Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20323132323338.roa
File:                     34352e36362e36302e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          ssodqkYmRGRZcJb/W05Q2ExCVHy1b+Elgef7gRr5nMs=
Subject key identifier:   AF:86:23:EF:F5:B2:91:FC:FA:70:46:A8:D7:14:CB:1F:38:56:B0:DD
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       312EC9BA9BC07EF15A6FB5E147099624C82367B8
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20323132323338.roa
Signing time:             Tue 22 Apr 2025 00:45:06 +0000
ROA not before:           Tue 22 Apr 2025 00:40:06 +0000
ROA not after:            Tue 21 Apr 2026 00:45:06 +0000
asID:                     212238
IP address blocks:        45.66.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:2e:c9:ba:9b:c0:7e:f1:5a:6f:b5:e1:47:09:96:24:c8:23:67:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: Apr 22 00:40:06 2025 GMT
            Not After : Apr 21 00:45:06 2026 GMT
        Subject: CN=AF8623EFF5B291FCFA7046A8D714CB1F3856B0DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:eb:3f:c9:33:0b:1b:eb:64:0f:b4:7a:ea:03:
                    9d:61:11:9a:8a:55:9a:04:d0:f4:c2:58:f2:0a:35:
                    3b:d9:73:59:85:aa:58:7e:89:2b:a6:b8:c8:c5:ed:
                    19:60:7b:f0:95:2d:33:54:f4:fd:ca:aa:09:97:94:
                    2f:c2:d7:14:2c:61:cf:fb:39:be:0b:db:e4:06:32:
                    63:31:7e:75:72:0d:68:54:0d:4f:2d:bf:0a:fd:35:
                    62:ef:b2:62:c7:db:d7:84:4b:a6:a0:4a:54:3d:49:
                    00:64:3c:0f:53:89:99:62:41:71:5a:06:a5:e7:8a:
                    a5:95:95:b7:af:f6:fd:bc:7d:a3:de:b2:8d:8a:f7:
                    31:84:09:e6:0b:a2:63:4f:37:48:ca:de:9e:19:27:
                    4c:f4:85:25:a6:e6:00:42:87:83:3b:87:b4:e6:04:
                    4d:66:82:46:4d:f3:66:a7:df:2e:6f:97:94:fb:2b:
                    2e:d3:76:8a:e5:ef:78:8e:36:35:c9:8c:6b:19:02:
                    ef:d5:b7:1d:ca:1a:53:c6:c7:ca:d5:ed:12:18:2f:
                    9d:d7:d4:91:a0:89:7e:a5:81:ee:49:9f:de:f6:71:
                    07:49:64:fb:a4:6f:42:67:c4:74:85:81:0c:02:20:
                    88:fc:e8:f0:17:20:0f:0a:9a:a8:41:99:55:41:e6:
                    19:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:86:23:EF:F5:B2:91:FC:FA:70:46:A8:D7:14:CB:1F:38:56:B0:DD
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:2b:68:ad:23:a5:94:6e:c9:ed:45:99:0d:30:81:ae:94:70:
         53:82:df:12:e4:5b:cf:a7:7d:7d:99:00:8a:f2:dc:2a:12:f1:
         d4:95:9f:31:35:3b:58:56:ba:c3:e7:9a:af:4f:91:af:5d:ee:
         73:90:83:f1:e0:1a:af:18:82:47:d3:a6:5a:da:b9:22:3a:2d:
         21:4d:f3:bb:d8:eb:0f:53:23:b0:e5:f2:90:6f:87:7f:f9:9b:
         e9:5f:7e:bd:ca:ac:0e:de:83:d3:52:c4:0c:00:6e:c1:c1:02:
         22:72:33:dc:e2:76:eb:ee:fc:d2:1c:a5:1f:23:6f:d5:31:19:
         23:30:fd:2c:bd:67:aa:b8:f8:7d:e0:d9:4a:fe:71:f1:42:a7:
         60:3d:4f:b4:d2:83:34:ed:c3:31:80:52:1a:3d:ca:a8:ef:19:
         09:97:78:2d:85:74:52:14:e2:87:36:43:18:5f:56:b9:f2:51:
         ab:fa:86:db:d0:8a:63:67:25:c2:e0:a0:ca:4a:13:37:49:6e:
         b2:fa:3b:47:f7:c8:8e:7f:13:47:09:02:a0:ad:47:79:5e:d9:
         4d:3e:8e:da:18:05:8e:04:74:7c:e5:bb:7e:fc:15:03:8e:87:
         51:23:7f:f4:e1:b0:29:64:d2:7d:27:b0:28:41:c7:ff:35:35:
         26:b0:60:d5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMS7JupvAfvFab7XhRwmWJMgjZ7gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTA0MjIwMDQwMDZaFw0yNjA0MjEwMDQ1MDZaMDMxMTAvBgNV
BAMTKEFGODYyM0VGRjVCMjkxRkNGQTcwNDZBOEQ3MTRDQjFGMzg1NkIwREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY6z/JMwsb62QPtHrqA51hEZqK
VZoE0PTCWPIKNTvZc1mFqlh+iSumuMjF7Rlge/CVLTNU9P3KqgmXlC/C1xQsYc/7
Ob4L2+QGMmMxfnVyDWhUDU8tvwr9NWLvsmLH29eES6agSlQ9SQBkPA9TiZliQXFa
BqXniqWVlbev9v28faPeso2K9zGECeYLomNPN0jK3p4ZJ0z0hSWm5gBCh4M7h7Tm
BE1mgkZN82an3y5vl5T7Ky7Tdorl73iONjXJjGsZAu/Vtx3KGlPGx8rV7RIYL53X
1JGgiX6lge5Jn972cQdJZPukb0JnxHSFgQwCIIj86PAXIA8KmqhBmVVB5hnHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUr4Yj7/Wykfz6cEao1xTLHzhWsN0wHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1C
PDANBgkqhkiG9w0BAQsFAAOCAQEA2CtorSOllG7J7UWZDTCBrpRwU4LfEuRbz6d9
fZkAivLcKhLx1JWfMTU7WFa6w+ear0+Rr13uc5CD8eAarxiCR9OmWtq5IjotIU3z
u9jrD1MjsOXykG+Hf/mb6V9+vcqsDt6D01LEDABuwcECInIz3OJ26+780hylHyNv
1TEZIzD9LL1nqrj4feDZSv5x8UKnYD1PtNKDNO3DMYBSGj3KqO8ZCZd4LYV0UhTi
hzZDGF9WufJRq/qG29CKY2clwuCgykoTN0lusvo7R/fIjn8TRwkCoK1HeV7ZTT6O
2hgFjgR0fOW7fvwVA46HUSN/9OGwKWTSfSewKEHH/zU1JrBg1Q==
-----END CERTIFICATE-----