Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e20383334.roa
File:                     34332e3233302e38342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          OQONGY7ev9MHL6KcmLNI4VRbuiwt+0FWiBeBJLdgRto=
Subject key identifier:   DD:4B:22:05:B3:39:80:AA:14:FA:C3:83:AE:30:BD:65:6C:F0:06:E1
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       0A83B131DD1A753032A3954F9DDF2C85B1F9BE4D
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e20383334.roa
Signing time:             Sat 02 May 2026 04:05:47 +0000
ROA not before:           Sat 02 May 2026 04:00:47 +0000
ROA not after:            Sat 01 May 2027 04:05:47 +0000
asID:                     834
IP address blocks:        43.230.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:13:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:83:b1:31:dd:1a:75:30:32:a3:95:4f:9d:df:2c:85:b1:f9:be:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: May  2 04:00:47 2026 GMT
            Not After : May  1 04:05:47 2027 GMT
        Subject: CN=DD4B2205B33980AA14FAC383AE30BD656CF006E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:7d:24:20:fd:30:b8:3e:6f:bd:1a:50:fa:d5:
                    10:1c:67:1e:2e:a4:54:d5:d7:41:d3:7d:94:72:a6:
                    92:aa:6b:a9:b1:53:1c:e6:86:f5:4f:52:2f:c7:0e:
                    7c:ff:64:4d:41:cf:2e:0d:dc:ee:9b:6a:60:03:c7:
                    31:da:8a:1e:14:70:cd:7a:17:c9:a0:9a:9a:83:71:
                    7c:74:3b:fd:1e:c6:63:7e:5f:0b:2c:2c:8c:f2:84:
                    db:90:29:fc:e4:e3:2f:b1:3e:00:c4:30:de:a7:f4:
                    21:80:c3:58:07:b1:46:86:52:63:be:86:a5:86:e6:
                    0f:0f:0c:cd:88:f4:e1:7f:25:07:1d:be:9b:9c:06:
                    8c:ad:d5:f3:9b:8c:dd:dc:ed:4a:ae:31:19:7c:d5:
                    ee:71:91:13:14:8f:70:0f:3d:88:51:da:c1:5f:f1:
                    f2:7f:60:4d:7b:9b:30:52:21:4c:8f:1c:50:f5:15:
                    8a:13:1c:65:dc:45:ea:26:31:6e:9e:84:c4:57:44:
                    34:a2:fa:16:24:d7:d8:b5:02:cb:27:10:c1:15:10:
                    dd:9e:cd:72:ab:75:98:d3:f5:13:bb:ff:12:e1:34:
                    f1:7f:d9:cd:fa:8c:23:eb:e9:a5:c9:d7:3c:20:d4:
                    32:5e:23:fb:40:1b:e4:0c:4c:26:29:c5:eb:ab:ef:
                    72:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:4B:22:05:B3:39:80:AA:14:FA:C3:83:AE:30:BD:65:6C:F0:06:E1
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:88:a5:5b:1f:45:ba:97:c0:a2:55:a5:38:29:e0:d8:a3:15:
         94:ca:a1:18:c4:cc:89:9d:ec:e2:47:c4:9a:36:18:ef:9a:a4:
         08:bf:c7:6d:ac:06:78:99:0d:04:96:ae:0d:6f:0b:58:47:6a:
         84:80:37:a4:2a:03:de:33:20:90:dc:2b:84:e7:02:1a:db:3e:
         d1:0b:f4:93:dc:80:7a:64:b4:32:ea:86:59:fa:12:3c:c0:7f:
         10:61:5f:8e:2d:e3:7a:c2:48:13:f1:3b:de:83:f0:97:02:d6:
         56:61:15:87:c1:15:2a:3b:5a:97:ff:48:27:66:26:16:a3:a7:
         fb:8e:30:e4:0b:ef:fd:35:81:12:bc:7f:39:6a:1c:4b:fa:0f:
         63:fd:6a:17:a2:4d:25:aa:bc:34:95:8b:0f:ca:8c:d5:4a:96:
         d5:19:2d:e7:8c:de:47:3c:5b:89:a8:15:ab:45:21:b4:36:a0:
         de:16:5a:3d:34:07:62:54:62:af:8e:bb:4b:07:6f:29:80:d1:
         ca:f9:fb:75:35:b9:80:5f:15:be:62:4a:a6:d9:78:23:42:19:
         c4:ce:8b:da:ea:e0:ff:01:1c:d2:2f:3c:01:e0:84:53:3c:27:
         ab:6b:56:f0:cd:cd:5e:96:0b:31:96:5a:4e:03:1b:98:46:d4:
         20:79:fd:dd
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUCoOxMd0adTAyo5VPnd8shbH5vk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNjA1MDIwNDAwNDdaFw0yNzA1MDEwNDA1NDdaMDMxMTAvBgNV
BAMTKERENEIyMjA1QjMzOTgwQUExNEZBQzM4M0FFMzBCRDY1NkNGMDA2RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtfSQg/TC4Pm+9GlD61RAcZx4u
pFTV10HTfZRyppKqa6mxUxzmhvVPUi/HDnz/ZE1Bzy4N3O6bamADxzHaih4UcM16
F8mgmpqDcXx0O/0exmN+XwssLIzyhNuQKfzk4y+xPgDEMN6n9CGAw1gHsUaGUmO+
hqWG5g8PDM2I9OF/JQcdvpucBoyt1fObjN3c7UquMRl81e5xkRMUj3APPYhR2sFf
8fJ/YE17mzBSIUyPHFD1FYoTHGXcReomMW6ehMRXRDSi+hYk19i1AssnEMEVEN2e
zXKrdZjT9RO7/xLhNPF/2c36jCPr6aXJ1zwg1DJeI/tAG+QMTCYpxeur73LhAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU3UsiBbM5gKoU+sODrjC9ZWzwBuEwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAK+ZUMA0G
CSqGSIb3DQEBCwUAA4IBAQAEiKVbH0W6l8CiVaU4KeDYoxWUyqEYxMyJneziR8Sa
NhjvmqQIv8dtrAZ4mQ0Elq4NbwtYR2qEgDekKgPeMyCQ3CuE5wIa2z7RC/ST3IB6
ZLQy6oZZ+hI8wH8QYV+OLeN6wkgT8Tveg/CXAtZWYRWHwRUqO1qX/0gnZiYWo6f7
jjDkC+/9NYESvH85ahxL+g9j/WoXok0lqrw0lYsPyozVSpbVGS3njN5HPFuJqBWr
RSG0NqDeFlo9NAdiVGKvjrtLB28pgNHK+ft1NbmAXxW+Ykqm2XgjQhnEzova6uD/
ARzSLzwB4IRTPCera1bwzc1elgsxllpOAxuYRtQgef3d
-----END CERTIFICATE-----