Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20333937363330.roa
File:                     34352e36362e36302e302f32342d3234203d3e20333937363330.roa (raw, json)
Hash identifier:          m0lx7gp/PL+dNLZxtVb3q5bMr/J2JBCQr1yWWiLZaNg=
Subject key identifier:   CD:84:54:D8:49:63:41:E2:C5:09:A8:C8:B0:21:3B:6C:0A:27:BB:5D
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       197A9C868076F72962056C6F44498360DBE729BB
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20333937363330.roa
Signing time:             Fri 10 Oct 2025 12:26:28 +0000
ROA not before:           Fri 10 Oct 2025 12:21:28 +0000
ROA not after:            Fri 09 Oct 2026 12:26:28 +0000
asID:                     397630
IP address blocks:        45.66.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:40:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:7a:9c:86:80:76:f7:29:62:05:6c:6f:44:49:83:60:db:e7:29:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: Oct 10 12:21:28 2025 GMT
            Not After : Oct  9 12:26:28 2026 GMT
        Subject: CN=CD8454D8496341E2C509A8C8B0213B6C0A27BB5D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:48:d7:6c:02:ad:19:3a:d7:b7:8b:3f:a9:36:
                    84:13:25:f7:ed:2e:2f:ee:f5:f3:05:5b:3f:7c:7b:
                    22:69:73:00:6a:e9:e0:fc:27:e1:59:83:93:84:d9:
                    df:3b:d2:f0:3a:d5:b4:5e:4e:0f:f4:49:60:49:74:
                    22:7b:e4:a3:d7:cc:e6:bd:d9:ff:7c:3c:db:1f:ce:
                    cd:0d:d2:ce:48:c5:fe:af:6c:05:95:41:91:b7:c5:
                    cb:6a:fb:e3:3f:23:7a:6c:20:1b:a4:dd:5b:25:dc:
                    bb:1f:8d:7f:a5:f4:e7:4e:36:d0:b7:97:b3:61:cf:
                    0f:e4:73:8a:78:bb:a7:3b:3f:11:0a:9d:44:0c:43:
                    a2:80:36:ba:21:29:b4:7b:15:e4:7a:9d:be:c2:52:
                    45:e9:8d:f0:be:a1:6a:69:ca:7b:da:bf:bd:36:9e:
                    80:bc:9e:ee:3c:2c:d9:86:7e:4c:1f:d6:db:b6:ea:
                    61:e5:f3:33:7b:30:39:cd:7e:75:bf:6e:4e:26:34:
                    d5:f4:b8:8f:b5:0d:bf:df:5c:81:31:50:b0:2a:36:
                    f2:ab:d7:e8:4d:34:c9:56:3b:87:51:e7:d7:28:64:
                    44:06:19:26:0c:a8:e9:7f:0e:3a:ce:74:72:9c:fe:
                    0a:d7:cd:ee:bb:72:01:a3:3f:7c:96:d5:fb:9a:49:
                    d1:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:84:54:D8:49:63:41:E2:C5:09:A8:C8:B0:21:3B:6C:0A:27:BB:5D
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20333937363330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:51:f7:80:cc:c9:e8:9b:fe:2c:08:32:86:b2:02:d3:05:47:
         92:45:b2:30:d8:36:15:6d:c0:0e:ab:e4:7f:26:97:e1:b2:06:
         19:1a:0b:a0:9e:dc:47:68:9c:23:5e:55:62:e8:eb:c7:bb:4f:
         52:f3:7f:0a:f5:4b:07:e2:a3:bb:22:63:9f:30:13:69:fb:e5:
         7a:a3:8e:e6:e3:79:6a:6b:cf:c0:9b:64:2e:65:60:51:ac:41:
         d6:37:60:6d:9d:bf:94:12:a4:2c:75:fc:7a:d0:cd:30:2c:94:
         28:89:b3:3f:d6:23:74:e4:61:ea:2d:d3:c8:62:1d:45:fd:dd:
         9b:93:b0:49:1d:70:57:38:6f:34:c0:cb:81:a1:97:8e:01:f9:
         94:8d:38:1f:2b:2b:ee:70:9d:c6:a1:3f:a5:87:27:20:a5:bd:
         49:fd:fb:eb:fc:de:ec:25:08:d2:26:06:71:c2:6a:d6:d0:53:
         87:ab:12:f0:1e:e8:56:ab:13:bf:f1:ca:88:a2:9e:ba:29:6b:
         74:ed:a9:a8:5e:82:dd:4e:f8:2e:9c:0c:40:4b:dd:a1:12:d3:
         08:43:6e:91:66:42:42:87:60:7d:91:03:e7:03:0c:ff:07:66:
         13:8c:05:1e:43:44:28:be:91:b4:60:cd:44:19:fa:6f:5a:e5:
         c9:7f:55:9f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGXqchoB29yliBWxvREmDYNvnKbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTEwMTAxMjIxMjhaFw0yNjEwMDkxMjI2MjhaMDMxMTAvBgNV
BAMTKENEODQ1NEQ4NDk2MzQxRTJDNTA5QThDOEIwMjEzQjZDMEEyN0JCNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYSNdsAq0ZOte3iz+pNoQTJfft
Li/u9fMFWz98eyJpcwBq6eD8J+FZg5OE2d870vA61bReTg/0SWBJdCJ75KPXzOa9
2f98PNsfzs0N0s5Ixf6vbAWVQZG3xctq++M/I3psIBuk3Vsl3LsfjX+l9OdONtC3
l7Nhzw/kc4p4u6c7PxEKnUQMQ6KANrohKbR7FeR6nb7CUkXpjfC+oWppynvav702
noC8nu48LNmGfkwf1tu26mHl8zN7MDnNfnW/bk4mNNX0uI+1Db/fXIExULAqNvKr
1+hNNMlWO4dR59coZEQGGSYMqOl/DjrOdHKc/grXze67cgGjP3yW1fuaSdE9AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUzYRU2EljQeLFCajIsCE7bAonu10wHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNzM2MzMzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
PDANBgkqhkiG9w0BAQsFAAOCAQEAalH3gMzJ6Jv+LAgyhrIC0wVHkkWyMNg2FW3A
DqvkfyaX4bIGGRoLoJ7cR2icI15VYujrx7tPUvN/CvVLB+KjuyJjnzATafvleqOO
5uN5amvPwJtkLmVgUaxB1jdgbZ2/lBKkLHX8etDNMCyUKImzP9YjdORh6i3TyGId
Rf3dm5OwSR1wVzhvNMDLgaGXjgH5lI04Hysr7nCdxqE/pYcnIKW9Sf376/ze7CUI
0iYGccJq1tBTh6sS8B7oVqsTv/HKiKKeuilrdO2pqF6C3U74LpwMQEvdoRLTCENu
kWZCQodgfZED5wMM/wdmE4wFHkNEKL6RtGDNRBn6b1rlyX9Vnw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:51:29 2025 by rpki-client