Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203231383430.roa
File:                     34332e3233302e38342e302f32342d3234203d3e203231383430.roa (raw, json)
Hash identifier:          0jlXbJYw2GWQ/DylqYAmM4dC2o3pqpBbNQAmAAMOqvc=
Subject key identifier:   E5:2D:FB:EB:A4:0F:78:DB:4C:79:E7:EE:DF:A9:2A:FC:19:48:40:DE
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       33D840A0D3D5738B0E214D0682D288EE293DA360
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203231383430.roa
Signing time:             Tue 06 May 2025 09:29:06 +0000
ROA not before:           Tue 06 May 2025 09:24:06 +0000
ROA not after:            Tue 05 May 2026 09:29:06 +0000
asID:                     21840
IP address blocks:        43.230.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 18:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:d8:40:a0:d3:d5:73:8b:0e:21:4d:06:82:d2:88:ee:29:3d:a3:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: May  6 09:24:06 2025 GMT
            Not After : May  5 09:29:06 2026 GMT
        Subject: CN=E52DFBEBA40F78DB4C79E7EEDFA92AFC194840DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:cd:b8:9b:68:28:6d:ab:49:b4:ee:bb:55:05:
                    3e:70:46:55:0e:00:75:c9:f2:39:e0:00:96:9b:9f:
                    d9:86:bd:0e:bd:d0:65:9c:3f:63:57:c1:1b:45:e9:
                    33:bf:cc:ce:9c:fe:af:31:8c:c7:dc:85:93:85:63:
                    6c:18:cc:86:6a:c7:a2:c1:b9:1b:4c:36:05:b7:a7:
                    fe:62:83:ea:ea:47:28:3f:f7:db:c5:22:f9:54:a5:
                    13:b6:25:84:28:d5:a7:df:6b:ac:2d:1c:60:2f:5f:
                    d7:23:7d:c5:d9:a7:0f:57:1c:bf:b9:d8:30:3d:9d:
                    ac:9f:db:e0:f6:33:05:d7:ed:81:71:1b:4c:63:ca:
                    0a:b3:c2:f4:aa:eb:3e:b1:3a:ac:56:25:08:08:5a:
                    75:e0:56:e8:86:66:1d:b8:17:35:23:af:65:cb:85:
                    57:31:b1:07:57:18:f1:25:7f:4c:47:e2:92:eb:23:
                    7c:3e:04:fa:bd:c6:b0:0c:95:4e:ba:47:92:36:90:
                    62:64:fe:68:90:63:5c:a1:89:ce:0d:4b:a4:7c:b7:
                    ae:c5:d0:66:0c:08:c1:4c:48:ba:85:d4:12:26:99:
                    94:88:3a:12:c7:46:46:a5:3c:83:ca:37:c5:d2:41:
                    2c:c4:03:a8:f7:46:b2:1c:6c:d0:4f:0a:64:67:e7:
                    6a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:2D:FB:EB:A4:0F:78:DB:4C:79:E7:EE:DF:A9:2A:FC:19:48:40:DE
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203231383430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:ae:46:ff:3b:f9:fc:9f:93:66:da:99:dc:a7:15:c7:ba:cd:
         ef:f2:f9:37:61:6f:fd:30:d4:4f:9a:2a:57:aa:45:dc:e3:20:
         5b:b8:61:27:b2:d0:e6:b5:d6:fa:63:0d:f4:27:cc:25:70:4f:
         58:63:5e:79:b9:95:13:86:57:2c:85:f9:e4:10:60:24:4f:ca:
         56:b2:52:dd:c4:d8:64:20:82:6e:45:bd:ba:47:e8:9c:92:c1:
         d5:33:24:dc:b6:0d:b4:75:7b:b7:48:47:36:1c:96:97:c0:c4:
         24:f2:ba:10:d3:c1:f0:c0:bb:49:fc:e4:9f:5c:86:c4:e2:20:
         1f:5a:69:f5:1c:8e:a1:92:d0:39:2a:23:ed:b0:79:70:82:46:
         c5:f6:84:50:21:78:96:0f:21:3e:d4:eb:61:48:2c:f1:b7:55:
         0c:b8:31:28:b3:a8:54:3f:1f:fd:05:fe:a4:57:54:3a:c5:4d:
         b0:5b:ca:08:72:65:bb:2d:57:ed:79:24:34:5e:c1:92:b6:9b:
         98:7e:76:81:c3:05:0d:03:79:59:e1:ba:d7:fe:58:28:b6:6f:
         ca:ed:fa:ae:32:be:a2:be:2f:be:4e:35:6a:ac:6f:2f:52:f3:
         20:6c:6d:64:61:68:d7:ea:5f:ca:34:64:6d:77:fa:97:59:b8:
         bf:3e:f4:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUM9hAoNPVc4sOIU0GgtKI7ik9o2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA1MDYwOTI0MDZaFw0yNjA1MDUwOTI5MDZaMDMxMTAvBgNV
BAMTKEU1MkRGQkVCQTQwRjc4REI0Qzc5RTdFRURGQTkyQUZDMTk0ODQwREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5zbibaChtq0m07rtVBT5wRlUO
AHXJ8jngAJabn9mGvQ690GWcP2NXwRtF6TO/zM6c/q8xjMfchZOFY2wYzIZqx6LB
uRtMNgW3p/5ig+rqRyg/99vFIvlUpRO2JYQo1affa6wtHGAvX9cjfcXZpw9XHL+5
2DA9nayf2+D2MwXX7YFxG0xjygqzwvSq6z6xOqxWJQgIWnXgVuiGZh24FzUjr2XL
hVcxsQdXGPElf0xH4pLrI3w+BPq9xrAMlU66R5I2kGJk/miQY1yhic4NS6R8t67F
0GYMCMFMSLqF1BImmZSIOhLHRkalPIPKN8XSQSzEA6j3RrIcbNBPCmRn52oVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU5S3766QPeNtMeefu36kq/BlIQN4wHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzQzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvm
VDANBgkqhkiG9w0BAQsFAAOCAQEARK5G/zv5/J+TZtqZ3KcVx7rN7/L5N2Fv/TDU
T5oqV6pF3OMgW7hhJ7LQ5rXW+mMN9CfMJXBPWGNeebmVE4ZXLIX55BBgJE/KVrJS
3cTYZCCCbkW9ukfonJLB1TMk3LYNtHV7t0hHNhyWl8DEJPK6ENPB8MC7Sfzkn1yG
xOIgH1pp9RyOoZLQOSoj7bB5cIJGxfaEUCF4lg8hPtTrYUgs8bdVDLgxKLOoVD8f
/QX+pFdUOsVNsFvKCHJluy1X7XkkNF7BkrabmH52gcMFDQN5WeG61/5YKLZvyu36
rjK+or4vvk41aqxvL1LzIGxtZGFo1+pfyjRkbXf6l1m4vz70KA==
-----END CERTIFICATE-----