Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231362e302f32342d3234203d3e20383334.roa
File:                     34352e3133322e3231362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          BNF0UTnhqHzrrOBQw1Y7S02f5JeUOaH07ofQFzJcBHo=
Subject key identifier:   C4:05:CE:27:48:3B:5C:D8:83:79:55:F1:3B:F6:E3:3C:FA:51:56:FA
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       E06FB314F28DD2765D392BEB330B9FF056D399
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231362e302f32342d3234203d3e20383334.roa
Signing time:             Sun 01 Jun 2025 00:02:55 +0000
ROA not before:           Sat 31 May 2025 23:57:55 +0000
ROA not after:            Sun 31 May 2026 00:02:55 +0000
asID:                     834
IP address blocks:        45.132.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 05:18:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            e0:6f:b3:14:f2:8d:d2:76:5d:39:2b:eb:33:0b:9f:f0:56:d3:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: May 31 23:57:55 2025 GMT
            Not After : May 31 00:02:55 2026 GMT
        Subject: CN=C405CE27483B5CD8837955F13BF6E33CFA5156FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7e:49:b1:d5:fb:e6:79:ba:0d:cc:89:36:38:
                    a6:a8:a5:0e:bd:09:35:7a:bb:da:2f:bd:4e:a1:48:
                    45:e4:46:9f:3e:08:70:cb:b8:91:7e:bf:38:82:12:
                    da:26:84:44:ad:1d:12:f9:cd:9b:ad:94:89:24:00:
                    7b:75:fc:b3:46:e0:3b:41:3f:fa:7a:71:85:29:f9:
                    98:06:61:94:02:d6:a2:2b:4a:f9:65:c3:9b:2c:d0:
                    d7:6e:e5:7a:43:e6:e5:3c:02:b7:6b:e7:db:d9:48:
                    67:1e:ae:c7:3f:2a:78:dd:49:08:e3:f4:cd:53:2c:
                    20:53:d5:de:1e:9c:04:d5:22:c3:c4:af:c6:0b:26:
                    b0:aa:26:27:73:cd:28:6d:ed:4b:e9:f5:6e:d5:50:
                    bd:ec:ff:ae:0a:24:4c:18:19:d0:52:d1:e2:5a:90:
                    fd:d2:a6:ea:73:fd:0c:0e:73:b4:eb:55:68:d8:ae:
                    b0:b1:4e:8d:1c:0c:ef:6a:2d:65:85:93:55:bf:95:
                    48:af:de:68:4d:e0:72:39:9e:33:6e:70:77:cb:89:
                    5a:7d:90:94:9a:4c:6d:01:0e:5f:d9:37:4c:e0:28:
                    cb:1f:1d:65:48:33:ee:f2:e7:1f:bc:47:d5:31:0f:
                    3b:22:6a:f0:1c:f9:f1:d9:bf:cd:52:b4:e2:51:d2:
                    d0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:05:CE:27:48:3B:5C:D8:83:79:55:F1:3B:F6:E3:3C:FA:51:56:FA
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3133322e3231362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:e0:5e:8c:d4:3e:7a:a4:09:63:2b:04:ed:7e:1e:dc:ea:53:
         ff:a2:a9:2f:fe:19:18:01:c0:74:e2:28:29:07:10:8b:bf:6b:
         33:5b:f7:bf:d8:96:cb:8b:22:27:3c:d6:60:93:f1:29:4e:cb:
         78:53:20:5d:2b:04:42:87:16:d3:fc:0b:8f:e3:f6:c4:21:5f:
         72:81:79:23:2a:41:68:b1:f7:22:fb:59:a0:fc:b2:fa:32:a2:
         c4:9c:aa:4c:e8:fb:ed:6c:59:9d:d4:2d:1b:ee:8d:aa:35:bc:
         12:51:9c:92:2a:6e:05:dd:10:17:d1:2f:de:38:ab:e2:23:0b:
         6d:72:4e:b8:8e:97:b5:c4:aa:44:82:9f:15:be:7c:77:37:28:
         66:fb:30:7f:9b:17:27:d5:54:fa:2a:7f:35:38:3b:91:de:fc:
         4f:f1:3c:c3:d2:ce:60:74:a7:2a:e3:e7:2f:e2:74:c0:cf:8c:
         89:05:a4:1c:64:e0:49:22:7e:02:d2:4c:77:6f:92:73:d6:5b:
         dc:e6:0d:2f:da:e1:0a:ed:1f:91:22:53:30:47:68:9b:87:cb:
         0b:3d:f5:d5:49:7c:f8:31:3a:30:5f:7d:36:b7:c8:b3:ad:0a:
         fe:49:4f:34:89:a4:a6:a8:2c:f0:15:33:14:bb:19:cc:5b:28:
         0c:b0:f5:8d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAOBvsxTyjdJ2XTkr6zMLn/BW05kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA1MzEyMzU3NTVaFw0yNjA1MzEwMDAyNTVaMDMxMTAvBgNV
BAMTKEM0MDVDRTI3NDgzQjVDRDg4Mzc5NTVGMTNCRjZFMzNDRkE1MTU2RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSfkmx1fvmeboNzIk2OKaopQ69
CTV6u9ovvU6hSEXkRp8+CHDLuJF+vziCEtomhEStHRL5zZutlIkkAHt1/LNG4DtB
P/p6cYUp+ZgGYZQC1qIrSvllw5ss0Ndu5XpD5uU8Ardr59vZSGcersc/KnjdSQjj
9M1TLCBT1d4enATVIsPEr8YLJrCqJidzzSht7Uvp9W7VUL3s/64KJEwYGdBS0eJa
kP3Spupz/QwOc7TrVWjYrrCxTo0cDO9qLWWFk1W/lUiv3mhN4HI5njNucHfLiVp9
kJSaTG0BDl/ZN0zgKMsfHWVIM+7y5x+8R9UxDzsiavAc+fHZv81StOJR0tCdAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUxAXOJ0g7XNiDeVXxO/bjPPpRVvowHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMzMyMmUzMjMx
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAthNgw
DQYJKoZIhvcNAQELBQADggEBAB7gXozUPnqkCWMrBO1+HtzqU/+iqS/+GRgBwHTi
KCkHEIu/azNb97/YlsuLIic81mCT8SlOy3hTIF0rBEKHFtP8C4/j9sQhX3KBeSMq
QWix9yL7WaD8svoyosScqkzo++1sWZ3ULRvujao1vBJRnJIqbgXdEBfRL944q+Ij
C21yTriOl7XEqkSCnxW+fHc3KGb7MH+bFyfVVPoqfzU4O5He/E/xPMPSzmB0pyrj
5y/idMDPjIkFpBxk4EkifgLSTHdvknPWW9zmDS/a4QrtH5EiUzBHaJuHyws99dVJ
fPgxOjBffTa3yLOtCv5JTzSJpKaoLPAVMxS7GcxbKAyw9Y0=
-----END CERTIFICATE-----