Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS34989.roa
File:                     AS34989.roa (raw, json)
Hash identifier:          4agUXFqRpA8GMslRb/lGS7pxTLford7KMIODiJWZXBQ=
Subject key identifier:   BC:07:2C:88:08:B8:73:07:21:4A:51:8A:7A:92:1B:C0:7C:57:34:F6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       644C24FFE091361AB3B449380BD374A23C08E093
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS34989.roa
Signing time:             Thu 25 Jun 2026 17:50:34 +0000
ROA not before:           Thu 25 Jun 2026 17:45:34 +0000
ROA not after:            Thu 24 Jun 2027 17:50:34 +0000
asID:                     34989
IP address blocks:        141.11.37.0/24 maxlen: 24
                          141.11.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Jul 2026 13:45:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:4c:24:ff:e0:91:36:1a:b3:b4:49:38:0b:d3:74:a2:3c:08:e0:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 25 17:45:34 2026 GMT
            Not After : Jun 24 17:50:34 2027 GMT
        Subject: CN=BC072C8808B87307214A518A7A921BC07C5734F6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:19:99:f3:ea:2d:fd:8f:24:21:a8:9c:b6:5b:
                    bf:75:ac:66:53:71:5a:cd:0d:68:c8:f0:12:8e:b9:
                    3e:1e:f8:f6:d8:4a:6c:48:0a:57:2e:e3:2d:47:6a:
                    3e:4a:c7:55:36:82:30:bf:8e:7c:05:b4:f2:62:a1:
                    cc:36:35:33:f4:60:5b:37:b0:5f:47:86:2e:5d:0d:
                    a0:74:94:27:ea:27:2f:9e:64:9f:c7:c6:10:c9:c4:
                    fd:0b:ef:3c:6c:b3:18:72:00:b5:a3:39:d9:8b:91:
                    38:a8:dd:05:7b:e5:13:cb:98:06:d8:1c:b6:38:af:
                    9b:e5:83:8d:a5:24:da:ec:67:8b:15:db:7b:bf:27:
                    80:a3:86:b8:b4:e1:70:f0:76:96:0a:8e:ab:2b:e6:
                    5f:38:87:51:4c:3d:36:1b:d6:f0:85:b8:77:5b:21:
                    a1:6a:9e:1b:c7:88:d5:a0:52:a3:3d:ea:71:b3:93:
                    78:f2:a6:e3:8d:44:a8:ec:9d:50:df:6e:84:f6:f0:
                    57:16:cd:12:1c:59:d6:1c:02:35:c2:a4:0f:0f:08:
                    97:de:43:ac:37:ce:33:ae:9c:9e:5b:d4:04:bc:87:
                    38:e6:f7:84:7f:48:5f:5f:96:f1:93:dd:1b:c2:4d:
                    aa:86:67:2a:2c:95:f0:ec:f9:6a:60:ae:f2:1b:07:
                    b1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:07:2C:88:08:B8:73:07:21:4A:51:8A:7A:92:1B:C0:7C:57:34:F6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS34989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.37.0/24
                  141.11.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:18:df:55:b7:cc:d0:43:a7:16:52:fa:be:26:b2:b9:00:97:
         06:e5:ec:71:90:5a:97:a3:20:77:db:5f:5d:20:a9:d0:ee:61:
         a9:57:07:22:60:bb:66:75:0b:43:75:6d:ef:87:25:c7:b2:4d:
         77:52:0a:08:b9:75:77:43:78:52:a6:eb:e4:b9:f7:21:57:2e:
         a9:b2:f8:f4:dc:83:6f:7c:6a:f9:b2:fb:7b:77:50:d9:70:81:
         19:b0:5a:12:dd:b0:91:82:84:d7:02:3b:79:02:d3:8b:a2:e3:
         7c:57:c5:db:ee:8d:7b:59:1c:df:53:4c:ef:e8:0d:4b:58:cf:
         87:ff:90:f9:ed:3b:84:14:33:30:14:ff:40:8a:2a:25:37:d6:
         aa:23:b2:4d:b4:37:13:a0:9a:1a:00:2d:1e:4c:15:1b:e5:95:
         e5:4a:05:4a:9f:3c:b5:bc:e5:eb:f0:09:4f:c5:4d:78:2d:3e:
         0e:2b:7a:ce:be:c6:e8:cf:74:39:05:47:91:4d:32:6c:0f:ff:
         be:d8:fc:84:8a:8f:fe:e7:b1:85:ba:7a:f0:ef:98:c3:d4:28:
         8d:6e:a3:8c:f1:46:13:64:9c:52:16:c6:c3:20:e9:00:51:ca:
         2b:c4:b3:37:bc:24:a3:f3:c3:7e:b7:29:94:7c:b9:d2:5d:d7:
         36:ab:e0:83
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZEwk/+CRNhqztEk4C9N0ojwI4JMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MjUxNzQ1MzRaFw0yNzA2MjQxNzUwMzRaMDMxMTAvBgNV
BAMTKEJDMDcyQzg4MDhCODczMDcyMTRBNTE4QTdBOTIxQkMwN0M1NzM0RjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiGZnz6i39jyQhqJy2W791rGZT
cVrNDWjI8BKOuT4e+PbYSmxIClcu4y1Haj5Kx1U2gjC/jnwFtPJiocw2NTP0YFs3
sF9Hhi5dDaB0lCfqJy+eZJ/HxhDJxP0L7zxssxhyALWjOdmLkTio3QV75RPLmAbY
HLY4r5vlg42lJNrsZ4sV23u/J4Cjhri04XDwdpYKjqsr5l84h1FMPTYb1vCFuHdb
IaFqnhvHiNWgUqM96nGzk3jypuONRKjsnVDfboT28FcWzRIcWdYcAjXCpA8PCJfe
Q6w3zjOunJ5b1AS8hzjm94R/SF9flvGT3RvCTaqGZyoslfDs+WpgrvIbB7HnAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUvAcsiAi4cwchSlGKepIbwHxXNPYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzQ5ODkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNCyUD
BACNC2AwDQYJKoZIhvcNAQELBQADggEBAGYY31W3zNBDpxZS+r4msrkAlwbl7HGQ
WpejIHfbX10gqdDuYalXByJgu2Z1C0N1be+HJceyTXdSCgi5dXdDeFKm6+S59yFX
Lqmy+PTcg298avmy+3t3UNlwgRmwWhLdsJGChNcCO3kC04ui43xXxdvujXtZHN9T
TO/oDUtYz4f/kPntO4QUMzAU/0CKKiU31qojsk20NxOgmhoALR5MFRvlleVKBUqf
PLW85evwCU/FTXgtPg4res6+xujPdDkFR5FNMmwP/77Y/ISKj/7nsYW6evDvmMPU
KI1uo4zxRhNknFIWxsMg6QBRyivEsze8JKPzw363KZR8udJd1zar4IM=
-----END CERTIFICATE-----
Generated at Wed Jul 8 21:02:54 2026 by rpki-client