Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e203231383539.roa
File:                     34352e38392e3134382e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          S5j/fWrlLYfC3RcNoVTSYYrymws4cbPCN4+IAiF1Lqo=
Subject key identifier:   73:3E:24:AF:7C:07:44:5F:B1:38:91:39:A1:B1:F7:F0:79:D7:92:C8
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       19D1E882684675A7529606FD0B3017DC683A0A8C
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e203231383539.roa
Signing time:             Fri 15 Aug 2025 11:07:12 +0000
ROA not before:           Fri 15 Aug 2025 11:02:12 +0000
ROA not after:            Fri 14 Aug 2026 11:07:12 +0000
asID:                     21859
IP address blocks:        45.89.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 15:09:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:d1:e8:82:68:46:75:a7:52:96:06:fd:0b:30:17:dc:68:3a:0a:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Aug 15 11:02:12 2025 GMT
            Not After : Aug 14 11:07:12 2026 GMT
        Subject: CN=733E24AF7C07445FB1389139A1B1F7F079D792C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f1:87:8b:37:22:c8:2a:e6:10:ff:6b:3e:e3:
                    5d:a1:99:8f:e6:f2:29:66:b6:e0:00:06:9b:f6:8f:
                    f2:80:86:69:7c:8b:b7:37:50:12:c6:96:07:25:e7:
                    44:03:0e:2a:65:5b:35:0e:64:06:2f:3f:6e:3a:1f:
                    3c:bf:4f:21:a9:f5:5d:2b:4d:d0:c2:fa:fe:a6:51:
                    cf:1f:1f:07:3d:ca:70:a5:a2:d0:e5:f4:42:7b:44:
                    47:2c:67:df:03:ce:70:92:a1:7a:2c:c3:10:81:b5:
                    82:d2:1c:90:12:8e:ff:95:ce:5e:10:57:b1:97:09:
                    23:07:aa:5e:a7:40:35:9b:61:2c:8f:e0:ff:a8:d1:
                    b6:8b:7b:5f:b5:2a:6e:d7:20:23:8b:1d:6f:d5:85:
                    22:d3:18:30:28:30:cf:bb:a8:12:66:b4:eb:16:c1:
                    56:d3:ca:66:37:2a:7d:a8:a5:e3:7f:1a:e4:d9:9f:
                    08:1b:e5:90:ac:dd:7b:20:49:a2:e9:94:09:09:d0:
                    8c:5c:25:06:a7:9c:01:3b:29:c9:e7:6a:3a:d2:b2:
                    26:80:49:3e:f8:90:d0:4d:d5:b9:2a:95:23:68:11:
                    52:40:fb:f4:e0:d8:d0:12:37:d4:1a:0c:ff:69:0f:
                    8c:cd:0a:bf:53:89:d1:35:1d:6e:32:a1:d8:98:bc:
                    ec:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:3E:24:AF:7C:07:44:5F:B1:38:91:39:A1:B1:F7:F0:79:D7:92:C8
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:cf:c3:8a:72:5c:6f:03:ed:fe:81:75:b4:61:a0:c9:dc:7d:
         e4:8f:90:80:e8:4f:79:7d:f8:05:b8:f2:8f:4d:90:b4:77:67:
         4c:ec:9e:fa:42:9a:77:a9:fa:70:9a:2f:e7:18:ba:bd:fa:68:
         85:60:27:51:d4:7f:d1:d5:c0:f5:ae:7f:c6:ba:93:96:9c:4b:
         b9:a1:db:03:52:af:5f:b9:0e:ef:12:bb:44:d9:0a:38:3e:7b:
         87:8e:2f:17:c1:ab:42:9e:5d:02:02:7b:01:e6:14:13:5d:d6:
         5e:84:79:d0:38:cf:5e:f7:27:2f:5e:67:c4:14:24:dd:90:f7:
         60:38:25:09:dc:ec:77:b6:af:69:c2:9d:eb:f6:b2:39:62:d4:
         03:91:1d:15:a1:65:12:06:51:88:da:2b:06:d2:d3:b9:47:ce:
         5c:db:dd:e2:42:37:85:52:eb:57:3d:19:b7:21:20:b5:21:ef:
         65:96:1b:e7:9e:30:04:d0:1c:de:5b:10:21:2a:fc:14:d4:5e:
         a7:46:a0:ed:53:f6:75:fb:fd:ac:48:b7:99:dc:4d:01:19:cb:
         59:fe:9a:67:d9:fb:3c:be:b3:99:eb:62:21:d8:b5:12:c8:56:
         90:79:78:12:d8:ed:c3:6c:b7:1a:af:07:58:11:2a:24:f9:fb:
         8e:f9:8a:60
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGdHogmhGdadSlgb9CzAX3Gg6CowwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA4MTUxMTAyMTJaFw0yNjA4MTQxMTA3MTJaMDMxMTAvBgNV
BAMTKDczM0UyNEFGN0MwNzQ0NUZCMTM4OTEzOUExQjFGN0YwNzlENzkyQzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ8YeLNyLIKuYQ/2s+412hmY/m
8ilmtuAABpv2j/KAhml8i7c3UBLGlgcl50QDDiplWzUOZAYvP246Hzy/TyGp9V0r
TdDC+v6mUc8fHwc9ynClotDl9EJ7REcsZ98DznCSoXoswxCBtYLSHJASjv+Vzl4Q
V7GXCSMHql6nQDWbYSyP4P+o0baLe1+1Km7XICOLHW/VhSLTGDAoMM+7qBJmtOsW
wVbTymY3Kn2opeN/GuTZnwgb5ZCs3XsgSaLplAkJ0IxcJQannAE7KcnnajrSsiaA
ST74kNBN1bkqlSNoEVJA+/Tg2NASN9QaDP9pD4zNCr9TidE1HW4yodiYvOxdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcz4kr3wHRF+xOJE5obH38HnXksgwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzgzOTJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Z
lDANBgkqhkiG9w0BAQsFAAOCAQEAms/DinJcbwPt/oF1tGGgydx95I+QgOhPeX34
Bbjyj02QtHdnTOye+kKad6n6cJov5xi6vfpohWAnUdR/0dXA9a5/xrqTlpxLuaHb
A1KvX7kO7xK7RNkKOD57h44vF8GrQp5dAgJ7AeYUE13WXoR50DjPXvcnL15nxBQk
3ZD3YDglCdzsd7avacKd6/ayOWLUA5EdFaFlEgZRiNorBtLTuUfOXNvd4kI3hVLr
Vz0ZtyEgtSHvZZYb554wBNAc3lsQISr8FNRep0ag7VP2dfv9rEi3mdxNARnLWf6a
Z9n7PL6zmetiIdi1EshWkHl4Etjtw2y3Gq8HWBEqJPn7jvmKYA==
-----END CERTIFICATE-----