Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203235313938.roa
File:                     34332e3233302e38342e302f32342d3234203d3e203235313938.roa (raw, json)
Hash identifier:          D5rxpe/mz9cZbwkoouLs3Io8a9VjYwAhmSHGosd1BJQ=
Subject key identifier:   85:01:16:73:E8:F1:C9:59:35:6E:2F:01:17:1E:E2:22:49:C2:C2:0C
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       40B662967EB2AAF95584D66A2516E55A6E669E44
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203235313938.roa
Signing time:             Mon 06 Oct 2025 10:45:13 +0000
ROA not before:           Mon 06 Oct 2025 10:40:13 +0000
ROA not after:            Mon 05 Oct 2026 10:45:13 +0000
asID:                     25198
IP address blocks:        43.230.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 07:31:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:b6:62:96:7e:b2:aa:f9:55:84:d6:6a:25:16:e5:5a:6e:66:9e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Oct  6 10:40:13 2025 GMT
            Not After : Oct  5 10:45:13 2026 GMT
        Subject: CN=85011673E8F1C959356E2F01171EE22249C2C20C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ba:bf:b1:7a:ee:61:78:a5:fc:19:f2:1f:cc:
                    5b:4e:e7:4d:4d:2f:2b:66:d4:fa:47:6e:05:a7:92:
                    ed:99:c9:4a:31:60:a8:e8:d5:b8:8a:59:04:37:6f:
                    89:64:c7:34:52:99:86:7e:66:87:ef:e2:0c:48:a5:
                    79:5e:3e:94:a7:31:2a:5c:b2:c0:4f:0b:11:a5:e0:
                    5d:1d:d3:0a:fb:6d:bd:73:12:38:bc:41:4d:e6:a1:
                    45:08:ca:60:de:26:fa:79:b9:9d:e6:91:22:b5:ad:
                    b4:06:a5:1d:dd:d8:41:9b:74:3a:b5:0c:0a:0c:8f:
                    96:b4:c1:b0:19:c5:43:93:ca:57:40:8b:72:89:d9:
                    db:d9:9e:5d:e4:fa:75:44:42:63:47:ab:53:49:95:
                    32:5e:d5:6f:c7:db:e9:a0:29:8f:43:f7:12:59:5c:
                    71:7f:a5:15:a9:b8:e0:30:c5:fc:d8:4a:a5:8c:e5:
                    79:90:c7:c8:77:68:24:67:ed:2b:81:bf:c3:fe:8e:
                    46:21:1e:be:11:8a:4c:fb:f3:18:b4:79:14:59:c8:
                    1a:98:a9:ee:93:3c:f4:fc:ad:fb:b8:25:48:93:1d:
                    9f:f3:e0:d8:3e:f5:7b:86:82:b1:27:0a:d0:e4:2d:
                    5a:2b:16:1f:30:16:41:c8:ce:c5:67:53:5c:d1:9d:
                    b3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:01:16:73:E8:F1:C9:59:35:6E:2F:01:17:1E:E2:22:49:C2:C2:0C
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203235313938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:b2:8b:e4:35:3a:e4:d4:6d:64:90:98:c1:49:99:dd:e4:55:
         49:2c:37:80:60:9a:79:fa:cb:97:2d:ce:4d:b7:5b:e7:26:66:
         5b:4d:1b:f0:b7:3f:11:a3:ea:0c:6f:e5:85:38:dd:f7:95:35:
         4c:62:45:3c:fb:21:72:9b:80:c9:9e:21:ac:ce:2d:d7:8a:e3:
         fd:08:93:3f:34:1e:48:b9:99:6d:91:8f:07:21:72:9e:b2:c7:
         5a:b4:3f:e3:97:16:48:50:71:37:d3:9b:0e:12:58:6e:36:0c:
         a7:04:94:94:68:d1:8b:1f:da:96:01:f9:14:1c:e2:74:25:4e:
         40:3a:3e:8c:f1:0f:af:17:92:32:f8:41:77:87:ae:35:18:68:
         86:33:ef:c5:85:7f:3e:2b:5c:70:1c:07:89:7d:29:11:81:a4:
         b6:e7:3c:40:9b:8f:d4:4a:59:5e:70:91:4e:93:ee:87:c4:5c:
         4f:ad:e8:32:c4:88:5c:ef:c9:ff:b3:b9:0a:c3:3d:e3:53:76:
         38:37:0e:1e:ac:f2:0a:f1:aa:04:02:33:b3:64:71:41:4c:3b:
         ae:0b:f9:b2:1d:8c:9f:19:fd:96:d4:29:42:c3:48:37:ac:e1:
         b4:fb:9e:f6:9e:59:71:79:df:09:70:ff:fb:0b:d0:af:2e:9a:
         0b:07:1b:12
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQLZiln6yqvlVhNZqJRblWm5mnkQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTEwMDYxMDQwMTNaFw0yNjEwMDUxMDQ1MTNaMDMxMTAvBgNV
BAMTKDg1MDExNjczRThGMUM5NTkzNTZFMkYwMTE3MUVFMjIyNDlDMkMyMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcur+xeu5heKX8GfIfzFtO501N
Lytm1PpHbgWnku2ZyUoxYKjo1biKWQQ3b4lkxzRSmYZ+Zofv4gxIpXlePpSnMSpc
ssBPCxGl4F0d0wr7bb1zEji8QU3moUUIymDeJvp5uZ3mkSK1rbQGpR3d2EGbdDq1
DAoMj5a0wbAZxUOTyldAi3KJ2dvZnl3k+nVEQmNHq1NJlTJe1W/H2+mgKY9D9xJZ
XHF/pRWpuOAwxfzYSqWM5XmQx8h3aCRn7SuBv8P+jkYhHr4Rikz78xi0eRRZyBqY
qe6TPPT8rfu4JUiTHZ/z4Ng+9XuGgrEnCtDkLVorFh8wFkHIzsVnU1zRnbNtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUhQEWc+jxyVk1bi8BFx7iIknCwgwwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNTMxMzkzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvm
VDANBgkqhkiG9w0BAQsFAAOCAQEABLKL5DU65NRtZJCYwUmZ3eRVSSw3gGCaefrL
ly3OTbdb5yZmW00b8Lc/EaPqDG/lhTjd95U1TGJFPPshcpuAyZ4hrM4t14rj/QiT
PzQeSLmZbZGPByFynrLHWrQ/45cWSFBxN9ObDhJYbjYMpwSUlGjRix/algH5FBzi
dCVOQDo+jPEPrxeSMvhBd4euNRhohjPvxYV/PitccBwHiX0pEYGktuc8QJuP1EpZ
XnCRTpPuh8RcT63oMsSIXO/J/7O5CsM941N2ODcOHqzyCvGqBAIzs2RxQUw7rgv5
sh2Mnxn9ltQpQsNIN6zhtPue9p5ZcXnfCXD/+wvQry6aCwcbEg==
-----END CERTIFICATE-----