Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38362e302f32332d3234203d3e2033343931.roa
File:                     34332e3233302e38362e302f32332d3234203d3e2033343931.roa (raw, json)
Hash identifier:          e3yeUvIbF4YF0fCErBT4H99U9jC9XkRZUBr3LRE9AVI=
Subject key identifier:   A2:24:6A:C4:67:6D:F3:3E:6C:63:1C:CA:E9:4A:BD:32:F3:16:85:92
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       0A9D3C52F3AFC898CF888B03BB1DEB6D68C2BB61
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38362e302f32332d3234203d3e2033343931.roa
Signing time:             Tue 17 Feb 2026 04:55:38 +0000
ROA not before:           Tue 17 Feb 2026 04:50:38 +0000
ROA not after:            Tue 16 Feb 2027 04:55:38 +0000
asID:                     3491
IP address blocks:        43.230.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:9d:3c:52:f3:af:c8:98:cf:88:8b:03:bb:1d:eb:6d:68:c2:bb:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Feb 17 04:50:38 2026 GMT
            Not After : Feb 16 04:55:38 2027 GMT
        Subject: CN=A2246AC4676DF33E6C631CCAE94ABD32F3168592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cf:0c:fc:4f:c2:ef:47:0c:d3:bf:61:c9:3a:
                    fa:03:fa:24:92:34:f4:ff:46:71:32:4f:6f:2e:12:
                    79:d2:b4:46:51:71:18:69:05:3f:d1:33:c8:5a:9f:
                    1e:2c:95:38:88:2f:4a:c5:00:e9:db:2b:78:12:1e:
                    34:41:2f:97:77:ad:bd:05:1f:e9:92:06:e9:c1:56:
                    35:9d:79:6b:02:ad:9d:60:26:f6:51:db:df:92:d3:
                    99:34:92:b1:ea:2c:6b:b7:85:68:4c:d2:7a:6d:56:
                    eb:da:2e:12:b6:11:81:da:d6:ee:c2:77:cb:79:73:
                    53:7f:40:6b:19:98:9c:4f:f7:cc:5f:dd:cc:f1:55:
                    6b:b9:c8:a7:df:32:21:55:43:53:49:5c:93:33:43:
                    27:e2:c0:0c:53:cc:9a:47:de:37:75:91:95:88:e7:
                    f9:bf:e3:ca:ea:b3:c0:cc:f2:f1:ad:79:c7:7c:3d:
                    7d:04:be:38:a4:6c:b2:15:c5:c7:fc:10:b0:aa:60:
                    47:6b:db:19:b3:e6:84:78:60:a1:a4:34:61:07:1a:
                    7a:05:bb:a0:45:02:c2:64:2d:b0:a6:55:d9:d9:86:
                    b0:e8:5a:a2:41:e1:38:3c:35:7e:5d:b5:71:0c:ca:
                    96:2d:d2:d3:1a:7e:b9:87:d6:b1:62:be:4f:6d:72:
                    a5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:24:6A:C4:67:6D:F3:3E:6C:63:1C:CA:E9:4A:BD:32:F3:16:85:92
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/34332e3233302e38362e302f32332d3234203d3e2033343931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:d2:46:93:2c:85:82:69:6a:f4:4e:d5:a6:52:57:09:53:87:
         5f:bc:05:2f:af:c0:83:a8:06:ad:5b:15:54:9b:85:e7:b9:e2:
         73:a9:53:eb:ef:d8:1c:b4:ff:3f:eb:ad:23:ea:e5:cb:5c:bb:
         4b:69:bc:44:9d:7f:89:b2:62:d1:07:3d:c9:26:88:04:3a:14:
         86:0a:a8:cd:17:3f:bb:bd:98:f0:ef:8c:e4:3f:f2:0b:da:6b:
         d3:33:20:3e:50:75:5c:c7:1b:86:ae:a5:f2:e4:7a:e3:bb:5e:
         fc:d1:d0:78:b2:10:29:d6:52:6d:fe:ec:78:09:34:db:3d:5b:
         15:cb:83:cb:37:6a:cc:86:f3:13:53:29:f6:eb:a3:48:dd:f6:
         b2:a9:92:be:e2:a0:96:6b:b9:db:d9:cd:ef:92:8a:cb:7a:e0:
         38:93:31:b0:07:17:58:1d:d0:d0:dc:13:a7:23:93:bd:b5:b8:
         8d:5a:dd:e8:93:29:8d:19:cb:1b:c8:14:ba:3b:ff:f3:46:83:
         d8:a3:5a:2b:69:1b:50:13:22:88:42:b1:d6:3c:1a:1b:b5:3e:
         59:aa:75:93:f6:77:79:2f:1c:fa:ab:12:15:ba:23:8f:ff:ab:
         55:41:39:55:c4:07:19:cc:24:d3:92:f2:29:4a:f8:5d:1f:b7:
         16:3e:4a:da
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCp08UvOvyJjPiIsDux3rbWjCu2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNjAyMTcwNDUwMzhaFw0yNzAyMTYwNDU1MzhaMDMxMTAvBgNV
BAMTKEEyMjQ2QUM0Njc2REYzM0U2QzYzMUNDQUU5NEFCRDMyRjMxNjg1OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSzwz8T8LvRwzTv2HJOvoD+iSS
NPT/RnEyT28uEnnStEZRcRhpBT/RM8hanx4slTiIL0rFAOnbK3gSHjRBL5d3rb0F
H+mSBunBVjWdeWsCrZ1gJvZR29+S05k0krHqLGu3hWhM0nptVuvaLhK2EYHa1u7C
d8t5c1N/QGsZmJxP98xf3czxVWu5yKffMiFVQ1NJXJMzQyfiwAxTzJpH3jd1kZWI
5/m/48rqs8DM8vGtecd8PX0EvjikbLIVxcf8ELCqYEdr2xmz5oR4YKGkNGEHGnoF
u6BFAsJkLbCmVdnZhrDoWqJB4Tg8NX5dtXEMypYt0tMafrmH1rFivk9tcqVpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUoiRqxGdt8z5sYxzK6Uq9MvMWhZIwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzQzMzJlMzIzMzMwMmUzODM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzMzNDM5MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEr5lYw
DQYJKoZIhvcNAQELBQADggEBAJLSRpMshYJpavRO1aZSVwlTh1+8BS+vwIOoBq1b
FVSbhee54nOpU+vv2By0/z/rrSPq5ctcu0tpvESdf4myYtEHPckmiAQ6FIYKqM0X
P7u9mPDvjOQ/8gvaa9MzID5QdVzHG4aupfLkeuO7XvzR0HiyECnWUm3+7HgJNNs9
WxXLg8s3asyG8xNTKfbro0jd9rKpkr7ioJZrudvZze+Sist64DiTMbAHF1gd0NDc
E6cjk721uI1a3eiTKY0ZyxvIFLo7//NGg9ijWitpG1ATIohCsdY8Ghu1PlmqdZP2
d3kvHPqrEhW6I4//q1VBOVXEBxnMJNOS8ilK+F0ftxY+Sto=
-----END CERTIFICATE-----