Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38312e302f32342d3234203d3e20383334.roa
File:                     34352e39352e38312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CfCdj5k+Lj5zHQCoFXqC9dWCvLUmgOEX9Bq56Zw8pDc=
Subject key identifier:   8C:2D:18:5D:57:C9:B4:90:3E:65:62:76:5E:E7:6C:36:CD:AE:B0:B5
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       55A9AA2984EBD29625BF8718F4CBCDF56EAEFDBD
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38312e302f32342d3234203d3e20383334.roa
Signing time:             Mon 04 Aug 2025 00:00:39 +0000
ROA not before:           Sun 03 Aug 2025 23:55:39 +0000
ROA not after:            Mon 03 Aug 2026 00:00:39 +0000
asID:                     834
IP address blocks:        45.95.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:a9:aa:29:84:eb:d2:96:25:bf:87:18:f4:cb:cd:f5:6e:ae:fd:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Aug  3 23:55:39 2025 GMT
            Not After : Aug  3 00:00:39 2026 GMT
        Subject: CN=8C2D185D57C9B4903E6562765EE76C36CDAEB0B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:73:e1:5d:e2:98:fc:6b:5b:47:69:9c:a7:
                    c5:92:03:70:b0:73:0d:fc:54:30:5e:c1:43:dd:81:
                    e0:5d:1a:2e:ce:fb:d4:6a:82:22:b0:dc:9c:06:16:
                    a6:8f:8b:5a:d5:3e:18:c2:32:c2:86:4f:c1:47:19:
                    bf:06:d3:a8:53:b9:93:87:73:db:32:4b:d6:36:ec:
                    08:ce:12:77:5c:b3:72:44:c6:bd:6c:9f:d7:b9:e2:
                    6d:82:8b:78:8e:1b:f3:4e:a7:e4:19:8c:65:c2:a8:
                    1c:1a:9d:a5:a5:91:8c:41:00:7e:1d:5d:96:d7:9b:
                    d0:57:4a:e1:80:1d:ce:26:90:d7:ae:54:9e:e6:6f:
                    5e:d9:7d:00:80:4b:30:6f:20:98:42:72:ae:8f:4b:
                    9b:19:fa:ac:95:ac:05:59:c3:24:65:3a:c1:d7:89:
                    9e:85:40:08:4a:54:31:bc:34:be:b2:4d:59:85:f6:
                    6e:f4:7d:6c:e0:ed:52:19:29:14:ef:a8:32:6f:23:
                    e7:3f:78:0e:26:36:5f:bb:69:49:07:3c:05:7c:9b:
                    70:ba:03:cf:10:27:fd:d7:31:3f:42:fb:61:26:6c:
                    76:9f:38:f4:b8:36:03:06:20:2e:da:81:e0:eb:4a:
                    d9:4f:0a:5c:63:19:de:70:b3:41:c8:bf:07:95:e6:
                    7d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:2D:18:5D:57:C9:B4:90:3E:65:62:76:5E:E7:6C:36:CD:AE:B0:B5
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/34352e39352e38312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:59:d8:af:62:ac:fd:d9:ec:4d:a1:e2:a1:18:db:a1:bb:88:
         02:9b:99:0e:4e:44:a1:8e:3e:30:17:59:cf:09:cc:07:3b:70:
         5f:a1:17:b5:2b:5c:35:55:91:ce:90:ec:32:7e:e0:a3:b7:e3:
         62:b8:2a:c8:19:c7:4e:af:b0:79:d4:d6:d3:23:75:35:1b:a1:
         23:00:4d:62:10:4c:3f:46:34:cf:03:eb:d7:06:44:00:17:63:
         05:33:23:94:f0:cb:54:61:32:47:b0:b4:b4:9f:9d:b9:06:ed:
         ed:77:d8:fd:58:24:22:9a:f3:14:02:b6:52:93:4f:20:a8:38:
         99:61:1b:10:b4:c7:a4:a7:d2:f7:04:57:54:34:80:eb:0f:47:
         68:06:59:b4:97:10:70:9e:e6:5a:fb:b0:fa:52:47:ce:4f:48:
         10:01:19:65:a6:78:b6:de:b6:e7:1a:ed:3e:3d:8e:4d:52:27:
         d4:72:35:84:9c:f6:f0:c7:99:49:08:ce:7a:3b:0c:6a:86:45:
         dd:94:4d:3e:27:5b:1c:7a:e6:c0:bb:42:af:fd:9d:21:43:53:
         f3:1b:25:b0:fe:42:e9:31:e5:e1:ad:0a:8e:35:ee:bd:80:2a:
         c5:6e:2f:08:9a:f3:aa:51:ef:30:b9:14:ff:25:8d:c1:94:88:
         16:b0:12:8a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUVamqKYTr0pYlv4cY9MvN9W6u/b0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTA4MDMyMzU1MzlaFw0yNjA4MDMwMDAwMzlaMDMxMTAvBgNV
BAMTKDhDMkQxODVENTdDOUI0OTAzRTY1NjI3NjVFRTc2QzM2Q0RBRUIwQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycXPhXeKY/GtbR2mcp8WSA3Cw
cw38VDBewUPdgeBdGi7O+9RqgiKw3JwGFqaPi1rVPhjCMsKGT8FHGb8G06hTuZOH
c9syS9Y27AjOEndcs3JExr1sn9e54m2Ci3iOG/NOp+QZjGXCqBwanaWlkYxBAH4d
XZbXm9BXSuGAHc4mkNeuVJ7mb17ZfQCASzBvIJhCcq6PS5sZ+qyVrAVZwyRlOsHX
iZ6FQAhKVDG8NL6yTVmF9m70fWzg7VIZKRTvqDJvI+c/eA4mNl+7aUkHPAV8m3C6
A88QJ/3XMT9C+2EmbHafOPS4NgMGIC7ageDrStlPClxjGd5ws0HIvweV5n2nAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUjC0YXVfJtJA+ZWJ2XudsNs2usLUwHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzQzNTJlMzkzNTJlMzgzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1fUTANBgkq
hkiG9w0BAQsFAAOCAQEAAlnYr2Ks/dnsTaHioRjbobuIApuZDk5EoY4+MBdZzwnM
BztwX6EXtStcNVWRzpDsMn7go7fjYrgqyBnHTq+wedTW0yN1NRuhIwBNYhBMP0Y0
zwPr1wZEABdjBTMjlPDLVGEyR7C0tJ+duQbt7XfY/VgkIprzFAK2UpNPIKg4mWEb
ELTHpKfS9wRXVDSA6w9HaAZZtJcQcJ7mWvuw+lJHzk9IEAEZZaZ4tt625xrtPj2O
TVIn1HI1hJz28MeZSQjOejsMaoZF3ZRNPidbHHrmwLtCr/2dIUNT8xslsP5C6THl
4a0KjjXuvYAqxW4vCJrzqlHvMLkU/yWNwZSIFrASig==
-----END CERTIFICATE-----