Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e203332313637.roa
File:                     34352e36362e36302e302f32342d3234203d3e203332313637.roa (raw, json)
Hash identifier:          Ox5N2o1ve/SVl8NpCWqJ1Xe7PoW/L1UXaaDEmMEC144=
Subject key identifier:   D3:97:AD:74:F4:89:40:52:74:1D:52:73:8B:EC:CA:98:88:2D:2E:18
Certificate issuer:       /CN=2e2674263aecd572673f87614919ca492c79faea
Certificate serial:       254589615C60008DBD0233D6B4D210DEE884FB36
Authority key identifier: 2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e203332313637.roa
Signing time:             Wed 30 Jul 2025 11:58:46 +0000
ROA not before:           Wed 30 Jul 2025 11:53:46 +0000
ROA not after:            Wed 29 Jul 2026 11:58:46 +0000
asID:                     32167
IP address blocks:        45.66.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:45:89:61:5c:60:00:8d:bd:02:33:d6:b4:d2:10:de:e8:84:fb:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2674263aecd572673f87614919ca492c79faea
        Validity
            Not Before: Jul 30 11:53:46 2025 GMT
            Not After : Jul 29 11:58:46 2026 GMT
        Subject: CN=D397AD74F4894052741D52738BECCA98882D2E18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d5:17:b7:39:b8:dc:f3:5f:04:ef:92:15:6c:
                    6f:11:c7:f6:43:89:59:0f:8c:75:6e:0f:dd:e4:73:
                    07:d1:42:e2:6c:4d:6f:4f:79:7c:46:d3:6e:9b:a2:
                    0d:de:01:c9:e4:94:39:31:d8:01:57:c5:58:e2:e9:
                    9c:ae:f1:3e:7f:da:ba:90:91:54:49:32:34:c3:a1:
                    d9:bf:d7:44:b7:c4:bf:37:b9:78:d4:2b:b8:3b:ee:
                    df:4b:30:34:58:0c:d9:b6:d4:58:17:fe:f0:43:7b:
                    c7:69:32:4e:bd:08:b0:4d:bc:56:91:51:09:55:5b:
                    5b:a8:d7:80:72:8a:12:1c:65:29:ca:44:dc:31:ec:
                    55:19:fd:00:36:08:8f:03:e9:0e:49:0c:e5:df:d5:
                    ba:27:2b:e7:c3:4d:2b:bc:e6:1d:91:4f:eb:02:fe:
                    84:8f:2a:52:5a:5c:92:88:61:16:e9:be:2d:e7:8c:
                    2b:dd:dc:17:1b:87:fc:55:c8:63:c2:21:f5:a7:be:
                    f1:ad:6d:ce:df:d1:8a:c2:9f:bd:a6:94:ef:f1:36:
                    ff:7f:26:d6:a0:40:15:75:3f:1b:39:df:66:aa:87:
                    75:46:1b:7b:14:9e:08:06:c9:9f:5d:d7:bd:cd:20:
                    a2:78:bf:26:60:68:c1:d1:17:5e:95:2a:12:aa:b2:
                    5a:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:97:AD:74:F4:89:40:52:74:1D:52:73:8B:EC:CA:98:88:2D:2E:18
            X509v3 Authority Key Identifier:
                keyid:2E:26:74:26:3A:EC:D5:72:67:3F:87:61:49:19:CA:49:2C:79:FA:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/2E2674263AECD572673F87614919CA492C79FAEA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LiZ0Jjrs1XJnP4dhSRnKSSx5-uo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bd7c231e-a33c-4555-b42e-d02093849299/0/34352e36362e36302e302f32342d3234203d3e203332313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:6a:45:75:78:c1:60:60:c9:bc:fd:8e:fd:e7:6a:d5:a8:c9:
         af:55:10:b6:79:f4:d1:7f:4c:b6:b2:2a:16:84:97:ed:27:19:
         af:48:b2:cd:46:e6:47:03:1d:2e:1e:c1:ed:33:19:64:3e:cf:
         5f:ba:11:ee:ce:3f:d8:97:d3:c0:38:ed:6c:84:50:39:5d:ec:
         76:d0:36:5a:b6:79:a6:a8:8c:98:a0:86:d6:d2:2e:2f:b9:e1:
         2d:e2:a4:4a:6a:2b:bd:1c:e5:b1:25:89:56:89:71:19:50:56:
         33:dc:aa:62:03:97:a8:18:52:f4:c0:a4:60:4e:f7:a5:cd:c9:
         4c:47:55:1c:0c:c6:8f:e1:57:c8:52:0c:ec:43:64:3f:ea:40:
         87:99:3d:32:7b:1d:d4:c8:d2:87:2a:92:fc:dd:04:7a:3a:5b:
         a3:29:71:87:ce:ac:43:69:a2:2c:40:2e:d3:35:1f:0b:b1:d6:
         df:a8:4d:ef:4c:76:78:4c:ad:95:b7:d9:7d:68:8b:e9:40:bd:
         48:44:cb:be:cc:e2:07:e3:8a:bb:f5:ac:79:f4:34:99:76:48:
         d3:15:44:f8:52:37:31:2f:bb:70:5b:d4:1b:e8:ad:b7:f7:4f:
         a9:22:ef:bf:8e:2d:69:0b:e2:c3:b2:1d:78:5b:f1:90:4f:ba:
         d0:7e:2f:77
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJUWJYVxgAI29AjPWtNIQ3uiE+zYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMmUyNjc0MjYzYWVjZDU3MjY3M2Y4NzYxNDkxOWNhNDky
Yzc5ZmFlYTAeFw0yNTA3MzAxMTUzNDZaFw0yNjA3MjkxMTU4NDZaMDMxMTAvBgNV
BAMTKEQzOTdBRDc0RjQ4OTQwNTI3NDFENTI3MzhCRUNDQTk4ODgyRDJFMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT1Re3Objc818E75IVbG8Rx/ZD
iVkPjHVuD93kcwfRQuJsTW9PeXxG026bog3eAcnklDkx2AFXxVji6Zyu8T5/2rqQ
kVRJMjTDodm/10S3xL83uXjUK7g77t9LMDRYDNm21FgX/vBDe8dpMk69CLBNvFaR
UQlVW1uo14ByihIcZSnKRNwx7FUZ/QA2CI8D6Q5JDOXf1bonK+fDTSu85h2RT+sC
/oSPKlJaXJKIYRbpvi3njCvd3Bcbh/xVyGPCIfWnvvGtbc7f0YrCn72mlO/xNv9/
JtagQBV1Pxs532aqh3VGG3sUnggGyZ9d173NIKJ4vyZgaMHRF16VKhKqslrpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU05etdPSJQFJ0HVJzi+zKmIgtLhgwHwYDVR0j
BBgwFoAULiZ0Jjrs1XJnP4dhSRnKSSx5+uowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUtYTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5
Mjk5LzAvMkUyNjc0MjYzQUVDRDU3MjY3M0Y4NzYxNDkxOUNBNDkyQzc5RkFFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0xpWjBKanJzMVhKblA0ZGhTUm5LU1N4
NS11by5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmQ3YzIzMWUt
YTMzYy00NTU1LWI0MmUtZDAyMDkzODQ5Mjk5LzAvMzQzNTJlMzYzNjJlMzYzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzMTM2Mzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtQjww
DQYJKoZIhvcNAQELBQADggEBAJ5qRXV4wWBgybz9jv3natWoya9VELZ59NF/TLay
KhaEl+0nGa9Iss1G5kcDHS4ewe0zGWQ+z1+6Ee7OP9iX08A47WyEUDld7HbQNlq2
eaaojJightbSLi+54S3ipEpqK70c5bEliVaJcRlQVjPcqmIDl6gYUvTApGBO96XN
yUxHVRwMxo/hV8hSDOxDZD/qQIeZPTJ7HdTI0ocqkvzdBHo6W6MpcYfOrENpoixA
LtM1Hwux1t+oTe9MdnhMrZW32X1oi+lAvUhEy77M4gfjirv1rHn0NJl2SNMVRPhS
NzEvu3Bb1Bvorbf3T6ki77+OLWkL4sOyHXhb8ZBPutB+L3c=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:53:10 2025 by rpki-client