Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2038303735.roa
File:                     3231322e3130332e34352e302f32342d3234203d3e2038303735.roa (raw, json)
Hash identifier:          /wobizd/N69i3RHzZlBg6v322Hg73ZMnV8Mlgts8jew=
Subject key identifier:   07:E2:29:26:42:CD:BC:E6:35:C1:0C:17:A5:B9:22:EA:0D:05:36:7B
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       47CDAD2964897A3393A29EF5E72408057F186475
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2038303735.roa
Signing time:             Wed 29 Oct 2025 12:55:10 +0000
ROA not before:           Wed 29 Oct 2025 12:50:10 +0000
ROA not after:            Wed 28 Oct 2026 12:55:10 +0000
asID:                     8075
IP address blocks:        212.103.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:cd:ad:29:64:89:7a:33:93:a2:9e:f5:e7:24:08:05:7f:18:64:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Oct 29 12:50:10 2025 GMT
            Not After : Oct 28 12:55:10 2026 GMT
        Subject: CN=07E2292642CDBCE635C10C17A5B922EA0D05367B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:78:e2:d5:b0:93:ed:8c:1b:9d:7f:a9:75:ea:
                    54:89:3d:a8:5b:9e:c5:5d:82:77:5c:79:e9:a5:a0:
                    a8:b6:f8:01:f0:61:7e:58:b4:4c:13:68:a4:6c:7c:
                    11:1e:87:cb:6b:8b:c7:66:45:fe:cb:e6:90:21:33:
                    89:6e:fe:3f:2f:f8:c6:7e:38:b0:ad:d8:5d:7b:30:
                    07:49:05:0f:2e:3a:41:5b:83:a5:8f:4c:c3:ab:1c:
                    d7:47:58:67:a2:6d:da:c7:98:7d:3f:70:74:5b:8d:
                    99:66:92:4b:51:57:09:1b:55:02:33:56:8e:11:ec:
                    6a:86:5c:62:54:78:74:63:4b:0b:00:e6:58:a3:33:
                    40:28:6c:e4:8a:9b:4f:0c:07:9f:3c:c4:47:d6:06:
                    5b:a9:1a:c3:f5:96:03:ae:a2:40:d1:9e:0e:5c:67:
                    83:87:19:14:22:b4:b4:df:48:14:67:51:0a:c4:8c:
                    e9:e8:11:4c:64:b1:ca:c5:15:97:af:14:53:38:83:
                    2a:b3:c5:d6:be:26:ed:fd:86:ca:c4:d1:19:e7:55:
                    19:00:0e:cd:bd:78:5b:d6:76:c3:50:ba:a2:17:16:
                    b7:ad:be:34:fd:49:4f:9f:77:95:13:29:71:f9:f1:
                    bb:d8:c4:4c:ad:34:84:aa:9d:02:f5:59:b3:39:06:
                    05:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E2:29:26:42:CD:BC:E6:35:C1:0C:17:A5:B9:22:EA:0D:05:36:7B
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3231322e3130332e34352e302f32342d3234203d3e2038303735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.103.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:c6:fd:e2:bd:ca:bc:6f:d4:22:f7:95:76:36:39:fa:39:4d:
         99:3a:04:5a:e7:0b:78:08:2d:b7:7b:b5:1c:89:6c:ec:c3:04:
         ff:31:7e:60:e0:e8:ab:73:59:56:1e:78:8d:d7:47:b0:77:23:
         4f:be:36:73:8c:74:6e:13:81:4d:9c:39:a4:cc:c6:8f:35:6d:
         33:58:c5:5b:d1:26:b2:e6:37:5b:0e:08:f3:2b:19:5c:42:a7:
         b1:7b:ff:47:14:d8:cc:e3:49:1c:7d:fa:a8:68:5b:13:05:6f:
         28:5a:db:1e:f1:e5:1e:5a:25:1a:83:81:4a:77:4c:21:ce:88:
         c4:06:89:e3:0f:97:14:ac:7d:0b:19:3d:92:a2:c1:6f:72:b6:
         00:07:ab:0f:b1:59:f9:d8:4f:0b:3c:94:fb:c5:03:39:17:da:
         e7:0c:3d:66:77:b6:96:51:62:0a:51:40:cf:95:5d:b6:9f:c3:
         16:19:e5:08:f7:3d:54:53:be:07:de:4b:6d:d8:eb:a1:de:a6:
         a9:df:6c:87:44:07:14:f1:f5:ee:0e:57:1f:60:a4:f8:cb:14:
         09:0b:24:70:1a:59:b9:2e:5d:88:c6:f9:93:96:6f:23:18:35:
         32:dc:08:b1:55:be:3f:76:da:3a:71:14:db:f9:d8:db:00:d8:
         bb:10:c7:ed
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUR82tKWSJejOTop715yQIBX8YZHUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTEwMjkxMjUwMTBaFw0yNjEwMjgxMjU1MTBaMDMxMTAvBgNV
BAMTKDA3RTIyOTI2NDJDREJDRTYzNUMxMEMxN0E1QjkyMkVBMEQwNTM2N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOeOLVsJPtjBudf6l16lSJPahb
nsVdgndceemloKi2+AHwYX5YtEwTaKRsfBEeh8tri8dmRf7L5pAhM4lu/j8v+MZ+
OLCt2F17MAdJBQ8uOkFbg6WPTMOrHNdHWGeibdrHmH0/cHRbjZlmkktRVwkbVQIz
Vo4R7GqGXGJUeHRjSwsA5lijM0AobOSKm08MB588xEfWBlupGsP1lgOuokDRng5c
Z4OHGRQitLTfSBRnUQrEjOnoEUxkscrFFZevFFM4gyqzxda+Ju39hsrE0RnnVRkA
Ds29eFvWdsNQuqIXFretvjT9SU+fd5UTKXH58bvYxEytNISqnQL1WbM5BgVnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUB+IpJkLNvOY1wQwXpbki6g0FNnswHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzIzMTMyMmUzMTMwMzMyZTM0
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMwMzczNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRn
LTANBgkqhkiG9w0BAQsFAAOCAQEABcb94r3KvG/UIveVdjY5+jlNmToEWucLeAgt
t3u1HIls7MME/zF+YODoq3NZVh54jddHsHcjT742c4x0bhOBTZw5pMzGjzVtM1jF
W9EmsuY3Ww4I8ysZXEKnsXv/RxTYzONJHH36qGhbEwVvKFrbHvHlHlolGoOBSndM
Ic6IxAaJ4w+XFKx9Cxk9kqLBb3K2AAerD7FZ+dhPCzyU+8UDORfa5ww9Zne2llFi
ClFAz5Vdtp/DFhnlCPc9VFO+B95Lbdjrod6mqd9sh0QHFPH17g5XH2Ck+MsUCQsk
cBpZuS5diMb5k5ZvIxg1MtwIsVW+P3baOnEU2/nY2wDYuxDH7Q==
-----END CERTIFICATE-----