Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e39312e342e302f32342d3234203d3e2039333034.roa
File:                     34352e39312e342e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          WrPVCvb1cQXvzh8k2RYvDKAXixR8r4mR94XlRVg0mrw=
Subject key identifier:   85:0E:70:4D:BA:B5:BD:CD:FC:27:39:98:01:3A:5A:6F:5F:22:38:6F
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       2DBC27EC02BA3C0E2FF61EF9669D71DC547C22DA
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e39312e342e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 25 May 2026 12:16:57 +0000
ROA not before:           Mon 25 May 2026 12:11:57 +0000
ROA not after:            Mon 24 May 2027 12:16:57 +0000
asID:                     9304
IP address blocks:        45.91.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 07:21:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:bc:27:ec:02:ba:3c:0e:2f:f6:1e:f9:66:9d:71:dc:54:7c:22:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: May 25 12:11:57 2026 GMT
            Not After : May 24 12:16:57 2027 GMT
        Subject: CN=850E704DBAB5BDCDFC273998013A5A6F5F22386F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5b:8b:a2:1a:06:ae:0a:e1:16:20:d1:a4:9e:
                    ab:5a:98:b7:bc:0d:fc:8d:b6:af:1e:7a:be:67:99:
                    6d:74:2a:53:5a:4b:8d:7a:48:8e:f6:ed:c5:36:13:
                    16:7b:c4:25:c6:5a:14:62:6d:54:0a:f5:8c:37:2c:
                    31:76:31:e0:59:64:e4:65:5f:d4:2f:3b:92:9a:6b:
                    d4:76:b3:5b:e2:8e:e7:7a:dc:ce:cd:35:88:b5:e5:
                    79:f6:88:f6:86:f8:1f:77:cc:33:9e:21:6a:85:b1:
                    bd:b1:89:50:0c:a8:73:f0:05:63:54:72:8f:8b:e9:
                    c2:1f:e6:46:98:7d:1d:f6:00:0e:11:9f:92:93:7d:
                    14:ed:b5:0d:a2:e2:7b:75:b1:58:c5:f7:28:9a:40:
                    15:ce:1b:f7:71:a0:8e:00:6c:6d:d3:92:56:9f:cd:
                    14:eb:6f:21:4a:c9:9f:79:06:0e:57:b2:bf:46:5f:
                    d6:32:fc:03:f0:30:b6:d8:43:16:aa:6a:e1:f0:c6:
                    72:d1:b4:76:48:f0:e1:2a:8b:d1:aa:2f:41:7c:76:
                    c3:dc:b2:e7:6b:c3:24:9f:90:af:75:7b:de:8d:82:
                    6c:44:e2:ff:62:16:b5:aa:95:03:e2:d3:67:a2:ab:
                    1d:ff:67:3f:d0:bb:8b:c9:6c:94:80:7c:53:0c:bb:
                    4b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0E:70:4D:BA:B5:BD:CD:FC:27:39:98:01:3A:5A:6F:5F:22:38:6F
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e39312e342e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:3b:d5:e4:13:aa:20:99:5c:03:e2:ff:7f:23:f4:96:9c:b3:
         b6:70:3c:ce:eb:26:64:7b:e9:b0:23:10:4e:39:70:5e:20:b3:
         a1:ac:b2:5c:6c:ef:f3:14:39:3d:f0:ee:c3:40:22:a4:db:34:
         e2:a8:b6:98:67:d4:fe:50:ca:e5:a4:f2:28:f2:12:a9:8f:b7:
         36:9a:1a:89:fc:dc:a8:6e:c8:6b:64:6d:37:85:32:a4:cc:7a:
         cc:8f:4b:68:02:39:f5:8a:d6:63:f8:f2:9d:ee:e9:bc:eb:03:
         57:8b:71:b7:47:92:93:fb:c6:53:5e:b3:02:8a:f0:c8:c8:50:
         78:5c:ba:01:53:1d:d9:7b:b6:d6:18:28:a3:00:3a:64:97:38:
         24:18:b6:d6:9f:59:3f:f7:e8:02:ca:b2:40:29:ad:28:02:15:
         3a:cb:17:eb:06:75:61:2c:97:a0:1f:e0:d8:86:e2:b3:c2:d0:
         f3:e8:38:cf:7f:57:20:ad:7a:4b:58:39:8b:b4:b8:a2:de:71:
         09:3b:37:a8:db:8d:1a:bf:62:74:46:5f:c6:ee:d2:8f:9e:c2:
         20:32:21:f6:25:3b:68:19:8c:1a:d0:fb:2b:69:c1:9f:db:c9:
         2c:67:38:a9:79:3d:e2:b4:39:71:5f:34:34:d6:80:62:58:30:
         90:f7:6a:63
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIULbwn7AK6PA4v9h75Zp1x3FR8ItowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjA1MjUxMjExNTdaFw0yNzA1MjQxMjE2NTdaMDMxMTAvBgNV
BAMTKDg1MEU3MDREQkFCNUJEQ0RGQzI3Mzk5ODAxM0E1QTZGNUYyMjM4NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUW4uiGgauCuEWINGknqtamLe8
DfyNtq8eer5nmW10KlNaS416SI727cU2ExZ7xCXGWhRibVQK9Yw3LDF2MeBZZORl
X9QvO5Kaa9R2s1vijud63M7NNYi15Xn2iPaG+B93zDOeIWqFsb2xiVAMqHPwBWNU
co+L6cIf5kaYfR32AA4Rn5KTfRTttQ2i4nt1sVjF9yiaQBXOG/dxoI4AbG3Tklaf
zRTrbyFKyZ95Bg5Xsr9GX9Yy/APwMLbYQxaqauHwxnLRtHZI8OEqi9GqL0F8dsPc
sudrwySfkK91e96NgmxE4v9iFrWqlQPi02eiqx3/Zz/Qu4vJbJSAfFMMu0ufAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUhQ5wTbq1vc38JzmYATpab18iOG8wHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzQzNTJlMzkzMTJlMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1bBDANBgkq
hkiG9w0BAQsFAAOCAQEAVDvV5BOqIJlcA+L/fyP0lpyztnA8zusmZHvpsCMQTjlw
XiCzoayyXGzv8xQ5PfDuw0AipNs04qi2mGfU/lDK5aTyKPISqY+3NpoaifzcqG7I
a2RtN4UypMx6zI9LaAI59YrWY/jyne7pvOsDV4txt0eSk/vGU16zAorwyMhQeFy6
AVMd2Xu21hgoowA6ZJc4JBi21p9ZP/foAsqyQCmtKAIVOssX6wZ1YSyXoB/g2Ibi
s8LQ8+g4z39XIK16S1g5i7S4ot5xCTs3qNuNGr9idEZfxu7Sj57CIDIh9iU7aBmM
GtD7K2nBn9vJLGc4qXk94rQ5cV80NNaAYlgwkPdqYw==
-----END CERTIFICATE-----