Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31322e302f32332d3234203d3e20383334.roa
File:                     34352e3132382e31322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          eLJWCWbxEQgDeE1wotxgC/UVUKhDY5SIchlsKqSoar0=
Subject key identifier:   FD:B2:F9:26:87:96:9A:A4:1E:4C:9A:2B:9D:06:A8:33:19:6F:6D:8C
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       0C71B397E52F3849DEDA97A1FFBEFE9E13E4AC7A
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31322e302f32332d3234203d3e20383334.roa
Signing time:             Fri 01 Aug 2025 00:54:13 +0000
ROA not before:           Fri 01 Aug 2025 00:49:13 +0000
ROA not after:            Fri 31 Jul 2026 00:54:13 +0000
asID:                     834
IP address blocks:        45.128.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 02:33:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:71:b3:97:e5:2f:38:49:de:da:97:a1:ff:be:fe:9e:13:e4:ac:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Aug  1 00:49:13 2025 GMT
            Not After : Jul 31 00:54:13 2026 GMT
        Subject: CN=FDB2F92687969AA41E4C9A2B9D06A833196F6D8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cb:22:5a:6a:37:6e:da:20:ad:e9:61:41:50:
                    a4:ea:0f:c5:4c:eb:2e:df:c0:0e:5b:e4:81:ef:ef:
                    14:62:79:9b:2d:4b:5a:15:b8:e5:7b:e6:bc:7d:9c:
                    46:4a:b1:e6:6c:80:21:07:41:82:10:72:52:91:d4:
                    5c:f3:f7:ee:09:c9:64:86:af:7a:02:2a:3e:9e:19:
                    61:3d:0c:e8:3d:1d:d0:e4:60:3b:a6:88:3a:81:7a:
                    23:05:c2:5a:cc:48:a1:08:01:9f:06:8a:4e:c2:c5:
                    d2:f5:eb:5f:78:73:90:65:ba:8c:35:6b:b1:5a:59:
                    d7:c9:e5:19:f0:fe:e5:00:92:e6:eb:d5:41:d1:54:
                    34:a6:59:37:df:b7:c8:1a:1c:23:45:c3:d0:95:63:
                    f3:97:b1:e0:82:59:d2:5f:f2:a5:13:3f:d2:82:3d:
                    cd:c1:cd:12:91:da:1a:46:8a:1e:f9:f1:c4:a8:9f:
                    6c:83:03:20:e4:96:6c:7f:b7:b3:1a:a1:2a:f3:17:
                    d9:69:ef:00:78:36:f0:78:61:df:1d:80:97:6a:88:
                    45:6b:3d:e5:6a:e8:2b:07:80:1f:1d:20:82:23:31:
                    ab:85:88:06:ad:67:55:b8:11:46:56:46:3a:1e:c7:
                    a7:ae:77:46:29:a9:f8:99:49:9b:2b:11:b2:d6:65:
                    88:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:B2:F9:26:87:96:9A:A4:1E:4C:9A:2B:9D:06:A8:33:19:6F:6D:8C
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3132382e31322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:12:44:7c:6e:41:c0:94:36:3b:51:5b:a5:b3:e9:60:44:d1:
         0d:79:c6:7b:21:64:04:50:e9:11:cb:cd:58:8c:eb:12:47:b0:
         83:12:2f:61:8d:6f:e9:f7:92:46:0b:95:8d:e4:7e:a3:ed:88:
         a4:b5:bf:55:0d:7d:9a:55:b1:72:97:4c:a3:75:34:52:d3:8a:
         26:3e:d3:97:38:81:f6:ea:e4:41:57:59:71:b0:e2:3e:05:35:
         cc:c8:f4:09:7b:1d:97:a1:49:31:12:b2:7c:22:b4:b1:6d:96:
         ee:21:cf:9e:0c:24:c7:49:b9:37:a6:bf:44:6c:4a:13:9d:c6:
         d2:ac:e9:2f:64:eb:5b:fc:1a:03:a4:8a:fb:d9:fc:1d:1f:1f:
         5e:5c:23:8a:0e:3c:db:fc:5b:4d:27:2d:e4:7d:8c:ca:30:d6:
         d5:a3:c4:a4:2f:df:fe:f2:9b:d8:83:5d:14:77:c9:b7:04:03:
         a5:1d:c3:21:15:1b:48:92:22:b7:cd:00:0f:3e:92:cd:50:b2:
         57:4f:fd:9d:02:80:36:41:98:28:37:5b:09:62:a7:9a:91:87:
         60:6c:03:f4:9f:27:77:a1:36:6b:b0:bb:2b:66:1b:e5:3c:6b:
         14:c3:f0:45:9b:c1:c9:a4:5a:a3:b3:52:a5:5f:3d:75:2d:91:
         98:12:a9:55
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDHGzl+UvOEne2peh/77+nhPkrHowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNTA4MDEwMDQ5MTNaFw0yNjA3MzEwMDU0MTNaMDMxMTAvBgNV
BAMTKEZEQjJGOTI2ODc5NjlBQTQxRTRDOUEyQjlEMDZBODMzMTk2RjZEOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZyyJaajdu2iCt6WFBUKTqD8VM
6y7fwA5b5IHv7xRieZstS1oVuOV75rx9nEZKseZsgCEHQYIQclKR1Fzz9+4JyWSG
r3oCKj6eGWE9DOg9HdDkYDumiDqBeiMFwlrMSKEIAZ8Gik7CxdL16194c5Bluow1
a7FaWdfJ5Rnw/uUAkubr1UHRVDSmWTfft8gaHCNFw9CVY/OXseCCWdJf8qUTP9KC
Pc3BzRKR2hpGih758cSon2yDAyDklmx/t7MaoSrzF9lp7wB4NvB4Yd8dgJdqiEVr
PeVq6CsHgB8dIIIjMauFiAatZ1W4EUZWRjoex6eud0YpqfiZSZsrEbLWZYhFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU/bL5JoeWmqQeTJornQaoMxlvbYwwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzMjM4MmUzMTMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYAMMA0G
CSqGSIb3DQEBCwUAA4IBAQCDEkR8bkHAlDY7UVuls+lgRNENecZ7IWQEUOkRy81Y
jOsSR7CDEi9hjW/p95JGC5WN5H6j7Yiktb9VDX2aVbFyl0yjdTRS04omPtOXOIH2
6uRBV1lxsOI+BTXMyPQJex2XoUkxErJ8IrSxbZbuIc+eDCTHSbk3pr9EbEoTncbS
rOkvZOtb/BoDpIr72fwdHx9eXCOKDjzb/FtNJy3kfYzKMNbVo8SkL9/+8pvYg10U
d8m3BAOlHcMhFRtIkiK3zQAPPpLNULJXT/2dAoA2QZgoN1sJYqeakYdgbAP0nyd3
oTZrsLsrZhvlPGsUw/BFm8HJpFqjs1KlXz11LZGYEqlV
-----END CERTIFICATE-----