Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/323030313a346365383a3a2f33322d3332203d3e20323530.roa
File:                     323030313a346365383a3a2f33322d3332203d3e20323530.roa (raw, json)
Hash identifier:          zJJBd2Rg1C8mF3Brr7ZPVnCCMMdyplxley/QZ6Up3Cg=
Subject key identifier:   34:DB:47:53:71:A2:A4:93:88:A1:89:E4:59:7E:07:FE:D0:3C:64:49
Certificate issuer:       /CN=78d65d4a22df705beed7b3432fbe48a356597724
Certificate serial:       30629A7BFA12CD7D3D4B216D2DCE2F41E7C27A1E
Authority key identifier: 78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/323030313a346365383a3a2f33322d3332203d3e20323530.roa
Signing time:             Fri 29 Aug 2025 08:14:02 +0000
ROA not before:           Fri 29 Aug 2025 08:09:02 +0000
ROA not after:            Fri 28 Aug 2026 08:14:02 +0000
asID:                     250
IP address blocks:        2001:4ce8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:62:9a:7b:fa:12:cd:7d:3d:4b:21:6d:2d:ce:2f:41:e7:c2:7a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78d65d4a22df705beed7b3432fbe48a356597724
        Validity
            Not Before: Aug 29 08:09:02 2025 GMT
            Not After : Aug 28 08:14:02 2026 GMT
        Subject: CN=34DB475371A2A49388A189E4597E07FED03C6449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:de:5f:86:b1:ff:a1:94:80:24:be:f6:84:07:
                    7c:9c:52:7d:7e:ee:c7:54:c2:0b:7b:44:de:3e:69:
                    46:51:6a:16:be:8c:42:45:5a:61:f5:4b:bc:bf:8b:
                    c9:05:7b:c2:36:bc:32:25:39:67:e1:64:c8:4a:88:
                    f1:64:fc:e9:43:24:2b:c8:2b:99:41:a3:7d:33:21:
                    3a:81:8e:e3:68:2d:e6:f5:ba:17:ac:46:fb:bb:24:
                    db:f5:c2:17:56:79:aa:78:6f:eb:28:b4:5f:4a:62:
                    32:9f:72:27:e5:a7:96:a7:bf:47:4f:e3:df:09:c6:
                    df:66:29:41:44:b9:30:e8:ab:60:e0:39:a1:d8:99:
                    7d:69:54:63:68:00:ac:2d:ae:a0:9f:b7:2a:c1:52:
                    bd:80:b7:15:45:73:f3:7f:36:62:c5:28:fb:76:97:
                    7f:08:86:49:19:eb:f6:bd:92:bd:a1:30:84:f6:e3:
                    84:95:03:6f:35:b0:18:2c:23:15:d2:e1:0a:96:8e:
                    61:44:c4:d9:c6:1e:42:1f:2b:32:c7:f2:c5:f1:c2:
                    3b:f3:f3:6b:ae:34:5f:eb:08:3b:a6:3a:e3:98:cf:
                    b8:83:09:63:09:c4:25:b4:a0:9d:22:e8:7b:09:9d:
                    08:ca:2d:4f:22:72:06:be:50:d9:1c:50:f4:8b:82:
                    73:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DB:47:53:71:A2:A4:93:88:A1:89:E4:59:7E:07:FE:D0:3C:64:49
            X509v3 Authority Key Identifier:
                keyid:78:D6:5D:4A:22:DF:70:5B:EE:D7:B3:43:2F:BE:48:A3:56:59:77:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/78D65D4A22DF705BEED7B3432FBE48A356597724.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNZdSiLfcFvu17NDL75Io1ZZdyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8925ad15-af0b-45cd-b883-1a058fa0eba1/0/323030313a346365383a3a2f33322d3332203d3e20323530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4ce8::/32

    Signature Algorithm: sha256WithRSAEncryption
         68:3b:c1:4e:29:aa:02:53:79:36:52:82:3d:e0:b8:f5:92:1a:
         01:76:ac:e3:ea:ed:c6:fc:a7:85:04:38:88:87:df:eb:ac:62:
         80:31:7b:07:fc:49:bd:85:42:58:c3:a6:eb:b5:80:69:59:01:
         d1:4d:94:05:65:8e:d4:a4:f3:79:69:ba:77:6e:b4:ad:df:51:
         cd:01:53:65:89:d5:43:c1:62:72:c6:09:1c:df:cf:9c:be:3c:
         21:af:6d:67:95:4b:d8:ff:d7:30:23:38:32:23:49:50:4a:bd:
         e7:62:eb:2f:ed:8e:ba:8f:7f:e8:14:09:9b:85:3d:8d:c8:cf:
         8d:af:10:d2:7b:ae:96:cd:15:8f:cb:8d:eb:77:a7:c9:60:a2:
         62:78:14:18:83:b6:a9:1b:56:0b:76:3a:b4:d4:dc:33:6b:aa:
         7f:41:e7:cf:36:56:95:25:32:ca:ef:9a:1d:bc:bd:b1:ff:88:
         08:13:9e:6d:cf:f1:73:81:a7:28:de:03:08:ac:31:29:c2:a8:
         94:67:bf:c6:0d:93:6d:b2:0f:4e:8e:7c:c0:a0:29:05:57:82:
         86:e8:21:25:4c:8c:a9:67:14:82:00:4b:f7:20:67:44:7d:d5:
         6b:00:2b:3f:77:b0:a5:c6:43:0b:e0:68:06:bb:f0:8f:6b:18:
         75:db:00:79
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIUMGKae/oSzX09SyFtLc4vQefCeh4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzhkNjVkNGEyMmRmNzA1YmVlZDdiMzQzMmZiZTQ4YTM1
NjU5NzcyNDAeFw0yNTA4MjkwODA5MDJaFw0yNjA4MjgwODE0MDJaMDMxMTAvBgNV
BAMTKDM0REI0NzUzNzFBMkE0OTM4OEExODlFNDU5N0UwN0ZFRDAzQzY0NDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB3l+Gsf+hlIAkvvaEB3ycUn1+
7sdUwgt7RN4+aUZRaha+jEJFWmH1S7y/i8kFe8I2vDIlOWfhZMhKiPFk/OlDJCvI
K5lBo30zITqBjuNoLeb1uhesRvu7JNv1whdWeap4b+sotF9KYjKfciflp5anv0dP
498Jxt9mKUFEuTDoq2DgOaHYmX1pVGNoAKwtrqCftyrBUr2AtxVFc/N/NmLFKPt2
l38IhkkZ6/a9kr2hMIT244SVA281sBgsIxXS4QqWjmFExNnGHkIfKzLH8sXxwjvz
82uuNF/rCDumOuOYz7iDCWMJxCW0oJ0i6HsJnQjKLU8icga+UNkcUPSLgnPRAgMB
AAGjggI4MIICNDAdBgNVHQ4EFgQUNNtHU3GipJOIoYnkWX4H/tA8ZEkwHwYDVR0j
BBgwFoAUeNZdSiLfcFvu17NDL75Io1ZZdyQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNWFkMTUtYWYwYi00NWNkLWI4ODMtMWEwNThmYTBl
YmExLzAvNzhENjVENEEyMkRGNzA1QkVFRDdCMzQzMkZCRTQ4QTM1NjU5NzcyNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VOWmRTaUxmY0Z2dTE3TkRMNzVJbzFa
WmR5US5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODkyNWFkMTUt
YWYwYi00NWNkLWI4ODMtMWEwNThmYTBlYmExLzAvMzIzMDMwMzEzYTM0NjM2NTM4
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzIzNTMwLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAFM6DAN
BgkqhkiG9w0BAQsFAAOCAQEAaDvBTimqAlN5NlKCPeC49ZIaAXas4+rtxvynhQQ4
iIff66xigDF7B/xJvYVCWMOm67WAaVkB0U2UBWWO1KTzeWm6d260rd9RzQFTZYnV
Q8FicsYJHN/PnL48Ia9tZ5VL2P/XMCM4MiNJUEq952LrL+2Ouo9/6BQJm4U9jcjP
ja8Q0nuuls0Vj8uN63enyWCiYngUGIO2qRtWC3Y6tNTcM2uqf0HnzzZWlSUyyu+a
Hby9sf+ICBOebc/xc4GnKN4DCKwxKcKolGe/xg2TbbIPTo58wKApBVeChughJUyM
qWcUggBL9yBnRH3VawArP3ewpcZDC+BoBrvwj2sYddsAeQ==
-----END CERTIFICATE-----