Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138352e302f32342d3234203d3e203136323736.roa
File:                     34352e39332e3138352e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          LYgkszOrLUgrFWkOW4adTlFfEA3tFQKURIuPPV8R4gU=
Subject key identifier:   2F:55:D8:1D:0C:19:41:32:81:56:8A:22:3A:84:A6:71:A7:4F:F9:6A
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       3566A81485CBCBE3151E9A2365E72567A6EC1ADF
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138352e302f32342d3234203d3e203136323736.roa
Signing time:             Fri 15 Aug 2025 12:02:34 +0000
ROA not before:           Fri 15 Aug 2025 11:57:34 +0000
ROA not after:            Fri 14 Aug 2026 12:02:34 +0000
asID:                     16276
IP address blocks:        45.93.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:66:a8:14:85:cb:cb:e3:15:1e:9a:23:65:e7:25:67:a6:ec:1a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Aug 15 11:57:34 2025 GMT
            Not After : Aug 14 12:02:34 2026 GMT
        Subject: CN=2F55D81D0C19413281568A223A84A671A74FF96A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:87:c5:5e:c4:54:a1:db:4d:95:94:4a:0a:0b:
                    60:51:6a:e0:b4:b5:8e:dc:b2:13:a0:e8:c8:a8:64:
                    33:bb:74:3d:4e:1f:ff:6f:90:57:0a:df:fa:de:20:
                    c5:d4:82:c7:b1:99:a0:10:f4:f1:e2:71:fa:9c:c5:
                    ef:ee:1f:74:be:0b:30:c5:c5:e3:75:f0:37:4f:5a:
                    8e:54:66:74:48:3b:4e:aa:0d:07:f0:2d:a6:b4:13:
                    54:3e:48:e4:98:fa:2e:49:e8:6e:30:f8:33:97:67:
                    d3:01:27:2b:24:d4:28:5a:50:2f:8b:56:76:28:c1:
                    12:43:bb:47:87:da:be:4b:af:bf:6e:dd:53:83:e3:
                    70:c2:08:df:06:f0:6e:31:65:f9:1d:5a:5f:08:27:
                    3e:fe:dc:1c:9a:de:de:d3:76:6c:87:c4:a7:1e:6e:
                    fb:f8:8a:34:17:91:ba:e4:00:ae:86:82:e6:78:74:
                    0c:e3:f5:c3:da:da:a2:ec:98:25:90:7f:f2:b5:cb:
                    ca:76:17:ac:4d:cc:3d:aa:36:b9:cb:54:cb:0f:92:
                    87:2b:56:57:46:c1:42:53:54:38:7b:a1:8e:1c:19:
                    08:b2:19:82:0f:cf:a2:22:70:3a:3c:a1:26:3e:52:
                    cf:e8:02:1e:e5:c1:15:c1:cf:32:79:69:0c:ad:80:
                    b7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:55:D8:1D:0C:19:41:32:81:56:8A:22:3A:84:A6:71:A7:4F:F9:6A
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e39332e3138352e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:09:9e:8b:fd:92:40:a4:5a:9e:69:af:25:a9:8a:f2:e0:c1:
         73:8c:be:4f:c8:aa:e4:3a:f2:fb:02:00:09:30:d8:24:3b:51:
         15:26:e2:42:5c:81:6c:48:a6:fc:e5:56:0b:b8:24:8c:93:47:
         0c:72:58:b7:77:d0:5c:35:4d:d7:ce:90:4f:27:4a:87:46:9a:
         aa:9a:05:e0:1e:d6:3b:6a:6c:36:40:ef:8b:37:99:89:c1:cf:
         31:73:67:de:ae:de:13:94:92:dc:18:d2:c5:3e:ca:bb:14:15:
         9f:08:3f:3c:15:37:34:65:6c:0e:01:98:d4:78:fe:f2:0a:62:
         40:ae:6c:e7:96:41:9f:fe:47:4a:70:7a:05:e3:ba:59:d4:04:
         7e:ec:aa:04:a2:51:32:99:be:ad:1e:97:b8:85:a7:86:a6:8d:
         67:68:9e:d6:06:64:67:08:5c:3d:21:af:fd:e2:c1:f1:fc:1a:
         d1:9a:5d:3c:98:62:d3:45:2f:ae:c9:f2:05:48:40:cf:b2:b6:
         ae:81:d0:5d:e8:e4:62:3c:9a:2b:62:c2:ee:d8:8b:38:fc:eb:
         0f:64:e5:81:30:7f:cf:c7:2f:4c:40:63:17:d6:7c:71:4e:8e:
         cb:2e:e0:7d:bd:6d:40:2c:87:cb:6c:77:20:48:0f:8c:d7:5c:
         58:9c:2e:87
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNWaoFIXLy+MVHpojZeclZ6bsGt8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA4MTUxMTU3MzRaFw0yNjA4MTQxMjAyMzRaMDMxMTAvBgNV
BAMTKDJGNTVEODFEMEMxOTQxMzI4MTU2OEEyMjNBODRBNjcxQTc0RkY5NkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9h8VexFSh202VlEoKC2BRauC0
tY7cshOg6MioZDO7dD1OH/9vkFcK3/reIMXUgsexmaAQ9PHicfqcxe/uH3S+CzDF
xeN18DdPWo5UZnRIO06qDQfwLaa0E1Q+SOSY+i5J6G4w+DOXZ9MBJysk1ChaUC+L
VnYowRJDu0eH2r5Lr79u3VOD43DCCN8G8G4xZfkdWl8IJz7+3Bya3t7TdmyHxKce
bvv4ijQXkbrkAK6GguZ4dAzj9cPa2qLsmCWQf/K1y8p2F6xNzD2qNrnLVMsPkocr
VldGwUJTVDh7oY4cGQiyGYIPz6IicDo8oSY+Us/oAh7lwRXBzzJ5aQytgLcLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUL1XYHQwZQTKBVooiOoSmcadP+WowHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzkzMzJlMzEzODM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjMyMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1d
uTANBgkqhkiG9w0BAQsFAAOCAQEAkQmei/2SQKRanmmvJamK8uDBc4y+T8iq5Dry
+wIACTDYJDtRFSbiQlyBbEim/OVWC7gkjJNHDHJYt3fQXDVN186QTydKh0aaqpoF
4B7WO2psNkDvizeZicHPMXNn3q7eE5SS3BjSxT7KuxQVnwg/PBU3NGVsDgGY1Hj+
8gpiQK5s55ZBn/5HSnB6BeO6WdQEfuyqBKJRMpm+rR6XuIWnhqaNZ2ie1gZkZwhc
PSGv/eLB8fwa0ZpdPJhi00UvrsnyBUhAz7K2roHQXejkYjyaK2LC7tiLOPzrD2Tl
gTB/z8cvTEBjF9Z8cU6Oyy7gfb1tQCyHy2x3IEgPjNdcWJwuhw==
-----END CERTIFICATE-----