QObvhzMPAU4SIBGpaVbSkyQ6PIW6VdieExz9x9vHiVfmYytuZ+zX04l
Bre2veaXtAiHtVRAoaIdhVWm6KjHRSBUGycEt/3YnnE7q8Jtcw==
-----END CERTIFICATE-----