Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS329532.roa
File:                     AS329532.roa (raw, json)
Hash identifier:          JwFzOWnvYpVtKke/RE602Z2BnIIeqMdk4aLsYXHbKkM=
Subject key identifier:   53:52:3D:E3:38:5D:46:65:AF:33:60:95:77:76:13:F3:7A:EA:43:5C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       018EA44CA1C1A406DCCC27F22D1E0BBB4C3E04AF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS329532.roa
Signing time:             Wed 29 Oct 2025 03:42:59 +0000
ROA not before:           Wed 29 Oct 2025 03:37:59 +0000
ROA not after:            Wed 28 Oct 2026 03:42:59 +0000
asID:                     329532
IP address blocks:        2a0f:85c1:c00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:4c:a1:c1:a4:06:dc:cc:27:f2:2d:1e:0b:bb:4c:3e:04:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 29 03:37:59 2025 GMT
            Not After : Oct 28 03:42:59 2026 GMT
        Subject: CN=53523DE3385D4665AF336095777613F37AEA435C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b0:57:47:cc:6d:4a:9a:d4:75:4c:4a:d6:b8:
                    bb:65:65:29:a2:35:c3:31:4a:f6:fa:6d:d3:e1:b8:
                    c9:f8:ae:6b:d5:53:73:dc:25:1a:d2:3d:75:9f:e0:
                    1b:ee:88:9f:db:4f:ac:df:ee:38:d9:d0:40:44:98:
                    50:dc:74:74:58:eb:7b:50:cd:dc:0a:e5:92:ab:15:
                    99:5a:4a:ad:5b:ca:51:a3:5d:70:ce:c1:24:1c:40:
                    a2:9d:35:d1:2f:87:ef:ae:52:c1:c1:7c:01:f6:53:
                    09:27:f7:ec:28:47:07:ce:99:04:ec:2e:4d:02:7a:
                    cf:54:5f:20:02:0a:34:8b:d5:90:fc:71:f1:e2:87:
                    a2:70:01:32:59:14:52:1d:96:b3:09:c6:61:ff:8b:
                    9e:60:a6:00:12:f9:c3:5f:db:1d:3d:ea:9a:7c:5e:
                    a4:ad:c5:23:ac:47:65:36:2e:f2:19:05:7f:1f:ea:
                    78:9c:e5:16:21:fa:b7:fe:b2:bd:11:e6:40:16:23:
                    fa:04:60:19:85:ec:f7:5d:33:5a:67:f6:57:78:64:
                    89:98:17:d2:3e:04:af:7c:be:5b:65:6e:a5:73:de:
                    86:07:26:d9:af:77:1d:fd:05:f2:c6:31:ed:28:28:
                    63:6f:b8:04:4e:b2:b1:28:92:db:02:83:d2:44:c4:
                    8f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:52:3D:E3:38:5D:46:65:AF:33:60:95:77:76:13:F3:7A:EA:43:5C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS329532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:cf:2f:73:5c:77:68:bd:93:6e:f0:78:1b:fc:f0:9c:9e:80:
         7b:b1:49:ad:56:1c:12:72:d4:27:ec:80:2f:84:2f:2e:8c:0c:
         27:df:86:59:2e:cd:d7:51:ea:4c:6b:f9:cd:30:7b:14:89:3c:
         fa:65:28:45:80:f9:f6:f0:30:b5:0d:69:a5:f1:b0:65:9f:84:
         90:e2:cd:ec:34:89:c8:52:6c:b5:91:fd:f4:6b:41:90:36:bb:
         e9:fb:0c:cc:af:3d:28:d5:39:24:a5:ae:9b:98:76:54:eb:8c:
         f0:ac:67:ec:ea:7f:ec:0e:4d:76:bf:ed:4c:47:7e:c3:fd:44:
         e9:49:4b:4e:48:67:20:ea:8d:34:35:03:7c:23:1a:c7:99:4b:
         0b:7b:21:f8:92:a0:89:89:ef:2e:f9:3f:06:d5:7e:c5:85:5b:
         60:f7:83:c3:7e:96:89:2c:2c:2b:fd:e9:71:9f:be:b9:17:f4:
         3d:4d:b9:43:4e:2b:a0:81:7e:cb:f1:9e:c8:e5:7d:5d:6a:fe:
         d7:a7:07:e6:9e:fc:da:8f:60:39:75:d4:3f:5c:9c:fd:f7:8c:
         6c:db:98:a7:4a:11:73:82:71:d4:9f:0d:f9:97:95:64:a5:18:
         da:c9:da:0d:6a:6d:c7:57:51:39:0b:53:a7:a0:e6:19:53:d1:
         a6:08:82:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUAY6kTKHBpAbczCfyLR4Lu0w+BK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMjkwMzM3NTlaFw0yNjEwMjgwMzQyNTlaMDMxMTAvBgNV
BAMTKDUzNTIzREUzMzg1RDQ2NjVBRjMzNjA5NTc3NzYxM0YzN0FFQTQzNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtsFdHzG1KmtR1TErWuLtlZSmi
NcMxSvb6bdPhuMn4rmvVU3PcJRrSPXWf4BvuiJ/bT6zf7jjZ0EBEmFDcdHRY63tQ
zdwK5ZKrFZlaSq1bylGjXXDOwSQcQKKdNdEvh++uUsHBfAH2Uwkn9+woRwfOmQTs
Lk0Ces9UXyACCjSL1ZD8cfHih6JwATJZFFIdlrMJxmH/i55gpgAS+cNf2x096pp8
XqStxSOsR2U2LvIZBX8f6nic5RYh+rf+sr0R5kAWI/oEYBmF7PddM1pn9ld4ZImY
F9I+BK98vltlbqVz3oYHJtmvdx39BfLGMe0oKGNvuAROsrEoktsCg9JExI+7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUU1I94zhdRmWvM2CVd3YT83rqQ1wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzI5NTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQwAMA0GCSqGSIb3DQEBCwUAA4IBAQBxzy9zXHdovZNu8Hgb/PCcnoB7sUmtVhwS
ctQn7IAvhC8ujAwn34ZZLs3XUepMa/nNMHsUiTz6ZShFgPn28DC1DWml8bBln4SQ
4s3sNInIUmy1kf30a0GQNrvp+wzMrz0o1Tkkpa6bmHZU64zwrGfs6n/sDk12v+1M
R37D/UTpSUtOSGcg6o00NQN8IxrHmUsLeyH4kqCJie8u+T8G1X7FhVtg94PDfpaJ
LCwr/elxn765F/Q9TblDTiuggX7L8Z7I5X1dav7Xpwfmnvzaj2A5ddQ/XJz994xs
25inShFzgnHUnw35l5VkpRjaydoNam3HV1E5C1OnoOYZU9GmCILw
-----END CERTIFICATE-----