Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20323134343332.roa
File:                     34352e36362e36332e302f32342d3234203d3e20323134343332.roa (raw, json)
Hash identifier:          bZNP+wA40wAyACtbN5qUmpIVm/KoebsR0HiX5BeNfUM=
Subject key identifier:   1C:DD:AC:30:69:47:AC:B5:C5:B3:65:AE:6A:AC:A0:96:97:C3:54:46
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       6F3B94B15C2084061C4028906FC4499DCBFAE9ED
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20323134343332.roa
Signing time:             Fri 22 Aug 2025 04:29:32 +0000
ROA not before:           Fri 22 Aug 2025 04:24:32 +0000
ROA not after:            Fri 21 Aug 2026 04:29:32 +0000
asID:                     214432
IP address blocks:        45.66.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 02:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:3b:94:b1:5c:20:84:06:1c:40:28:90:6f:c4:49:9d:cb:fa:e9:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: Aug 22 04:24:32 2025 GMT
            Not After : Aug 21 04:29:32 2026 GMT
        Subject: CN=1CDDAC306947ACB5C5B365AE6AACA09697C35446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c1:2d:c9:08:80:fd:d5:fc:f7:8e:d4:a0:f9:
                    c4:c7:2b:49:f8:05:a3:dc:9e:b2:81:9e:0c:e4:a8:
                    c3:1b:f1:08:46:9e:20:59:2a:bb:6e:bd:df:d9:ba:
                    59:ed:57:22:ad:61:3e:4f:de:57:8d:d5:e9:27:83:
                    a1:5c:f9:9e:dd:5d:00:b8:de:bb:69:22:bc:7d:d8:
                    c5:09:90:e0:29:d5:9d:6b:dd:7b:84:5f:9e:a3:ad:
                    73:df:b5:1c:5a:ce:9c:35:65:85:91:55:e4:5e:83:
                    53:ea:ed:31:7c:87:17:57:7e:56:6a:1f:90:4e:13:
                    46:02:be:19:0c:63:44:99:e5:7b:54:f3:5a:35:1d:
                    d3:e0:30:bc:f4:2a:8d:26:db:40:5a:ca:34:50:9e:
                    5d:98:cc:01:3c:eb:b6:95:e0:a2:02:e1:c9:29:71:
                    67:3a:07:43:2a:ca:36:64:62:9d:0e:35:61:11:c9:
                    b8:18:4c:88:b0:97:85:8d:96:47:53:5d:23:45:d8:
                    a4:c6:8e:4e:c7:57:81:a6:3f:71:78:92:85:03:40:
                    10:55:77:4e:49:db:b9:c1:f0:2e:fc:08:85:84:0c:
                    e3:9e:71:47:49:6c:24:b8:64:65:14:4b:e1:5c:47:
                    f8:fc:e1:e0:44:ff:e2:45:25:6f:4f:eb:ec:83:13:
                    08:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:DD:AC:30:69:47:AC:B5:C5:B3:65:AE:6A:AC:A0:96:97:C3:54:46
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20323134343332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:fe:90:f0:46:04:60:37:1f:c4:b3:1d:a8:c8:ac:f6:dd:1c:
         7f:62:8f:45:05:06:6c:ea:49:6d:56:e7:0d:1d:d0:6f:8a:72:
         f3:a2:08:2f:6f:4c:71:e7:8e:6e:43:e7:35:c9:a0:48:8e:4f:
         c3:7e:78:68:82:06:06:68:7f:78:b1:e0:6c:8d:0e:8a:17:3a:
         3b:f1:24:25:9e:36:82:8a:5d:4f:8b:e5:75:aa:ca:2a:dd:83:
         43:90:5d:46:cc:79:63:e4:9e:91:ca:41:03:d5:1d:db:10:11:
         f0:29:c5:03:e8:4b:2f:58:5b:33:e3:da:8b:ee:6a:5d:c0:ac:
         3f:f4:48:53:c4:0a:89:5c:47:c6:20:ca:02:c6:2d:cd:62:23:
         0c:a2:60:73:80:15:0f:0b:23:94:39:60:71:55:76:b4:a3:e8:
         7d:5a:12:6c:97:27:a6:8f:77:d7:d0:ec:e0:94:b9:f6:8b:21:
         2d:1a:7d:cf:fa:5c:e3:80:cd:22:92:48:83:1c:05:62:58:fb:
         44:69:d2:5b:2e:f6:9a:34:0c:5e:c4:df:b6:e3:4f:b6:6d:19:
         d6:aa:bf:63:4e:25:ec:e6:6f:35:23:0f:7f:fc:b3:72:af:b5:
         8d:94:77:60:75:ca:ff:67:7c:cb:cf:37:fb:26:28:ed:cd:98:
         0d:82:43:11
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbzuUsVwghAYcQCiQb8RJncv66e0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTA4MjIwNDI0MzJaFw0yNjA4MjEwNDI5MzJaMDMxMTAvBgNV
BAMTKDFDRERBQzMwNjk0N0FDQjVDNUIzNjVBRTZBQUNBMDk2OTdDMzU0NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnwS3JCID91fz3jtSg+cTHK0n4
BaPcnrKBngzkqMMb8QhGniBZKrtuvd/ZulntVyKtYT5P3leN1ekng6Fc+Z7dXQC4
3rtpIrx92MUJkOAp1Z1r3XuEX56jrXPftRxazpw1ZYWRVeReg1Pq7TF8hxdXflZq
H5BOE0YCvhkMY0SZ5XtU81o1HdPgMLz0Ko0m20BayjRQnl2YzAE867aV4KIC4ckp
cWc6B0MqyjZkYp0ONWERybgYTIiwl4WNlkdTXSNF2KTGjk7HV4GmP3F4koUDQBBV
d05J27nB8C78CIWEDOOecUdJbCS4ZGUUS+FcR/j84eBE/+JFJW9P6+yDEwhdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHN2sMGlHrLXFs2WuaqyglpfDVEYwHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDM0MzMzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
PzANBgkqhkiG9w0BAQsFAAOCAQEAG/6Q8EYEYDcfxLMdqMis9t0cf2KPRQUGbOpJ
bVbnDR3Qb4py86IIL29MceeObkPnNcmgSI5Pw354aIIGBmh/eLHgbI0Oihc6O/Ek
JZ42gopdT4vldarKKt2DQ5BdRsx5Y+SekcpBA9Ud2xAR8CnFA+hLL1hbM+Pai+5q
XcCsP/RIU8QKiVxHxiDKAsYtzWIjDKJgc4AVDwsjlDlgcVV2tKPofVoSbJcnpo93
19Ds4JS59oshLRp9z/pc44DNIpJIgxwFYlj7RGnSWy72mjQMXsTftuNPtm0Z1qq/
Y04l7OZvNSMPf/yzcq+1jZR3YHXK/2d8y883+yYo7c2YDYJDEQ==
-----END CERTIFICATE-----