Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203231383539.roa
File:                     34332e3233302e38342e302f32342d3234203d3e203231383539.roa (raw, json)
Hash identifier:          SVFfgjYJoyDeeqzPyXuYrjyRbvwTEkox9PAuxc1c2+U=
Subject key identifier:   6F:40:AB:35:9B:9C:EA:AF:85:F0:FD:19:91:B0:3A:18:15:8C:07:8D
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       7A0DA268ED88196022A240B483596443A250D7F0
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203231383539.roa
Signing time:             Fri 01 Aug 2025 10:18:51 +0000
ROA not before:           Fri 01 Aug 2025 10:13:51 +0000
ROA not after:            Fri 31 Jul 2026 10:18:51 +0000
asID:                     21859
IP address blocks:        43.230.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 13:52:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:0d:a2:68:ed:88:19:60:22:a2:40:b4:83:59:64:43:a2:50:d7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Aug  1 10:13:51 2025 GMT
            Not After : Jul 31 10:18:51 2026 GMT
        Subject: CN=6F40AB359B9CEAAF85F0FD1991B03A18158C078D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:58:ca:f9:59:55:f7:25:a5:3c:87:8a:fd:eb:
                    cb:fc:1d:e6:31:94:7b:3c:2c:90:e0:20:38:8b:87:
                    cb:37:71:74:d0:23:5b:d1:a2:8b:fa:bf:fa:e5:f5:
                    be:80:54:57:87:76:5c:16:79:d8:d2:b3:52:44:cd:
                    ce:8e:90:fd:88:ff:f1:24:88:87:71:c3:9c:4c:cf:
                    c4:26:a6:ed:5d:79:85:a2:1c:56:9e:76:c2:e3:5a:
                    c9:a4:4a:17:16:d2:60:c0:7f:fe:53:77:89:79:d1:
                    0a:87:44:41:88:e6:f0:81:73:8c:a5:e6:92:c6:6e:
                    21:89:8e:18:21:41:23:db:c4:9a:be:ba:ef:80:e0:
                    66:c2:0d:58:1e:22:8d:8f:4e:93:b6:94:dd:b4:a3:
                    3b:25:79:ca:6e:16:f0:b9:a7:02:17:64:f4:30:e0:
                    6f:ad:f2:ab:2c:6d:fc:9b:f8:b4:69:42:61:5b:96:
                    06:6d:15:fb:0f:b8:c2:d3:2b:1e:7f:ce:86:1a:6c:
                    1f:a2:f2:50:82:05:f4:c1:61:f5:61:ab:9b:7d:29:
                    e1:7d:13:e1:a1:79:0f:0f:13:f6:7c:e9:6e:54:27:
                    94:fb:77:e3:ba:15:c4:7a:68:0d:67:db:97:ca:15:
                    65:01:de:c7:d9:4c:25:bf:23:41:d7:a2:9e:0a:72:
                    58:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:40:AB:35:9B:9C:EA:AF:85:F0:FD:19:91:B0:3A:18:15:8C:07:8D
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38342e302f32342d3234203d3e203231383539.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:b8:a3:00:8e:08:ef:1c:6c:b0:a8:5d:86:10:da:b3:b6:6a:
         f3:29:d9:80:52:a9:1c:1e:39:40:da:4b:12:4e:f9:73:85:3a:
         ef:cf:a7:89:04:c6:d4:65:b9:60:66:d0:8b:71:9a:09:4e:f4:
         c2:6d:c4:e9:40:32:d8:0b:ce:8f:84:f1:fc:a8:f6:4d:7c:12:
         2b:f2:fd:aa:6f:e3:1b:68:11:40:2f:7e:47:24:25:3c:fd:25:
         5d:1c:5b:40:0a:88:65:d0:28:67:13:b8:9f:7a:9a:9a:66:05:
         e0:71:3e:59:0f:81:41:71:7f:c3:0a:61:14:19:d1:e4:63:45:
         41:e1:80:76:70:a8:90:f4:df:9e:78:b3:be:67:4f:ad:99:df:
         1c:e3:78:d3:c1:79:f0:13:25:ab:47:66:4c:40:b0:c2:2a:5f:
         10:67:da:13:2b:c5:74:f5:89:7a:26:e8:a8:4d:e5:e9:8e:ed:
         72:d6:1b:86:19:78:1a:82:3f:f8:3b:9c:65:2c:a8:a6:47:08:
         dd:87:22:e0:3e:7f:0b:97:1b:6b:bb:62:79:6c:57:1d:9f:e1:
         ac:11:09:c2:85:bd:a1:40:69:bd:2b:42:69:87:0b:0d:8b:62:
         25:44:a5:aa:ef:ea:01:2a:dc:69:f2:0e:b9:a8:b2:bf:1a:25:
         52:5f:27:be
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeg2iaO2IGWAiokC0g1lkQ6JQ1/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA4MDExMDEzNTFaFw0yNjA3MzExMDE4NTFaMDMxMTAvBgNV
BAMTKDZGNDBBQjM1OUI5Q0VBQUY4NUYwRkQxOTkxQjAzQTE4MTU4QzA3OEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwWMr5WVX3JaU8h4r968v8HeYx
lHs8LJDgIDiLh8s3cXTQI1vRoov6v/rl9b6AVFeHdlwWedjSs1JEzc6OkP2I//Ek
iIdxw5xMz8Qmpu1deYWiHFaedsLjWsmkShcW0mDAf/5Td4l50QqHREGI5vCBc4yl
5pLGbiGJjhghQSPbxJq+uu+A4GbCDVgeIo2PTpO2lN20ozslecpuFvC5pwIXZPQw
4G+t8qssbfyb+LRpQmFblgZtFfsPuMLTKx5/zoYabB+i8lCCBfTBYfVhq5t9KeF9
E+GheQ8PE/Z86W5UJ5T7d+O6FcR6aA1n25fKFWUB3sfZTCW/I0HXop4KclglAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUb0CrNZuc6q+F8P0ZkbA6GBWMB40wHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMTM4MzUzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACvm
VDANBgkqhkiG9w0BAQsFAAOCAQEAArijAI4I7xxssKhdhhDas7Zq8ynZgFKpHB45
QNpLEk75c4U678+niQTG1GW5YGbQi3GaCU70wm3E6UAy2AvOj4Tx/Kj2TXwSK/L9
qm/jG2gRQC9+RyQlPP0lXRxbQAqIZdAoZxO4n3qammYF4HE+WQ+BQXF/wwphFBnR
5GNFQeGAdnCokPTfnnizvmdPrZnfHON408F58BMlq0dmTECwwipfEGfaEyvFdPWJ
eiboqE3l6Y7tctYbhhl4GoI/+DucZSyopkcI3Yci4D5/C5cba7tieWxXHZ/hrBEJ
woW9oUBpvStCaYcLDYtiJUSlqu/qASrcafIOuaiyvxolUl8nvg==
-----END CERTIFICATE-----
Generated at Tue Aug 5 17:28:47 2025 by rpki-client