Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa
File:                     34352e38392e3134382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          tGvM+EEIV5d3ESJHqc18a3K5ud6mAuaKQv+HMIBYQds=
Subject key identifier:   72:92:FE:B0:0F:CD:DF:0B:23:D7:58:93:0A:8C:F0:65:63:78:A0:1A
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       1B57BC71DC9C6C9ABD916943BFB17EFA06B5B239
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa
Signing time:             Tue 16 Sep 2025 11:45:43 +0000
ROA not before:           Tue 16 Sep 2025 11:40:43 +0000
ROA not after:            Tue 15 Sep 2026 11:45:43 +0000
asID:                     834
IP address blocks:        45.89.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 01:54:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:57:bc:71:dc:9c:6c:9a:bd:91:69:43:bf:b1:7e:fa:06:b5:b2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Sep 16 11:40:43 2025 GMT
            Not After : Sep 15 11:45:43 2026 GMT
        Subject: CN=7292FEB00FCDDF0B23D758930A8CF0656378A01A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:91:8a:84:4e:58:9d:9f:9b:f8:65:29:a2:fe:
                    14:3a:5c:c8:a7:e3:7f:ee:44:4d:90:3b:29:8b:e1:
                    5e:fe:fb:6d:64:76:de:d2:a4:2e:8e:13:5d:93:dd:
                    1d:1e:00:5a:1d:ba:4c:c7:c9:a3:64:d5:95:f5:d7:
                    59:9a:f0:6d:b3:4f:39:29:93:3a:38:c7:cf:b5:28:
                    6a:ab:81:9f:4a:49:bb:d6:61:e0:4d:5e:b4:4f:fb:
                    2f:17:46:04:9f:e4:0f:e6:f2:13:b6:b9:27:2b:67:
                    6e:bc:34:f2:82:f4:70:67:10:df:ac:00:bc:b6:5d:
                    42:8f:68:14:75:94:f9:8f:53:ec:1d:9b:1c:d4:84:
                    3b:32:16:d2:4b:a0:42:33:78:eb:2f:f8:23:2f:a2:
                    73:e3:7e:21:77:e7:a0:11:26:46:02:07:6c:43:5d:
                    6b:31:97:40:5a:8b:f2:47:51:a4:8d:94:c4:38:65:
                    f2:ee:32:c7:f7:24:d7:53:63:12:a7:24:b2:60:6d:
                    af:d6:a2:37:f8:f9:ff:5e:05:63:ef:77:b5:8f:88:
                    0a:4f:40:13:81:2e:ae:ac:d7:09:d0:c0:d4:6a:1e:
                    b3:54:35:97:12:7f:b3:a9:69:25:27:75:a8:d5:90:
                    3b:73:c0:cd:ec:b1:fd:ff:4a:a9:bc:d1:d9:68:01:
                    c8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:92:FE:B0:0F:CD:DF:0B:23:D7:58:93:0A:8C:F0:65:63:78:A0:1A
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e38392e3134382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:55:ba:5c:ab:2f:7f:b6:e6:13:ad:80:20:de:93:0e:2b:2d:
         23:f2:a5:b7:e7:7b:2c:fb:a5:04:d3:a6:6f:ff:4d:81:8b:7d:
         fc:90:8a:29:51:c3:69:cf:43:58:91:7b:5a:04:d1:4e:64:50:
         d1:e7:37:95:0e:ea:a2:5c:2c:20:26:8c:37:76:30:82:60:b4:
         07:aa:2b:14:32:ad:4a:de:5a:e3:97:06:52:05:6c:47:ba:50:
         ac:76:61:3b:8c:03:c0:93:53:e2:c8:0f:7a:68:77:67:07:17:
         52:75:14:04:21:f4:0c:2b:e4:37:08:c5:13:4b:de:2e:55:f0:
         4c:ed:4b:3f:4e:c1:2b:11:08:04:7d:b9:d4:b7:e8:af:5c:ff:
         42:20:3a:87:c4:61:48:5f:15:d1:7f:75:f0:2f:2f:01:9c:6c:
         1a:71:38:73:3c:62:4b:50:5a:48:47:b8:8e:b9:1c:30:a4:33:
         1d:05:99:d1:5b:1d:fe:fa:96:20:d4:1d:b2:b6:5d:30:50:70:
         a9:94:c6:ba:49:57:50:e9:f2:55:2c:46:29:85:69:25:91:d9:
         45:36:02:01:9b:f6:77:e2:bd:1b:e8:56:c9:7a:db:dd:6b:80:
         b5:52:53:ba:3b:e7:48:30:18:12:ee:c9:68:d3:57:ad:16:40:
         87:1c:ea:b9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUG1e8cdycbJq9kWlDv7F++ga1sjkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA5MTYxMTQwNDNaFw0yNjA5MTUxMTQ1NDNaMDMxMTAvBgNV
BAMTKDcyOTJGRUIwMEZDRERGMEIyM0Q3NTg5MzBBOENGMDY1NjM3OEEwMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCikYqETlidn5v4ZSmi/hQ6XMin
43/uRE2QOymL4V7++21kdt7SpC6OE12T3R0eAFodukzHyaNk1ZX111ma8G2zTzkp
kzo4x8+1KGqrgZ9KSbvWYeBNXrRP+y8XRgSf5A/m8hO2uScrZ268NPKC9HBnEN+s
ALy2XUKPaBR1lPmPU+wdmxzUhDsyFtJLoEIzeOsv+CMvonPjfiF356ARJkYCB2xD
XWsxl0Bai/JHUaSNlMQ4ZfLuMsf3JNdTYxKnJLJgba/Wojf4+f9eBWPvd7WPiApP
QBOBLq6s1wnQwNRqHrNUNZcSf7OpaSUndajVkDtzwM3ssf3/Sqm80dloAcinAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUcpL+sA/N3wsj11iTCozwZWN4oBowHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzgzOTJlMzEzNDM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVmUMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Vbpcqy9/tuYTrYAg3pMOKy0j8qW353ss+6UE06Zv
/02Bi338kIopUcNpz0NYkXtaBNFOZFDR5zeVDuqiXCwgJow3djCCYLQHqisUMq1K
3lrjlwZSBWxHulCsdmE7jAPAk1PiyA96aHdnBxdSdRQEIfQMK+Q3CMUTS94uVfBM
7Us/TsErEQgEfbnUt+ivXP9CIDqHxGFIXxXRf3XwLy8BnGwacThzPGJLUFpIR7iO
uRwwpDMdBZnRWx3++pYg1B2ytl0wUHCplMa6SVdQ6fJVLEYphWklkdlFNgIBm/Z3
4r0b6FbJetvda4C1UlO6O+dIMBgS7slo01etFkCHHOq5
-----END CERTIFICATE-----