Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e33352e302f32342d3234203d3e2039333138.roa
File:                     3231322e37342e33352e302f32342d3234203d3e2039333138.roa (raw, json)
Hash identifier:          ekvUX5zgFFh2VHA3pwt97a1SREQY78uSLdfKKhZ06xk=
Subject key identifier:   7E:4A:69:82:E6:3B:71:49:22:E2:48:79:7D:0A:AA:23:44:20:19:E0
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       1C3FF6C92CC38BAD47CD8B35FF9E7BF12E09B195
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e33352e302f32342d3234203d3e2039333138.roa
Signing time:             Tue 03 Mar 2026 04:50:29 +0000
ROA not before:           Tue 03 Mar 2026 04:45:29 +0000
ROA not after:            Tue 02 Mar 2027 04:50:29 +0000
asID:                     9318
IP address blocks:        212.74.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 05:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:3f:f6:c9:2c:c3:8b:ad:47:cd:8b:35:ff:9e:7b:f1:2e:09:b1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar  3 04:45:29 2026 GMT
            Not After : Mar  2 04:50:29 2027 GMT
        Subject: CN=7E4A6982E63B714922E248797D0AAA23442019E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1f:88:3c:00:93:bf:45:f0:73:fb:df:1d:b6:
                    b1:5c:85:4c:7a:b4:10:11:dd:c9:55:c0:33:2a:91:
                    26:24:e0:e4:c6:29:b3:1f:9b:85:71:4a:2a:98:71:
                    4e:d5:35:7e:b9:99:10:33:be:ad:df:bf:14:1f:46:
                    94:91:27:d4:0b:51:7d:3b:9b:42:85:59:68:b1:a1:
                    30:62:17:32:70:f3:40:e3:9f:39:52:67:67:1b:f2:
                    5f:5f:e0:62:93:fc:2f:60:cc:c3:e2:1b:f2:40:af:
                    8d:cf:46:59:43:6e:6e:b7:1a:1d:74:46:6d:4e:0c:
                    1c:bb:8e:f7:64:85:c3:20:de:f6:df:20:fe:13:64:
                    22:62:2d:77:e4:19:d8:4c:48:92:e5:22:a4:d3:42:
                    81:be:84:e9:c8:f7:8f:f2:35:35:53:d1:cb:d5:5c:
                    bb:3e:66:c3:e9:47:6e:60:ae:64:e2:b9:47:6a:ef:
                    dc:0a:a2:b8:a9:27:72:96:94:23:f5:f9:dc:67:b4:
                    f5:a4:ea:2f:c5:c8:bc:bf:43:d0:06:66:c4:f5:f0:
                    00:c4:98:20:d7:c0:9b:84:31:23:04:0d:46:d4:2c:
                    0f:74:e3:cd:83:0c:7f:e9:c8:eb:9d:36:fe:97:43:
                    9e:21:2a:34:85:cb:ca:54:e8:84:a3:4d:d3:99:06:
                    28:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:4A:69:82:E6:3B:71:49:22:E2:48:79:7D:0A:AA:23:44:20:19:E0
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e33352e302f32342d3234203d3e2039333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:69:3c:d1:61:14:5e:8c:b6:52:27:dc:54:ec:cf:55:a8:e0:
         3c:4a:ce:eb:68:12:30:3c:ed:23:11:b6:a9:79:10:58:6b:d9:
         87:0f:a5:3b:42:10:e7:8a:13:26:46:4a:11:18:ee:ac:cb:c9:
         39:04:5d:05:73:d9:51:79:14:a2:bd:86:eb:11:36:a3:5e:03:
         90:91:28:0c:4c:a8:8b:d7:ca:78:20:9e:57:a4:99:ef:70:98:
         dd:41:1a:1a:12:f5:f1:df:3f:dd:ff:ce:70:a9:51:2a:26:9a:
         9e:ac:00:cc:f3:24:22:fa:21:e4:51:ec:d4:2f:c5:b8:e5:40:
         ba:0e:96:63:ff:80:89:fa:ae:82:d9:ce:79:4d:42:7b:63:95:
         93:a4:71:50:33:05:ac:1c:42:7e:a5:72:41:82:22:f5:db:c4:
         26:90:ac:a7:e6:95:76:dd:f7:3c:63:26:89:91:1f:1d:b9:91:
         65:98:28:99:d7:dc:9e:65:75:04:26:97:64:04:85:1f:a2:2b:
         69:39:35:76:ee:20:bf:f4:ae:1b:30:e0:e7:17:6c:da:ef:c8:
         3e:34:4c:c3:69:a1:56:ec:a0:15:5a:d6:d7:ed:80:19:6d:fb:
         97:66:3f:bf:59:3e:87:42:b6:ea:3f:f3:e4:f5:68:c3:3d:ea:
         cf:1e:2e:5d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHD/2ySzDi61HzYs1/5578S4JsZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMDMwNDQ1MjlaFw0yNzAzMDIwNDUwMjlaMDMxMTAvBgNV
BAMTKDdFNEE2OTgyRTYzQjcxNDkyMkUyNDg3OTdEMEFBQTIzNDQyMDE5RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdH4g8AJO/RfBz+98dtrFchUx6
tBAR3clVwDMqkSYk4OTGKbMfm4VxSiqYcU7VNX65mRAzvq3fvxQfRpSRJ9QLUX07
m0KFWWixoTBiFzJw80DjnzlSZ2cb8l9f4GKT/C9gzMPiG/JAr43PRllDbm63Gh10
Rm1ODBy7jvdkhcMg3vbfIP4TZCJiLXfkGdhMSJLlIqTTQoG+hOnI94/yNTVT0cvV
XLs+ZsPpR25grmTiuUdq79wKoripJ3KWlCP1+dxntPWk6i/FyLy/Q9AGZsT18ADE
mCDXwJuEMSMEDUbULA90482DDH/pyOudNv6XQ54hKjSFy8pU6ISjTdOZBihVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUfkppguY7cUki4kh5fQqqI0QgGeAwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzMzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUSiMw
DQYJKoZIhvcNAQELBQADggEBAK1pPNFhFF6MtlIn3FTsz1Wo4DxKzutoEjA87SMR
tql5EFhr2YcPpTtCEOeKEyZGShEY7qzLyTkEXQVz2VF5FKK9husRNqNeA5CRKAxM
qIvXynggnlekme9wmN1BGhoS9fHfP93/znCpUSommp6sAMzzJCL6IeRR7NQvxbjl
QLoOlmP/gIn6roLZznlNQntjlZOkcVAzBawcQn6lckGCIvXbxCaQrKfmlXbd9zxj
JomRHx25kWWYKJnX3J5ldQQml2QEhR+iK2k5NXbuIL/0rhsw4OcXbNrvyD40TMNp
oVbsoBVa1tftgBlt+5dmP79ZPodCtuo/8+T1aMM96s8eLl0=
-----END CERTIFICATE-----