Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38302e302f32342d3234203d3e203136323736.roa
File:                     34352e39352e38302e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          bUthEn8RkWDu+mbCn/i7I4QSRIrVa3Lzm/HSvFXUnxA=
Subject key identifier:   FC:25:77:1F:68:EB:CE:CE:01:FD:F6:42:CB:E1:00:CB:2C:18:7F:9B
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       0407D3BEB3E61F421A203F83823BB63915A86745
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38302e302f32342d3234203d3e203136323736.roa
Signing time:             Tue 28 Oct 2025 03:55:10 +0000
ROA not before:           Tue 28 Oct 2025 03:50:10 +0000
ROA not after:            Tue 27 Oct 2026 03:55:10 +0000
asID:                     16276
IP address blocks:        45.95.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:59:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:07:d3:be:b3:e6:1f:42:1a:20:3f:83:82:3b:b6:39:15:a8:67:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Oct 28 03:50:10 2025 GMT
            Not After : Oct 27 03:55:10 2026 GMT
        Subject: CN=FC25771F68EBCECE01FDF642CBE100CB2C187F9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c7:7c:37:69:b5:1e:ea:6d:2f:89:3c:b8:f3:
                    2b:f7:43:e2:ad:25:bc:41:30:c2:e5:3d:61:a6:22:
                    78:9d:52:9a:eb:af:c4:97:06:1a:4f:2c:f5:66:8f:
                    85:d7:05:91:2d:a7:7e:73:4e:f7:15:8d:9d:4b:c4:
                    3a:2a:97:97:3b:b5:3f:7e:9f:9f:c8:74:5a:8e:7b:
                    ac:65:3c:9e:85:49:b4:05:8a:43:a3:9e:d8:4e:73:
                    61:88:db:a8:d5:73:bd:53:54:c5:6c:d1:37:60:10:
                    67:66:c1:58:1e:fc:15:c2:7f:92:47:78:5c:3c:59:
                    da:e3:74:ff:41:68:a7:65:6a:27:20:4d:16:ea:1c:
                    9d:dc:48:50:9c:0d:fa:52:39:54:54:5b:56:a3:ba:
                    af:53:22:d0:a9:65:33:f0:ec:56:3d:9c:6c:e8:cb:
                    6a:a3:93:fc:93:69:81:81:e9:0c:7b:9e:61:ab:f5:
                    c3:5a:d7:1b:db:90:30:38:5a:b7:aa:09:83:68:d1:
                    8d:0a:73:e6:6f:61:bd:ba:77:60:99:9b:7a:74:f3:
                    6c:25:66:1b:5a:6e:a2:e1:b3:95:17:88:ef:dd:93:
                    68:14:de:c8:29:1b:5e:ea:1b:88:f1:b0:8f:71:37:
                    36:db:b3:35:78:15:42:18:d4:6a:5f:ba:78:22:c0:
                    79:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:25:77:1F:68:EB:CE:CE:01:FD:F6:42:CB:E1:00:CB:2C:18:7F:9B
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38302e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:6a:60:82:43:fe:bd:bc:ed:3d:74:04:0d:a5:a0:30:24:b1:
         02:59:27:f8:82:79:e2:87:96:47:b3:50:3d:25:1b:68:dc:e2:
         d5:81:fe:86:64:e5:d3:db:dc:2a:25:c0:40:cf:a9:b5:12:d9:
         d0:6a:8f:7e:ad:10:25:bb:50:04:2d:e1:e9:20:ff:5f:d6:e2:
         da:a7:8f:b6:53:ba:86:a3:3a:2d:97:52:ff:b9:76:b1:28:99:
         74:1a:2f:86:c1:1e:3b:82:37:36:76:f2:e4:a0:68:95:88:90:
         62:3a:bd:8a:af:b3:c5:0c:c9:51:42:d7:40:d9:03:cf:43:3d:
         84:ed:4d:54:f5:bd:f4:df:5c:2f:d3:a8:4d:bc:91:ef:7b:c9:
         a1:20:30:35:9a:2a:47:20:be:eb:51:11:67:29:69:8c:b8:d3:
         26:a0:a4:ad:ba:8a:b7:f5:53:d7:68:6b:e7:72:31:5a:fc:b3:
         a0:7a:e5:5e:61:d6:8f:c7:8b:e2:dd:2b:33:c2:0a:d1:6b:c8:
         63:b3:de:9a:02:1d:ef:65:f5:61:30:73:26:11:50:f1:58:cf:
         fe:cc:23:77:a6:f7:7e:d6:75:1a:19:7c:81:b6:05:43:f3:84:
         5d:32:d6:48:37:75:f7:35:57:f6:dc:28:50:da:57:0d:99:54:
         c5:c3:8e:59
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBAfTvrPmH0IaID+Dgju2ORWoZ0UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTEwMjgwMzUwMTBaFw0yNjEwMjcwMzU1MTBaMDMxMTAvBgNV
BAMTKEZDMjU3NzFGNjhFQkNFQ0UwMUZERjY0MkNCRTEwMENCMkMxODdGOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjx3w3abUe6m0viTy48yv3Q+Kt
JbxBMMLlPWGmInidUprrr8SXBhpPLPVmj4XXBZEtp35zTvcVjZ1LxDoql5c7tT9+
n5/IdFqOe6xlPJ6FSbQFikOjnthOc2GI26jVc71TVMVs0TdgEGdmwVge/BXCf5JH
eFw8WdrjdP9BaKdlaicgTRbqHJ3cSFCcDfpSOVRUW1ajuq9TItCpZTPw7FY9nGzo
y2qjk/yTaYGB6Qx7nmGr9cNa1xvbkDA4WreqCYNo0Y0Kc+ZvYb26d2CZm3p082wl
ZhtabqLhs5UXiO/dk2gU3sgpG17qG4jxsI9xNzbbszV4FUIY1GpfungiwHkVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU/CV3H2jrzs4B/fZCy+EAyywYf5swHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzYzMjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtX1Aw
DQYJKoZIhvcNAQELBQADggEBAJZqYIJD/r287T10BA2loDAksQJZJ/iCeeKHlkez
UD0lG2jc4tWB/oZk5dPb3ColwEDPqbUS2dBqj36tECW7UAQt4ekg/1/W4tqnj7ZT
uoajOi2XUv+5drEomXQaL4bBHjuCNzZ28uSgaJWIkGI6vYqvs8UMyVFC10DZA89D
PYTtTVT1vfTfXC/TqE28ke97yaEgMDWaKkcgvutREWcpaYy40yagpK26irf1U9do
a+dyMVr8s6B65V5h1o/Hi+LdKzPCCtFryGOz3poCHe9l9WEwcyYRUPFYz/7MI3em
937WdRoZfIG2BUPzhF0y1kg3dfc1V/bcKFDaVw2ZVMXDjlk=
-----END CERTIFICATE-----