Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3234392e302f32342d3332203d3e203531313637.roa
File:                     34352e38352e3234392e302f32342d3332203d3e203531313637.roa (raw, json)
Hash identifier:          QPDJpyUthYTWwCM31z2FAy8gjtDZGNJnfwpnq4ryTTM=
Subject key identifier:   78:27:6C:1F:56:72:D2:2C:5E:C2:52:BC:8F:ED:B6:79:12:1B:6A:04
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       5F8443DB1EAA32760E8CE675A73FABDC7C29A316
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3234392e302f32342d3332203d3e203531313637.roa
Signing time:             Wed 30 Jul 2025 14:47:00 +0000
ROA not before:           Wed 30 Jul 2025 14:42:00 +0000
ROA not after:            Wed 29 Jul 2026 14:47:00 +0000
asID:                     51167
IP address blocks:        45.85.249.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:84:43:db:1e:aa:32:76:0e:8c:e6:75:a7:3f:ab:dc:7c:29:a3:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 30 14:42:00 2025 GMT
            Not After : Jul 29 14:47:00 2026 GMT
        Subject: CN=78276C1F5672D22C5EC252BC8FEDB679121B6A04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:58:2a:41:da:f9:98:c3:40:2a:c6:0c:c7:04:
                    0a:c4:7e:9c:fd:99:ff:f7:c7:bd:22:e4:0e:1e:81:
                    53:7e:42:17:2e:1a:7e:77:97:f2:96:1e:16:22:63:
                    c1:f9:77:7c:ca:51:58:9f:19:7c:2c:dc:3d:47:c4:
                    32:4b:9c:74:83:7c:34:88:75:21:cc:2f:d5:02:34:
                    63:5f:46:90:c8:79:b3:6c:9e:21:19:ab:c3:bb:a3:
                    6c:00:f1:e5:65:40:e1:28:a1:b5:8a:02:67:b1:dc:
                    0a:c3:17:21:18:7b:c7:5c:6e:ba:75:93:f4:93:77:
                    33:d9:a8:79:33:8f:ae:ab:19:e9:d2:f9:5d:ed:05:
                    4e:93:66:a5:1c:14:d7:bf:70:46:aa:dd:2b:05:ff:
                    ec:e9:fa:6f:99:78:3f:2a:88:af:a9:8f:f6:eb:a9:
                    a9:45:67:f3:de:78:e6:71:f5:6d:66:df:ab:ec:07:
                    48:8e:57:5d:b6:19:99:09:d7:1f:72:b9:5a:a3:9a:
                    47:13:2c:56:e5:5a:0d:af:f3:6f:3f:63:ec:47:9b:
                    f1:67:bc:48:c7:93:85:07:cd:60:a4:62:2b:aa:56:
                    79:d1:fe:5e:55:b0:70:70:7d:8d:a5:39:ca:8f:05:
                    29:94:ae:76:cf:da:42:e2:4a:d4:6e:91:67:b5:40:
                    c7:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:27:6C:1F:56:72:D2:2C:5E:C2:52:BC:8F:ED:B6:79:12:1B:6A:04
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/34352e38352e3234392e302f32342d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:fa:d2:cf:e8:a5:41:2a:13:a0:ab:4a:db:e6:e1:b8:c4:e0:
         15:f1:25:91:07:68:11:a4:58:fc:02:22:8b:a2:5a:62:38:9b:
         46:16:02:21:8a:2f:d6:13:fb:3c:ad:72:af:3a:92:d8:8c:39:
         4e:4f:a5:72:eb:db:42:b7:f8:5f:9f:27:f9:24:fd:0b:49:da:
         e6:36:cf:5f:5d:ad:b6:47:2d:f0:ef:75:8c:b9:75:28:98:d8:
         71:8a:63:5d:81:43:7b:27:4e:55:1e:07:d6:35:26:5b:aa:b3:
         6b:24:f9:d6:3a:7b:53:1b:a4:bf:d4:45:81:4f:b6:33:a4:47:
         95:47:27:9c:07:c5:67:16:9f:86:e0:b6:e3:e0:d3:db:37:56:
         ea:25:ed:0a:70:75:0e:15:70:44:b2:39:8e:95:be:be:a1:b1:
         36:1f:93:2e:f4:17:23:fb:67:e6:fd:22:de:1d:e9:58:04:14:
         7d:5e:b7:05:d5:89:79:49:63:b9:ee:05:f2:a9:fe:d0:2e:e3:
         66:bc:33:d1:03:aa:75:44:cc:a8:ba:3b:58:a0:04:d0:5d:9f:
         54:90:b1:d3:ea:69:a9:e4:b6:d4:55:81:3f:29:8e:7f:83:b4:
         8d:4d:6a:b4:39:1b:44:bf:11:12:7f:3d:47:c8:de:63:08:44:
         f8:cd:37:8c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUX4RD2x6qMnYOjOZ1pz+r3HwpoxYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MzAxNDQyMDBaFw0yNjA3MjkxNDQ3MDBaMDMxMTAvBgNV
BAMTKDc4Mjc2QzFGNTY3MkQyMkM1RUMyNTJCQzhGRURCNjc5MTIxQjZBMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4WCpB2vmYw0AqxgzHBArEfpz9
mf/3x70i5A4egVN+QhcuGn53l/KWHhYiY8H5d3zKUVifGXws3D1HxDJLnHSDfDSI
dSHML9UCNGNfRpDIebNsniEZq8O7o2wA8eVlQOEoobWKAmex3ArDFyEYe8dcbrp1
k/STdzPZqHkzj66rGenS+V3tBU6TZqUcFNe/cEaq3SsF/+zp+m+ZeD8qiK+pj/br
qalFZ/PeeOZx9W1m36vsB0iOV122GZkJ1x9yuVqjmkcTLFblWg2v828/Y+xHm/Fn
vEjHk4UHzWCkYiuqVnnR/l5VsHBwfY2lOcqPBSmUrnbP2kLiStRukWe1QMczAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUeCdsH1Zy0ixewlK8j+22eRIbagQwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzQzNTJlMzgzNTJlMzIzNDM5
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1V
+TANBgkqhkiG9w0BAQsFAAOCAQEAg/rSz+ilQSoToKtK2+bhuMTgFfElkQdoEaRY
/AIii6JaYjibRhYCIYov1hP7PK1yrzqS2Iw5Tk+lcuvbQrf4X58n+ST9C0na5jbP
X12ttkct8O91jLl1KJjYcYpjXYFDeydOVR4H1jUmW6qzayT51jp7Uxukv9RFgU+2
M6RHlUcnnAfFZxafhuC24+DT2zdW6iXtCnB1DhVwRLI5jpW+vqGxNh+TLvQXI/tn
5v0i3h3pWAQUfV63BdWJeUljue4F8qn+0C7jZrwz0QOqdUTMqLo7WKAE0F2fVJCx
0+ppqeS21FWBPymOf4O0jU1qtDkbRL8REn89R8jeYwhE+M03jA==
-----END CERTIFICATE-----
Generated at Mon Aug 4 19:03:49 2025 by rpki-client