Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20323135323837.roa
File:                     34352e36362e36332e302f32342d3234203d3e20323135323837.roa (raw, json)
Hash identifier:          a+NefOZI9c+guc+ruHs8N5wkKndV4yX37TtMje6y7/I=
Subject key identifier:   37:4C:B8:70:A6:91:FC:B9:BF:3B:05:AE:2B:9F:B6:4C:FF:D5:6D:1C
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       7EF739102C155B445BB1D616E1A55DCAAC9A57B8
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20323135323837.roa
Signing time:             Mon 05 May 2025 15:34:26 +0000
ROA not before:           Mon 05 May 2025 15:29:26 +0000
ROA not after:            Mon 04 May 2026 15:34:26 +0000
asID:                     215287
IP address blocks:        45.66.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 16:53:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:f7:39:10:2c:15:5b:44:5b:b1:d6:16:e1:a5:5d:ca:ac:9a:57:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: May  5 15:29:26 2025 GMT
            Not After : May  4 15:34:26 2026 GMT
        Subject: CN=374CB870A691FCB9BF3B05AE2B9FB64CFFD56D1C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:25:3d:96:0e:a0:ba:75:24:b5:f0:ce:6e:aa:
                    5d:70:24:c1:d1:88:e5:06:fb:4d:9c:3c:af:34:b1:
                    c8:82:90:1d:89:70:73:ff:75:b8:a6:c6:a9:8f:e7:
                    ff:1e:d5:31:20:d0:6c:7d:f7:46:44:9a:b1:b7:fe:
                    72:cd:fa:74:8a:a4:78:29:e7:fb:54:e2:df:cc:13:
                    22:5d:66:ab:22:6f:d6:e8:90:8f:66:6e:b0:aa:ac:
                    a7:d2:f6:1b:7f:8b:fd:9d:c0:5e:65:ec:d5:6c:55:
                    4e:21:f3:bd:bb:9f:dc:e3:4b:30:ee:92:d9:d1:ec:
                    07:c4:1f:96:6b:88:93:bf:d0:34:1f:12:60:59:6d:
                    9a:bf:16:4e:d9:de:15:1f:13:34:36:11:20:1a:2e:
                    08:70:cc:35:e8:48:a5:9e:ca:92:6f:f1:7c:6a:1f:
                    ec:ba:3f:e8:6a:57:77:1e:ad:72:07:f7:22:17:da:
                    87:7a:c6:94:b9:7f:92:43:46:20:98:98:7b:0a:4a:
                    44:00:a3:9c:8e:f8:9f:2e:61:9a:56:93:22:b5:5a:
                    e4:17:95:f7:59:2a:49:c9:d8:e7:c0:b0:3d:d4:14:
                    b3:b8:5e:56:f0:2f:ca:5d:a2:85:cf:43:0e:aa:bb:
                    b2:30:0c:71:13:a6:6c:55:17:e7:41:bd:48:d6:34:
                    79:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:4C:B8:70:A6:91:FC:B9:BF:3B:05:AE:2B:9F:B6:4C:FF:D5:6D:1C
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36332e302f32342d3234203d3e20323135323837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:69:34:c0:44:d9:11:85:6b:2e:b7:47:fe:bc:21:d5:8e:fd:
         39:06:31:b1:74:41:b2:42:c3:ae:93:24:80:b7:71:f2:c1:e5:
         59:98:6c:87:ba:80:01:fe:0d:4e:93:9e:51:02:06:ca:21:88:
         83:30:57:fe:22:d9:1f:35:b9:c7:49:f6:79:87:88:e5:03:5a:
         c9:d8:b2:9a:61:94:d0:64:20:1f:bb:64:12:5a:72:54:41:8c:
         ff:ef:b3:21:65:ea:72:50:00:dc:de:09:71:ba:3d:39:c9:00:
         08:53:62:55:95:ec:ea:08:23:f3:c3:02:6c:cd:fc:1a:92:db:
         34:66:fc:09:c1:85:43:6a:72:7b:4a:68:c2:ce:54:cc:15:05:
         76:3f:d8:ed:ec:ad:07:a0:8d:d0:03:bd:8f:60:d8:07:34:05:
         96:df:6a:0b:4f:b6:e6:5c:6c:93:cc:ce:fd:97:49:83:38:f4:
         8b:9a:fc:e9:6f:4c:a2:d3:94:3f:a8:47:f2:65:ec:15:18:31:
         fd:89:0f:77:e7:be:93:e0:45:7d:37:ff:bd:60:75:7a:44:79:
         25:8b:fb:d8:91:42:09:9c:3c:a6:d4:e5:31:11:4f:55:1a:7c:
         45:56:5b:19:0a:e1:99:ca:1a:d3:47:ec:61:35:76:8e:d6:09:
         e8:00:b3:91
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfvc5ECwVW0RbsdYW4aVdyqyaV7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTA1MDUxNTI5MjZaFw0yNjA1MDQxNTM0MjZaMDMxMTAvBgNV
BAMTKDM3NENCODcwQTY5MUZDQjlCRjNCMDVBRTJCOUZCNjRDRkZENTZEMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6JT2WDqC6dSS18M5uql1wJMHR
iOUG+02cPK80sciCkB2JcHP/dbimxqmP5/8e1TEg0Gx990ZEmrG3/nLN+nSKpHgp
5/tU4t/MEyJdZqsib9bokI9mbrCqrKfS9ht/i/2dwF5l7NVsVU4h8727n9zjSzDu
ktnR7AfEH5ZriJO/0DQfEmBZbZq/Fk7Z3hUfEzQ2ESAaLghwzDXoSKWeypJv8Xxq
H+y6P+hqV3cerXIH9yIX2od6xpS5f5JDRiCYmHsKSkQAo5yO+J8uYZpWkyK1WuQX
lfdZKknJ2OfAsD3UFLO4XlbwL8pdooXPQw6qu7IwDHETpmxVF+dBvUjWNHmPAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUN0y4cKaR/Lm/OwWuK5+2TP/VbRwwHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTMyMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
PzANBgkqhkiG9w0BAQsFAAOCAQEAhWk0wETZEYVrLrdH/rwh1Y79OQYxsXRBskLD
rpMkgLdx8sHlWZhsh7qAAf4NTpOeUQIGyiGIgzBX/iLZHzW5x0n2eYeI5QNaydiy
mmGU0GQgH7tkElpyVEGM/++zIWXqclAA3N4Jcbo9OckACFNiVZXs6ggj88MCbM38
GpLbNGb8CcGFQ2pye0pows5UzBUFdj/Y7eytB6CN0AO9j2DYBzQFlt9qC0+25lxs
k8zO/ZdJgzj0i5r86W9MotOUP6hH8mXsFRgx/YkPd+e+k+BFfTf/vWB1ekR5JYv7
2JFCCZw8ptTlMRFPVRp8RVZbGQrhmcoa00fsYTV2jtYJ6ACzkQ==
-----END CERTIFICATE-----