Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e203231383539.roa
File:                     34352e38392e3134382e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          GFqq19/CRKVG57p967VNieGNBPQF1vXKcxGHEBiFK8M=
Subject key identifier:   60:36:8F:92:21:B6:35:9A:AB:CE:6C:6E:A5:BF:89:94:8B:37:96:03
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       6CE6AB757BBAB38F8001BD4864333CA68EFBC7EF
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e203231383539.roa
Signing time:             Mon 20 Oct 2025 02:50:18 +0000
ROA not before:           Mon 20 Oct 2025 02:45:18 +0000
ROA not after:            Mon 19 Oct 2026 02:50:18 +0000
asID:                     21859
IP address blocks:        45.89.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 19:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e6:ab:75:7b:ba:b3:8f:80:01:bd:48:64:33:3c:a6:8e:fb:c7:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Oct 20 02:45:18 2025 GMT
            Not After : Oct 19 02:50:18 2026 GMT
        Subject: CN=60368F9221B6359AABCE6C6EA5BF89948B379603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4b:74:75:7e:e8:b4:58:24:62:b7:cc:d5:6b:
                    eb:45:f5:2b:4c:e7:83:c6:29:52:59:6d:1a:84:3f:
                    69:23:47:c9:6a:0b:83:2e:12:d8:64:20:28:81:31:
                    08:e6:f6:88:c5:34:b6:dc:e1:4b:79:22:15:fa:b2:
                    39:33:18:1b:4d:cb:05:84:4a:0b:42:6a:db:ad:f3:
                    41:c0:82:0c:04:5c:fa:ca:75:93:56:af:7c:93:74:
                    5d:71:fe:a3:39:ab:86:e9:f5:84:17:de:49:fd:7e:
                    db:e4:f3:34:b2:46:16:b0:35:94:a0:b1:bd:35:ac:
                    28:35:31:90:01:70:ea:1e:2f:a4:7a:c8:e2:45:45:
                    ed:cd:de:d2:95:db:b4:46:67:42:e7:db:e9:5f:c6:
                    45:be:2a:74:dc:22:ea:61:d0:2f:14:23:39:cd:ce:
                    6c:3c:1d:f9:32:54:39:ae:62:82:b5:e6:a3:62:3c:
                    8b:f9:63:b4:a1:27:34:5b:c1:ee:5f:5f:89:91:e2:
                    63:32:68:bf:89:c2:87:48:19:1f:a9:e3:e5:50:f9:
                    fb:4e:9f:65:f0:5e:07:05:da:04:9a:84:a6:df:92:
                    1a:3c:3b:a6:e1:05:bd:e5:d1:ab:88:d2:6c:e2:46:
                    25:82:40:0f:ff:71:5f:d3:1b:b1:99:1d:3e:73:13:
                    5a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:36:8F:92:21:B6:35:9A:AB:CE:6C:6E:A5:BF:89:94:8B:37:96:03
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:28:d5:34:24:62:fb:c8:c9:ff:f9:d5:db:22:d6:58:a7:57:
         e5:b9:cf:82:3d:15:c1:7e:42:29:f7:0c:20:c7:2c:b5:c9:7b:
         42:5f:40:45:b7:b2:ec:48:07:89:5a:e2:bb:8d:43:79:64:61:
         1c:ae:42:77:17:fb:61:a8:ce:4c:c7:9d:16:7b:2f:59:cf:e6:
         1d:c7:18:47:28:f7:1b:79:09:c4:ea:f5:66:03:b5:0d:4d:e4:
         8d:df:07:21:ff:bf:d8:c4:34:61:af:90:b2:dd:1e:ca:1c:b1:
         1d:dc:3f:c2:33:68:60:71:9e:69:39:ce:30:8a:89:b1:3b:6d:
         0d:e6:73:d7:74:33:bf:82:8e:79:a4:7c:6b:ab:34:7d:0b:28:
         4d:8a:68:76:80:11:af:24:27:ed:55:67:21:42:3d:d1:c6:83:
         7b:c5:06:f1:68:74:8b:98:ab:8b:33:ee:78:5c:4e:14:39:a7:
         8f:53:d1:41:f8:f2:2a:45:1f:e1:cf:2e:4d:61:a1:98:43:89:
         ac:ff:5d:62:a7:6d:cf:07:d2:73:56:02:d5:1c:05:5d:8c:d7:
         5e:fd:a6:b2:c4:e5:58:a5:d2:62:84:ba:ac:de:3e:96:be:b1:
         48:4a:c2:33:21:53:37:28:6a:61:84:75:e4:f8:af:70:9f:8a:
         e5:02:bd:46
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbOardXu6s4+AAb1IZDM8po77x+8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTEwMjAwMjQ1MThaFw0yNjEwMTkwMjUwMThaMDMxMTAvBgNV
BAMTKDYwMzY4RjkyMjFCNjM1OUFBQkNFNkM2RUE1QkY4OTk0OEIzNzk2MDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfS3R1fui0WCRit8zVa+tF9StM
54PGKVJZbRqEP2kjR8lqC4MuEthkICiBMQjm9ojFNLbc4Ut5IhX6sjkzGBtNywWE
SgtCatut80HAggwEXPrKdZNWr3yTdF1x/qM5q4bp9YQX3kn9ftvk8zSyRhawNZSg
sb01rCg1MZABcOoeL6R6yOJFRe3N3tKV27RGZ0Ln2+lfxkW+KnTcIuph0C8UIznN
zmw8HfkyVDmuYoK15qNiPIv5Y7ShJzRbwe5fX4mR4mMyaL+JwodIGR+p4+VQ+ftO
n2XwXgcF2gSahKbfkho8O6bhBb3l0auI0mziRiWCQA//cV/TG7GZHT5zE1rLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUYDaPkiG2NZqrzmxupb+JlIs3lgMwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzgzOTJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1Z
lDANBgkqhkiG9w0BAQsFAAOCAQEAaSjVNCRi+8jJ//nV2yLWWKdX5bnPgj0VwX5C
KfcMIMcstcl7Ql9ARbey7EgHiVriu41DeWRhHK5Cdxf7YajOTMedFnsvWc/mHccY
Ryj3G3kJxOr1ZgO1DU3kjd8HIf+/2MQ0Ya+Qst0eyhyxHdw/wjNoYHGeaTnOMIqJ
sTttDeZz13Qzv4KOeaR8a6s0fQsoTYpodoARryQn7VVnIUI90caDe8UG8Wh0i5ir
izPueFxOFDmnj1PRQfjyKkUf4c8uTWGhmEOJrP9dYqdtzwfSc1YC1RwFXYzXXv2m
ssTlWKXSYoS6rN4+lr6xSErCMyFTNyhqYYR15PivcJ+K5QK9Rg==
-----END CERTIFICATE-----