Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa
File:                     34352e38392e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          jZHpnfMdlpgg/RIHbYrCZkN2cCAccRBQqA7h3JfcF2s=
Subject key identifier:   88:F4:9A:FD:95:E7:39:80:3C:4F:23:D8:CD:76:8F:47:CE:FD:17:40
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       5230A41841ACC49154A15FC476706A8CCA4AFA7A
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 15 Oct 2025 00:03:10 +0000
ROA not before:           Tue 14 Oct 2025 23:58:10 +0000
ROA not after:            Wed 14 Oct 2026 00:03:10 +0000
asID:                     834
IP address blocks:        45.89.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:30:a4:18:41:ac:c4:91:54:a1:5f:c4:76:70:6a:8c:ca:4a:fa:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Oct 14 23:58:10 2025 GMT
            Not After : Oct 14 00:03:10 2026 GMT
        Subject: CN=88F49AFD95E739803C4F23D8CD768F47CEFD1740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:30:d9:8e:03:4b:d4:9f:1b:0a:20:6f:01:03:
                    8a:26:2d:c9:ab:b3:14:ac:8d:13:ad:38:46:14:7c:
                    28:86:9c:01:1d:6c:a9:95:5a:03:e7:1e:dd:71:06:
                    b6:21:d6:57:5d:3e:9a:47:d0:27:74:c4:79:3f:bd:
                    d6:b0:be:3b:f3:fc:2a:a3:01:43:d0:2a:a1:06:49:
                    64:35:f1:f4:79:d2:22:76:b7:78:0d:70:a0:1c:e2:
                    79:dd:d2:b4:5e:fc:94:c4:bb:fd:77:7a:41:91:de:
                    62:64:f4:de:65:e4:1c:90:8e:6d:00:e4:d0:9d:f9:
                    d7:f0:73:90:ef:ba:b4:02:2e:f0:27:2c:b5:9c:27:
                    02:39:ce:cc:1a:e5:c3:ad:20:73:8a:e4:2c:d9:76:
                    98:a2:0f:4e:eb:99:af:d3:5c:38:2b:28:83:57:71:
                    1a:c4:9f:cc:10:52:5d:1e:2e:9d:d7:e1:64:fd:7d:
                    ce:b5:0a:1b:67:55:7d:ca:30:aa:e8:dc:4f:33:6e:
                    8f:89:a1:09:0a:25:bb:bc:81:fc:b6:ca:ee:90:c5:
                    89:c6:4d:16:35:0c:43:b3:ad:72:20:f9:69:f1:34:
                    8c:f3:a8:6d:99:6f:22:85:50:9c:3e:f8:bd:4e:f2:
                    7c:87:c4:4c:0b:8b:42:5b:57:ee:88:b0:79:33:24:
                    72:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F4:9A:FD:95:E7:39:80:3C:4F:23:D8:CD:76:8F:47:CE:FD:17:40
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:52:2f:0b:07:02:97:15:f3:c1:d9:f4:dd:d1:1f:0c:23:df:
         4f:9f:e8:42:16:7c:b0:76:06:fb:e1:6e:b9:ed:ac:12:04:50:
         92:a5:82:3b:f3:db:07:49:15:8f:65:20:2f:ee:f3:94:5f:79:
         bf:14:89:de:73:cd:13:6f:df:01:d1:d9:2e:7a:d7:d8:ca:be:
         3c:42:fd:c8:56:3b:17:67:29:25:ce:92:70:fb:b7:e9:d3:c8:
         8d:5d:2d:d1:79:87:01:79:5c:73:58:14:05:a0:e2:2c:e1:36:
         a1:bb:7b:e3:c9:a9:63:38:3a:c4:ca:23:38:71:95:fd:5c:ed:
         1f:6f:de:cb:6c:2f:66:d1:2a:71:49:9f:79:ef:18:6b:ad:d6:
         d1:14:80:ff:55:ac:85:df:34:ee:58:8f:9a:23:3b:68:ea:32:
         84:ef:3d:07:95:6c:7d:aa:d5:c0:e7:b3:ce:c0:9c:71:d5:3a:
         99:32:a5:10:98:77:7b:b8:b3:a1:96:d5:02:69:ac:d6:93:3b:
         74:e5:78:6a:26:fd:02:82:4c:41:7f:96:1c:45:39:20:8e:3c:
         2e:5b:43:e8:72:92:5d:e9:ac:c2:73:d2:74:d7:2b:2b:84:ab:
         ac:e4:db:92:70:02:7e:05:17:7b:62:3c:19:35:07:6d:a1:92:
         2c:8f:9c:1a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUUjCkGEGsxJFUoV/EdnBqjMpK+nowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTEwMTQyMzU4MTBaFw0yNjEwMTQwMDAzMTBaMDMxMTAvBgNV
BAMTKDg4RjQ5QUZEOTVFNzM5ODAzQzRGMjNEOENENzY4RjQ3Q0VGRDE3NDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1MNmOA0vUnxsKIG8BA4omLcmr
sxSsjROtOEYUfCiGnAEdbKmVWgPnHt1xBrYh1lddPppH0Cd0xHk/vdawvjvz/Cqj
AUPQKqEGSWQ18fR50iJ2t3gNcKAc4nnd0rRe/JTEu/13ekGR3mJk9N5l5ByQjm0A
5NCd+dfwc5DvurQCLvAnLLWcJwI5zswa5cOtIHOK5CzZdpiiD07rma/TXDgrKINX
cRrEn8wQUl0eLp3X4WT9fc61ChtnVX3KMKro3E8zbo+JoQkKJbu8gfy2yu6QxYnG
TRY1DEOzrXIg+WnxNIzzqG2ZbyKFUJw++L1O8nyHxEwLi0JbV+6IsHkzJHIrAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUiPSa/ZXnOYA8TyPYzXaPR879F0AwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzgzOTJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmUMA0G
CSqGSIb3DQEBCwUAA4IBAQCVUi8LBwKXFfPB2fTd0R8MI99Pn+hCFnywdgb74W65
7awSBFCSpYI789sHSRWPZSAv7vOUX3m/FInec80Tb98B0dkuetfYyr48Qv3IVjsX
ZyklzpJw+7fp08iNXS3ReYcBeVxzWBQFoOIs4Tahu3vjyaljODrEyiM4cZX9XO0f
b97LbC9m0SpxSZ957xhrrdbRFID/VayF3zTuWI+aIzto6jKE7z0HlWx9qtXA57PO
wJxx1TqZMqUQmHd7uLOhltUCaazWkzt05XhqJv0CgkxBf5YcRTkgjjwuW0PocpJd
6azCc9J01ysrhKus5NuScAJ+BRd7YjwZNQdtoZIsj5wa
-----END CERTIFICATE-----