Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39372e302f32342d3234203d3e20383334.roa
File:                     34352e3133372e39372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          7LDa9DWu3mZzY8UhaCPzOPa9O/sTjBEH+n3wntpwJQs=
Subject key identifier:   CE:D3:CF:B4:5D:BE:59:72:91:72:03:3B:62:12:F7:F5:43:A6:D7:70
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7CDC0B626B2A2D3A2D9E083B31F8CA1A638355DE
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39372e302f32342d3234203d3e20383334.roa
Signing time:             Sun 29 Jun 2025 10:17:23 +0000
ROA not before:           Sun 29 Jun 2025 10:12:23 +0000
ROA not after:            Sun 28 Jun 2026 10:17:23 +0000
asID:                     834
IP address blocks:        45.137.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 12:33:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:dc:0b:62:6b:2a:2d:3a:2d:9e:08:3b:31:f8:ca:1a:63:83:55:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 29 10:12:23 2025 GMT
            Not After : Jun 28 10:17:23 2026 GMT
        Subject: CN=CED3CFB45DBE59729172033B6212F7F543A6D770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:28:71:68:35:84:0a:4c:0d:75:32:7a:ac:2b:
                    82:df:25:c0:b0:b5:04:3e:74:24:06:d2:2c:65:28:
                    97:6e:4e:9f:4b:c2:d6:4c:12:1b:ce:bb:1e:ec:91:
                    53:42:cd:e4:a4:22:cc:d3:37:6c:c4:6e:b1:87:92:
                    80:7e:c0:bc:27:88:2f:92:ea:dc:4b:ff:aa:a0:9b:
                    fd:19:56:07:29:ea:22:51:cc:a6:d7:be:c7:eb:60:
                    c7:9d:a3:1b:d5:43:b5:83:61:88:70:96:90:13:08:
                    b9:c1:c0:7b:bb:f8:d3:a5:f7:91:ed:fa:4b:23:08:
                    3a:35:7f:32:42:ef:80:8f:92:3e:25:77:71:4d:38:
                    da:90:b7:a5:49:ad:ad:79:2c:fb:6b:68:c1:ec:69:
                    a6:02:c7:37:cf:b2:e5:3a:4a:cc:da:7f:7b:23:cb:
                    ec:f7:49:c7:8e:34:c8:5f:0f:22:2e:7b:0b:36:cd:
                    af:58:1b:5e:05:82:cd:dc:b6:77:1b:a3:57:54:84:
                    9f:45:9d:ad:41:97:3a:95:27:de:f4:e9:d2:84:7a:
                    93:ea:68:e7:cd:50:0c:55:5b:28:a2:31:2c:0e:a7:
                    c5:e1:23:3a:92:21:f0:56:76:db:74:82:4e:30:d5:
                    bb:a9:71:04:27:0d:fa:ac:c8:0a:d2:a1:3f:1a:d0:
                    6f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D3:CF:B4:5D:BE:59:72:91:72:03:3B:62:12:F7:F5:43:A6:D7:70
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e3133372e39372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:76:96:94:ca:10:91:ff:9b:d8:65:70:db:15:b9:d5:92:d4:
         62:f4:80:21:5b:c4:5e:40:58:37:f5:aa:a8:a2:ef:6f:4c:d5:
         81:3b:73:b4:7d:a8:c0:82:87:37:54:60:bc:8e:12:48:ff:1e:
         dc:e2:3e:16:e0:a7:34:22:9d:c5:bf:ba:b6:3a:35:d7:9d:4f:
         09:9e:ac:81:42:74:b1:bc:9e:14:b5:0e:ae:9a:16:da:75:34:
         da:00:65:73:f8:d6:07:8a:69:30:d6:3c:07:fa:c0:9c:f1:99:
         eb:73:aa:36:0e:65:be:99:ec:49:7b:c4:82:82:78:19:ff:36:
         06:ad:e5:89:d3:8a:4e:cf:1b:34:f9:21:63:74:ef:a6:54:71:
         81:6c:f7:c2:f3:f7:46:99:bc:e6:bd:29:c7:98:3c:0d:fc:96:
         85:89:86:86:2b:c5:bf:fa:d9:4f:c3:10:f4:ab:cd:ff:af:85:
         2a:08:f5:67:2d:24:70:e5:04:00:c8:38:ab:8b:25:fd:5c:c3:
         0d:86:08:0a:31:e2:d0:80:73:fb:60:f2:71:c3:99:14:c0:54:
         58:fa:ff:38:45:be:9e:ca:a9:5c:e2:37:78:7b:30:fd:cb:49:
         47:48:28:2a:1d:eb:71:2a:a0:54:ad:22:9d:7f:70:c2:7b:27:
         d9:ff:ab:b9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUfNwLYmsqLTotngg7MfjKGmODVd4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA2MjkxMDEyMjNaFw0yNjA2MjgxMDE3MjNaMDMxMTAvBgNV
BAMTKENFRDNDRkI0NURCRTU5NzI5MTcyMDMzQjYyMTJGN0Y1NDNBNkQ3NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9KHFoNYQKTA11MnqsK4LfJcCw
tQQ+dCQG0ixlKJduTp9LwtZMEhvOux7skVNCzeSkIszTN2zEbrGHkoB+wLwniC+S
6txL/6qgm/0ZVgcp6iJRzKbXvsfrYMedoxvVQ7WDYYhwlpATCLnBwHu7+NOl95Ht
+ksjCDo1fzJC74CPkj4ld3FNONqQt6VJra15LPtraMHsaaYCxzfPsuU6Sszaf3sj
y+z3SceONMhfDyIuews2za9YG14Fgs3ctncbo1dUhJ9Fna1BlzqVJ9706dKEepPq
aOfNUAxVWyiiMSwOp8XhIzqSIfBWdtt0gk4w1bupcQQnDfqsyArSoT8a0G8BAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUztPPtF2+WXKRcgM7YhL39UOm13AwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMzM3MmUzOTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlhMA0G
CSqGSIb3DQEBCwUAA4IBAQBmdpaUyhCR/5vYZXDbFbnVktRi9IAhW8ReQFg39aqo
ou9vTNWBO3O0fajAgoc3VGC8jhJI/x7c4j4W4Kc0Ip3Fv7q2OjXXnU8JnqyBQnSx
vJ4UtQ6umhbadTTaAGVz+NYHimkw1jwH+sCc8Znrc6o2DmW+mexJe8SCgngZ/zYG
reWJ04pOzxs0+SFjdO+mVHGBbPfC8/dGmbzmvSnHmDwN/JaFiYaGK8W/+tlPwxD0
q83/r4UqCPVnLSRw5QQAyDiriyX9XMMNhggKMeLQgHP7YPJxw5kUwFRY+v84Rb6e
yqlc4jd4ezD9y0lHSCgqHetxKqBUrSKdf3DCeyfZ/6u5
-----END CERTIFICATE-----