Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS34989.roa
File:                     AS34989.roa (raw, json)
Hash identifier:          6j2/O1oc0zGmDWxF3j8qkeS4vjxTn9u/fOBfYd/A8L0=
Subject key identifier:   F5:10:CA:B6:C5:E3:CE:14:65:CB:57:CE:8C:62:80:1B:6B:1F:FC:85
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5189C0F5C1CDA2492CA7D112E090F973E5F7D351
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS34989.roa
Signing time:             Tue 07 Apr 2026 10:14:19 +0000
ROA not before:           Tue 07 Apr 2026 10:09:19 +0000
ROA not after:            Tue 06 Apr 2027 10:14:19 +0000
asID:                     34989
IP address blocks:        141.11.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Apr 2026 15:54:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:89:c0:f5:c1:cd:a2:49:2c:a7:d1:12:e0:90:f9:73:e5:f7:d3:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr  7 10:09:19 2026 GMT
            Not After : Apr  6 10:14:19 2027 GMT
        Subject: CN=F510CAB6C5E3CE1465CB57CE8C62801B6B1FFC85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7a:b1:20:19:65:db:c5:16:06:3d:89:92:85:
                    54:fe:b2:73:88:96:2b:09:2a:3f:8c:93:94:b7:71:
                    f0:80:a9:ca:93:30:5c:98:d1:eb:67:12:cb:a5:66:
                    63:1b:41:6a:3e:50:3c:75:d8:3b:47:69:9a:33:aa:
                    36:d6:36:0e:b1:e7:2e:75:e6:02:21:21:50:27:24:
                    51:42:8d:07:2d:3c:85:15:6d:f5:cb:c9:81:77:35:
                    76:1b:77:1f:31:0d:00:3a:39:59:a8:ad:fb:c2:a7:
                    7c:49:27:92:bc:c1:70:e5:3b:b6:28:3b:73:89:ce:
                    7e:a9:58:f7:df:4e:58:d2:dd:62:d7:6f:26:29:9f:
                    00:f0:64:6d:eb:fa:3a:ac:c2:d3:62:d8:0d:b6:5a:
                    70:f9:3b:f5:39:01:75:15:1e:a4:b1:19:5c:7c:da:
                    ef:7b:d5:b8:b0:74:fe:f8:f3:2c:f0:a1:f4:57:a7:
                    1e:34:db:3d:0b:32:39:57:bb:f2:b7:85:73:71:ad:
                    7c:35:89:a5:12:9d:45:d3:54:d9:3a:13:5b:a9:d8:
                    19:60:70:23:c7:43:75:dd:e2:eb:aa:db:17:e2:db:
                    ab:36:69:d4:2e:9a:2a:c7:4e:1d:ab:ba:90:ee:86:
                    aa:9f:e6:e6:f1:42:d7:c0:e3:00:d7:25:60:e2:02:
                    7c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:10:CA:B6:C5:E3:CE:14:65:CB:57:CE:8C:62:80:1B:6B:1F:FC:85
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS34989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:2a:a5:f2:59:b9:3f:66:fd:a0:15:18:d6:2d:de:76:53:ea:
         3a:31:e8:f8:54:95:4f:7f:1e:2a:f0:12:ae:d4:42:87:88:93:
         36:3f:a9:04:81:32:83:be:2d:62:f9:c4:12:d7:8f:34:f2:08:
         d2:00:3e:69:09:0d:d1:25:ad:05:21:8a:fd:10:e6:dd:a8:f6:
         c9:c1:1d:92:00:ee:69:c7:e5:27:99:b5:98:95:08:b2:e2:bd:
         c5:09:0b:40:70:7e:db:e5:6c:a6:5f:ee:c7:c3:6e:9d:14:17:
         b5:25:f3:36:62:10:04:d5:01:57:e3:b1:62:67:51:7d:a5:b7:
         d2:96:12:ab:bd:8c:33:88:e5:ae:81:51:dc:fe:87:18:6d:19:
         de:89:59:98:b9:9d:6a:10:d8:18:d1:ea:00:dd:8a:db:ac:07:
         ec:de:b1:01:08:eb:4e:8a:a2:69:af:23:76:60:89:3f:96:56:
         f8:5b:52:4d:e6:4c:ca:b3:e0:0f:34:44:10:da:97:39:a0:73:
         55:47:19:84:13:1a:c1:7a:5b:10:bd:08:0e:8e:4d:4f:95:73:
         0f:0f:49:27:a0:c6:31:98:0c:10:85:4a:ad:f6:56:29:cb:aa:
         73:e8:55:48:9d:a1:90:53:bf:93:d6:e1:29:23:27:f2:6e:50:
         e6:87:82:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUYnA9cHNokksp9ES4JD5c+X301EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MDcxMDA5MTlaFw0yNzA0MDYxMDE0MTlaMDMxMTAvBgNV
BAMTKEY1MTBDQUI2QzVFM0NFMTQ2NUNCNTdDRThDNjI4MDFCNkIxRkZDODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQerEgGWXbxRYGPYmShVT+snOI
lisJKj+Mk5S3cfCAqcqTMFyY0etnEsulZmMbQWo+UDx12DtHaZozqjbWNg6x5y51
5gIhIVAnJFFCjQctPIUVbfXLyYF3NXYbdx8xDQA6OVmorfvCp3xJJ5K8wXDlO7Yo
O3OJzn6pWPffTljS3WLXbyYpnwDwZG3r+jqswtNi2A22WnD5O/U5AXUVHqSxGVx8
2u971biwdP748yzwofRXpx402z0LMjlXu/K3hXNxrXw1iaUSnUXTVNk6E1up2Blg
cCPHQ3Xd4uuq2xfi26s2adQumirHTh2rupDuhqqf5ubxQtfA4wDXJWDiAnwpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU9RDKtsXjzhRly1fOjGKAG2sf/IUwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzQ5ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNC7Yw
DQYJKoZIhvcNAQELBQADggEBALYqpfJZuT9m/aAVGNYt3nZT6jox6PhUlU9/Hirw
Eq7UQoeIkzY/qQSBMoO+LWL5xBLXjzTyCNIAPmkJDdElrQUhiv0Q5t2o9snBHZIA
7mnH5SeZtZiVCLLivcUJC0BwftvlbKZf7sfDbp0UF7Ul8zZiEATVAVfjsWJnUX2l
t9KWEqu9jDOI5a6BUdz+hxhtGd6JWZi5nWoQ2BjR6gDditusB+zesQEI606Kommv
I3ZgiT+WVvhbUk3mTMqz4A80RBDalzmgc1VHGYQTGsF6WxC9CA6OTU+Vcw8PSSeg
xjGYDBCFSq32VinLqnPoVUidoZBTv5PW4SkjJ/JuUOaHgv8=
-----END CERTIFICATE-----