Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38362e302f32332d3234203d3e2033343931.roa
File:                     34332e3233302e38362e302f32332d3234203d3e2033343931.roa (raw, json)
Hash identifier:          BqbUmbythNNYP4WqssroNY2sOPvoyuRgXIRAVuIytpA=
Subject key identifier:   12:D5:76:03:E8:08:D5:CB:AA:F8:25:47:4A:81:CF:B7:53:1C:65:14
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       1895AD3A3C553745DDAD495E6F068F917FCB9AEB
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38362e302f32332d3234203d3e2033343931.roa
Signing time:             Tue 18 Mar 2025 03:56:37 +0000
ROA not before:           Tue 18 Mar 2025 03:51:37 +0000
ROA not after:            Tue 17 Mar 2026 03:56:37 +0000
asID:                     3491
IP address blocks:        43.230.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:95:ad:3a:3c:55:37:45:dd:ad:49:5e:6f:06:8f:91:7f:cb:9a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Mar 18 03:51:37 2025 GMT
            Not After : Mar 17 03:56:37 2026 GMT
        Subject: CN=12D57603E808D5CBAAF825474A81CFB7531C6514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ab:eb:00:34:e4:0e:d1:b6:f2:00:57:9d:25:
                    b5:b6:f9:36:0c:55:4c:13:3a:78:66:65:a7:23:78:
                    0c:9b:53:0e:db:6a:ef:3c:0f:34:0e:ef:e7:73:f8:
                    db:b3:f8:2b:37:95:90:1c:89:ac:00:37:3b:90:8b:
                    27:4e:ca:ee:f8:2c:10:d7:0f:1a:3d:ba:e6:85:64:
                    4c:0a:b6:ac:38:0f:7d:24:1f:27:80:51:9b:09:88:
                    4b:58:b5:d2:cd:29:93:c8:eb:db:c1:cb:66:c4:29:
                    84:3a:7b:a5:66:e4:49:d0:90:46:6c:96:e1:08:b6:
                    7a:90:26:5c:93:cd:e3:4b:59:dd:27:ab:7a:fb:3d:
                    a3:b6:cd:e0:78:ed:55:b1:01:e0:3f:c6:b4:dd:4b:
                    1a:e5:87:40:e9:5b:b6:f3:3f:8f:9c:58:cf:ce:c2:
                    f7:d8:82:89:8a:de:11:34:f3:80:68:08:24:3f:a7:
                    1b:7e:23:92:60:6a:77:cf:91:01:a8:b0:62:b5:31:
                    1a:ff:a3:b4:89:32:06:38:ac:e8:bd:53:78:e5:6f:
                    79:07:3a:32:28:1c:ae:5f:09:4d:09:ba:06:47:79:
                    56:56:20:13:5c:c8:ef:de:74:b4:2c:59:07:ef:83:
                    55:dc:21:27:ca:a7:7d:f1:c8:67:c6:36:72:e6:4d:
                    b0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:D5:76:03:E8:08:D5:CB:AA:F8:25:47:4A:81:CF:B7:53:1C:65:14
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38362e302f32332d3234203d3e2033343931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:21:a3:78:9d:6d:10:06:aa:03:2e:4f:16:12:58:72:1f:0b:
         a1:7d:ed:24:56:2a:54:1a:fe:60:ee:93:10:df:97:02:91:0d:
         70:12:47:52:b9:a8:03:ff:52:dc:5c:eb:18:06:ad:eb:29:fc:
         ff:d6:79:5f:23:10:88:0e:3f:3b:e0:e5:bf:a7:1c:41:5d:c1:
         82:99:13:99:2c:9e:7d:86:83:cc:79:8f:3f:2d:29:e7:1e:ec:
         eb:bf:3c:69:8e:22:7f:9a:4d:20:fc:2b:eb:a4:32:c8:c2:2e:
         3e:1a:fb:e6:50:71:ee:3b:a8:aa:10:df:6c:7d:f1:a9:c6:e8:
         5d:fe:5d:98:32:60:85:b2:52:22:05:9f:cd:6a:da:09:e0:7f:
         54:ca:79:a7:33:fa:ba:4b:e7:6d:c0:86:b0:2a:16:24:50:83:
         ac:e0:3d:be:c0:ad:c7:e2:a4:9d:c4:91:b9:43:23:2a:9c:7c:
         a2:2f:d3:08:26:ae:a6:ff:ef:ed:60:de:8e:9a:b6:42:bf:06:
         fc:50:e1:07:fc:70:b8:4b:4d:d4:68:a3:d2:b1:0d:51:52:47:
         a5:28:e1:8c:cb:f0:38:c4:b9:2f:e3:33:66:ef:3a:c9:f8:f2:
         2e:db:6f:90:37:48:d8:e2:8c:a3:f6:ab:20:9c:06:12:6d:28:
         d2:63:c0:89
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGJWtOjxVN0XdrUlebwaPkX/LmuswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTAzMTgwMzUxMzdaFw0yNjAzMTcwMzU2MzdaMDMxMTAvBgNV
BAMTKDEyRDU3NjAzRTgwOEQ1Q0JBQUY4MjU0NzRBODFDRkI3NTMxQzY1MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7q+sANOQO0bbyAFedJbW2+TYM
VUwTOnhmZacjeAybUw7bau88DzQO7+dz+Nuz+Cs3lZAciawANzuQiydOyu74LBDX
Dxo9uuaFZEwKtqw4D30kHyeAUZsJiEtYtdLNKZPI69vBy2bEKYQ6e6Vm5EnQkEZs
luEItnqQJlyTzeNLWd0nq3r7PaO2zeB47VWxAeA/xrTdSxrlh0DpW7bzP4+cWM/O
wvfYgomK3hE084BoCCQ/pxt+I5JganfPkQGosGK1MRr/o7SJMgY4rOi9U3jlb3kH
OjIoHK5fCU0JugZHeVZWIBNcyO/edLQsWQfvg1XcISfKp33xyGfGNnLmTbAdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUEtV2A+gI1cuq+CVHSoHPt1McZRQwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzMzNDM5MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEr5lYw
DQYJKoZIhvcNAQELBQADggEBAEIho3idbRAGqgMuTxYSWHIfC6F97SRWKlQa/mDu
kxDflwKRDXASR1K5qAP/Utxc6xgGresp/P/WeV8jEIgOPzvg5b+nHEFdwYKZE5ks
nn2Gg8x5jz8tKece7Ou/PGmOIn+aTSD8K+ukMsjCLj4a++ZQce47qKoQ32x98anG
6F3+XZgyYIWyUiIFn81q2gngf1TKeacz+rpL523AhrAqFiRQg6zgPb7ArcfipJ3E
kblDIyqcfKIv0wgmrqb/7+1g3o6atkK/BvxQ4Qf8cLhLTdRoo9KxDVFSR6Uo4YzL
8DjEuS/jM2bvOsn48i7bb5A3SNjijKP2qyCcBhJtKNJjwIk=
-----END CERTIFICATE-----