Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38352e302f32342d3234203d3e203130313033.roa
File:                     34332e3233302e38352e302f32342d3234203d3e203130313033.roa (raw, json)
Hash identifier:          MmHSTXe2GqgxUeGm5BTVgTg5bO+oZYaF1qr1Hjlq53Q=
Subject key identifier:   75:F7:5B:C3:D2:F1:CB:97:0C:AC:38:FA:F7:69:75:6A:DA:28:45:C1
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       4229EBB8A758EE06DA45771887655A7691EC6C9C
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38352e302f32342d3234203d3e203130313033.roa
Signing time:             Tue 14 Jan 2025 17:52:56 +0000
ROA not before:           Tue 14 Jan 2025 17:47:56 +0000
ROA not after:            Tue 13 Jan 2026 17:52:56 +0000
asID:                     10103
IP address blocks:        43.230.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:29:eb:b8:a7:58:ee:06:da:45:77:18:87:65:5a:76:91:ec:6c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Jan 14 17:47:56 2025 GMT
            Not After : Jan 13 17:52:56 2026 GMT
        Subject: CN=75F75BC3D2F1CB970CAC38FAF769756ADA2845C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:da:84:a6:09:91:c5:a6:b9:54:f4:ce:d8:78:
                    be:43:a9:5a:fc:1f:d1:52:ba:3c:59:8b:53:35:05:
                    09:15:46:95:80:87:93:a7:45:c9:05:e2:28:59:e8:
                    9f:a6:fa:c2:7f:72:48:36:91:44:d8:73:33:55:5e:
                    54:e2:0a:43:4f:d4:f6:92:71:b8:25:c9:10:44:86:
                    bd:32:05:d1:31:2e:52:21:f4:cc:08:de:0e:a2:41:
                    04:d7:e2:fb:0e:5e:0c:11:31:d2:91:a4:30:dc:6e:
                    6d:88:bd:92:26:86:9c:a0:b3:0c:41:25:be:93:22:
                    a4:fb:01:33:b5:37:14:27:d0:e4:f2:da:4c:90:33:
                    ae:98:5f:a0:2c:b1:94:a5:1e:0b:22:dc:ee:00:1d:
                    40:ca:d9:4d:7f:24:00:b7:03:23:42:e5:2d:77:35:
                    05:d3:1c:f9:2f:d1:2c:48:4f:40:c8:94:51:fb:c2:
                    90:8e:9a:c4:38:79:66:23:19:38:45:42:bd:a5:c4:
                    58:af:89:3f:86:1d:ad:5d:37:ec:64:49:79:50:2e:
                    ac:d2:89:55:29:f9:c2:46:25:e2:d8:bf:9b:36:73:
                    6a:98:0a:4f:65:cd:38:f0:46:1b:22:eb:49:2c:f7:
                    7a:66:27:1a:bf:5d:71:1a:62:b7:ca:6c:23:fb:d8:
                    3d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F7:5B:C3:D2:F1:CB:97:0C:AC:38:FA:F7:69:75:6A:DA:28:45:C1
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38352e302f32342d3234203d3e203130313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:7b:b0:9e:83:2b:05:a2:5b:6c:1c:bf:16:ca:b0:3a:6a:1c:
         fd:58:48:39:e0:11:16:87:f5:d2:1e:4f:91:d2:5c:c9:9b:66:
         2b:16:44:b2:82:c1:4b:cf:e6:c7:8b:0e:32:12:c6:02:bc:97:
         ed:f3:03:ad:e0:ab:06:e4:a4:00:b5:9f:25:4f:28:13:08:75:
         81:f3:35:ae:c8:ee:f9:96:d2:23:e5:3f:e3:8e:17:4d:86:72:
         77:a0:26:e9:f9:6d:55:99:1a:e4:94:89:53:fc:a5:64:2b:95:
         e3:72:9b:28:4b:2d:aa:40:4f:eb:b8:a8:7d:21:73:54:bb:0d:
         35:38:a0:bf:80:71:83:4f:83:9f:eb:4a:04:f8:d5:71:08:1e:
         69:61:fc:56:7e:fd:f8:bb:d8:5e:de:22:7a:7e:84:7c:d6:ac:
         64:59:2a:42:d9:89:e5:9c:98:c3:a5:cb:11:49:92:fb:6d:74:
         19:7d:01:ed:c2:c9:40:03:8c:10:03:7f:9a:7f:ed:cb:bf:e3:
         b3:55:3f:d5:6f:4e:49:90:4e:59:75:43:6e:6d:9d:af:0e:53:
         f8:76:7a:5f:43:5e:50:34:18:df:15:52:3d:10:2f:e6:ff:7e:
         2d:13:22:3f:0c:1a:a0:e5:a6:88:0e:29:dc:24:ba:9a:5d:1c:
         10:a7:34:1f
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQinruKdY7gbaRXcYh2VadpHsbJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTAxMTQxNzQ3NTZaFw0yNjAxMTMxNzUyNTZaMDMxMTAvBgNV
BAMTKDc1Rjc1QkMzRDJGMUNCOTcwQ0FDMzhGQUY3Njk3NTZBREEyODQ1QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCO2oSmCZHFprlU9M7YeL5DqVr8
H9FSujxZi1M1BQkVRpWAh5OnRckF4ihZ6J+m+sJ/ckg2kUTYczNVXlTiCkNP1PaS
cbglyRBEhr0yBdExLlIh9MwI3g6iQQTX4vsOXgwRMdKRpDDcbm2IvZImhpygswxB
Jb6TIqT7ATO1NxQn0OTy2kyQM66YX6AssZSlHgsi3O4AHUDK2U1/JAC3AyNC5S13
NQXTHPkv0SxIT0DIlFH7wpCOmsQ4eWYjGThFQr2lxFiviT+GHa1dN+xkSXlQLqzS
iVUp+cJGJeLYv5s2c2qYCk9lzTjwRhsi60ks93pmJxq/XXEaYrfKbCP72D1PAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdfdbw9Lxy5cMrDj692l1atooRcEwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzMDMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvm
VTANBgkqhkiG9w0BAQsFAAOCAQEANHuwnoMrBaJbbBy/FsqwOmoc/VhIOeARFof1
0h5PkdJcyZtmKxZEsoLBS8/mx4sOMhLGAryX7fMDreCrBuSkALWfJU8oEwh1gfM1
rsju+ZbSI+U/444XTYZyd6Am6fltVZka5JSJU/ylZCuV43KbKEstqkBP67iofSFz
VLsNNTigv4Bxg0+Dn+tKBPjVcQgeaWH8Vn79+LvYXt4ien6EfNasZFkqQtmJ5ZyY
w6XLEUmS+210GX0B7cLJQAOMEAN/mn/ty7/js1U/1W9OSZBOWXVDbm2drw5T+HZ6
X0NeUDQY3xVSPRAv5v9+LRMiPwwaoOWmiA4p3CS6ml0cEKc0Hw==
-----END CERTIFICATE-----