Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32342d3234203d3e20313531333839.roa
File:                     352e3139392e31302e302f32342d3234203d3e20313531333839.roa (raw, json)
Hash identifier:          dufTvd/F47UKE3Q86lPStmGH9yg57jOTJT10cj1hFJE=
Subject key identifier:   87:BA:1E:0B:4A:D8:21:7F:3B:A4:90:97:24:F9:BB:03:C0:2B:64:A6
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       70B128AB8C4A4127C35E05CC2A563C0EB7EB272C
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32342d3234203d3e20313531333839.roa
Signing time:             Thu 02 Apr 2026 04:36:54 +0000
ROA not before:           Thu 02 Apr 2026 04:31:54 +0000
ROA not after:            Thu 01 Apr 2027 04:36:54 +0000
asID:                     151389
IP address blocks:        5.199.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Apr 2026 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:b1:28:ab:8c:4a:41:27:c3:5e:05:cc:2a:56:3c:0e:b7:eb:27:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  2 04:31:54 2026 GMT
            Not After : Apr  1 04:36:54 2027 GMT
        Subject: CN=87BA1E0B4AD8217F3BA4909724F9BB03C02B64A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:91:9e:3f:c4:5f:b3:75:96:b0:ef:49:da:6a:
                    2d:d3:44:4b:dc:10:e5:0f:28:85:85:12:94:ea:92:
                    fe:aa:58:8e:d5:f4:fb:bc:11:eb:80:ca:6a:7d:52:
                    98:27:86:21:06:e8:78:8d:1a:f6:ed:5e:4f:ec:b3:
                    ac:b0:38:17:2f:9b:3b:7c:dc:c8:f8:58:af:41:41:
                    ba:45:9b:b5:c1:f9:b7:28:dc:8c:c8:f5:6c:0c:89:
                    52:1a:e9:e1:70:63:13:ad:eb:2e:53:49:7c:e5:02:
                    82:1a:7e:03:40:72:07:2b:37:04:09:9d:81:cb:95:
                    18:a9:1a:4b:6c:6c:1d:eb:42:44:82:34:8a:d6:d8:
                    95:eb:09:9a:2b:ab:a5:a7:d9:39:2d:83:9f:3e:4d:
                    13:f6:3c:d7:04:89:fa:9c:ce:d1:93:a6:61:a9:13:
                    02:86:a8:9a:36:27:e3:e6:44:8d:3b:52:a5:76:9b:
                    5e:00:85:48:3d:cd:01:79:81:47:25:01:39:ea:8d:
                    1a:09:d2:48:36:20:4b:89:9d:13:28:66:b0:a8:a6:
                    32:dc:5e:2b:d4:97:52:23:bb:cd:7f:81:1c:00:ec:
                    89:30:a5:ec:9f:ea:43:6e:7d:82:5e:4a:06:2b:c3:
                    39:5e:0b:1d:cb:86:2e:44:18:12:48:98:ad:f4:70:
                    72:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:BA:1E:0B:4A:D8:21:7F:3B:A4:90:97:24:F9:BB:03:C0:2B:64:A6
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32342d3234203d3e20313531333839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ab:3d:35:c6:e0:94:8e:fd:26:6f:a7:f9:ff:a3:54:cd:4f:
         e2:fa:95:2f:72:72:ee:b1:6e:aa:f5:86:eb:bd:f0:d8:d4:54:
         3c:3c:af:37:3f:76:57:73:81:ed:d5:f8:66:30:6b:8b:40:72:
         3a:6c:ce:5c:b9:1a:ec:84:9d:bf:0c:68:42:2c:81:d1:59:78:
         32:90:f7:e1:14:c3:13:00:8d:ef:83:79:82:c9:9d:d7:d4:7d:
         a4:06:75:af:b0:e0:7a:24:3d:5f:e7:27:c1:66:b3:f4:35:cf:
         74:48:f2:65:57:41:d4:87:2d:49:27:4e:87:24:c7:cd:10:dd:
         ba:03:30:a3:e9:0e:bd:05:b1:dc:c8:48:ff:60:c2:9e:d6:11:
         8c:69:a8:25:49:61:33:f7:be:ec:5c:68:35:f0:7f:ee:e1:6d:
         4f:c1:d3:1c:2f:f0:08:42:1e:b8:7a:24:76:68:29:a2:d4:74:
         89:a8:71:14:bb:16:5b:18:15:89:b1:b3:ea:53:2b:74:90:37:
         07:52:61:c5:4c:a6:10:d4:9b:fe:04:44:6a:df:71:5b:56:62:
         45:4d:90:d8:38:44:a8:c0:bf:85:11:20:c1:6e:5d:71:d7:f9:
         83:6b:98:5d:eb:fe:af:1c:8e:16:57:b4:38:7e:c3:62:cd:7c:
         44:58:b8:fe
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcLEoq4xKQSfDXgXMKlY8DrfrJywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDIwNDMxNTRaFw0yNzA0MDEwNDM2NTRaMDMxMTAvBgNV
BAMTKDg3QkExRTBCNEFEODIxN0YzQkE0OTA5NzI0RjlCQjAzQzAyQjY0QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYkZ4/xF+zdZaw70naai3TREvc
EOUPKIWFEpTqkv6qWI7V9Pu8EeuAymp9UpgnhiEG6HiNGvbtXk/ss6ywOBcvmzt8
3Mj4WK9BQbpFm7XB+bco3IzI9WwMiVIa6eFwYxOt6y5TSXzlAoIafgNAcgcrNwQJ
nYHLlRipGktsbB3rQkSCNIrW2JXrCZorq6Wn2Tktg58+TRP2PNcEifqcztGTpmGp
EwKGqJo2J+PmRI07UqV2m14AhUg9zQF5gUclATnqjRoJ0kg2IEuJnRMoZrCopjLc
XivUl1Iju81/gRwA7Ikwpeyf6kNufYJeSgYrwzleCx3Lhi5EGBJImK30cHI5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUh7oeC0rYIX87pJCXJPm7A8ArZKYwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMTMzMzgzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXH
CjANBgkqhkiG9w0BAQsFAAOCAQEABas9NcbglI79Jm+n+f+jVM1P4vqVL3Jy7rFu
qvWG673w2NRUPDyvNz92V3OB7dX4ZjBri0ByOmzOXLka7ISdvwxoQiyB0Vl4MpD3
4RTDEwCN74N5gsmd19R9pAZ1r7DgeiQ9X+cnwWaz9DXPdEjyZVdB1IctSSdOhyTH
zRDdugMwo+kOvQWx3MhI/2DCntYRjGmoJUlhM/e+7FxoNfB/7uFtT8HTHC/wCEIe
uHokdmgpotR0iahxFLsWWxgVibGz6lMrdJA3B1JhxUymENSb/gREat9xW1ZiRU2Q
2DhEqMC/hREgwW5dcdf5g2uYXev+rxyOFle0OH7DYs18RFi4/g==
-----END CERTIFICATE-----