Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e34302e302f32342d3234203d3e20383334.roa
File:                     3231322e37342e34302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dn9EfIqI8iRmabyJ9XkWApfF9BSEdvbZ/I0LI756Pos=
Subject key identifier:   26:65:E7:88:8A:28:B2:B0:90:6B:C6:D9:F5:DE:D8:6D:31:EF:A8:9B
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       0D3DAF9D3A21E666D5A6D018EB40034E57D64D5A
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e34302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 19 May 2026 05:13:01 +0000
ROA not before:           Tue 19 May 2026 05:08:01 +0000
ROA not after:            Tue 18 May 2027 05:13:01 +0000
asID:                     834
IP address blocks:        212.74.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:3d:af:9d:3a:21:e6:66:d5:a6:d0:18:eb:40:03:4e:57:d6:4d:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: May 19 05:08:01 2026 GMT
            Not After : May 18 05:13:01 2027 GMT
        Subject: CN=2665E7888A28B2B0906BC6D9F5DED86D31EFA89B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:a7:f7:a6:e8:f1:53:eb:c3:93:f3:87:28:
                    31:04:46:af:e6:cc:90:f4:e9:33:f3:ce:d3:79:0e:
                    2d:c0:b5:17:db:18:bd:a6:85:0b:86:12:fd:99:7f:
                    bc:cb:11:ae:ef:cc:b3:5c:cf:15:4f:08:cd:59:6c:
                    82:7c:5d:20:a9:18:f3:8b:18:b6:05:d5:43:61:7f:
                    ae:8d:8d:c3:1d:df:8e:f1:69:bd:06:85:f4:84:ee:
                    ba:8b:3f:38:be:ad:97:5d:e1:a6:cb:2d:ce:5c:98:
                    1d:f5:07:6e:59:62:f7:ce:a8:bc:dd:5d:e3:0f:43:
                    a9:8a:31:66:65:e6:a6:3d:23:8e:c9:54:c5:b5:68:
                    71:48:1e:0e:0c:65:89:6d:f2:3a:6b:28:3e:be:61:
                    2b:b0:8a:ee:12:a1:90:40:f9:dd:a7:8e:0c:5b:04:
                    b0:6b:84:b5:59:38:0f:b9:3e:be:ec:6c:82:3f:df:
                    56:e5:71:6a:d2:eb:14:8b:ef:e1:6b:b6:e5:de:25:
                    8a:93:6f:75:db:93:84:38:a0:98:5c:62:00:11:1b:
                    09:3d:d2:ed:b8:39:c6:31:35:e9:11:ef:58:cf:59:
                    44:67:b6:2f:69:34:5e:0b:f3:7d:e6:7d:82:0e:6f:
                    d4:3f:a0:9f:c0:60:1c:3e:d0:2a:1d:88:52:20:73:
                    c7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:65:E7:88:8A:28:B2:B0:90:6B:C6:D9:F5:DE:D8:6D:31:EF:A8:9B
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e34302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ba:87:f4:94:01:6c:cf:21:cb:84:48:56:75:ee:6d:5e:b5:
         51:e9:22:1c:6d:60:cd:eb:e2:2d:f5:de:e7:87:f3:0d:77:bf:
         1d:b8:ac:6d:7f:70:62:f6:25:d5:27:61:1f:20:66:d7:f9:0a:
         3a:33:9f:0d:c0:a7:14:98:44:ef:e3:c6:cd:17:d2:6d:3d:16:
         47:41:3e:5f:47:26:d3:17:92:a3:d0:57:61:be:6e:af:55:90:
         25:86:da:dc:2f:05:ba:1d:05:c7:0a:3a:3a:ef:d9:5d:78:58:
         ce:0b:23:9b:46:02:c6:42:5b:37:59:26:3c:cd:fe:34:1d:3b:
         cc:0d:eb:7a:ff:b8:de:b8:eb:66:cd:65:54:03:4f:e5:a8:cc:
         cb:13:fb:8d:a8:5d:6b:ff:ae:cf:9a:ce:2e:72:59:d3:f8:e2:
         7b:b3:f4:12:90:b8:b7:f0:2e:ae:71:3b:c4:4e:f5:bc:b0:d5:
         85:5e:bb:03:fd:12:e5:fc:58:b2:df:05:35:3f:bb:19:33:12:
         b6:88:5a:43:0b:f8:b1:22:c0:62:d5:2d:31:4d:ec:83:32:d9:
         1f:53:7f:5a:54:56:44:69:cd:28:a1:34:e8:88:9d:3e:52:87:
         45:d0:45:de:cc:1c:c3:e4:01:fb:4f:26:79:67:7b:92:62:aa:
         a5:8e:b5:8b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUDT2vnToh5mbVptAY60ADTlfWTVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA1MTkwNTA4MDFaFw0yNzA1MTgwNTEzMDFaMDMxMTAvBgNV
BAMTKDI2NjVFNzg4OEEyOEIyQjA5MDZCQzZEOUY1REVEODZEMzFFRkE4OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXYKf3pujxU+vDk/OHKDEERq/m
zJD06TPzztN5Di3AtRfbGL2mhQuGEv2Zf7zLEa7vzLNczxVPCM1ZbIJ8XSCpGPOL
GLYF1UNhf66NjcMd347xab0GhfSE7rqLPzi+rZdd4abLLc5cmB31B25ZYvfOqLzd
XeMPQ6mKMWZl5qY9I47JVMW1aHFIHg4MZYlt8jprKD6+YSuwiu4SoZBA+d2njgxb
BLBrhLVZOA+5Pr7sbII/31blcWrS6xSL7+FrtuXeJYqTb3Xbk4Q4oJhcYgARGwk9
0u24OcYxNekR71jPWURnti9pNF4L833mfYIOb9Q/oJ/AYBw+0CodiFIgc8f9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUJmXniIoosrCQa8bZ9d7YbTHvqJswHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNDMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EooMA0G
CSqGSIb3DQEBCwUAA4IBAQAPuof0lAFszyHLhEhWde5tXrVR6SIcbWDN6+It9d7n
h/MNd78duKxtf3Bi9iXVJ2EfIGbX+Qo6M58NwKcUmETv48bNF9JtPRZHQT5fRybT
F5Kj0Fdhvm6vVZAlhtrcLwW6HQXHCjo679ldeFjOCyObRgLGQls3WSY8zf40HTvM
Det6/7jeuOtmzWVUA0/lqMzLE/uNqF1r/67Pms4uclnT+OJ7s/QSkLi38C6ucTvE
TvW8sNWFXrsD/RLl/Fiy3wU1P7sZMxK2iFpDC/ixIsBi1S0xTeyDMtkfU39aVFZE
ac0ooTToiJ0+UodF0EXezBzD5AH7TyZ5Z3uSYqqljrWL
-----END CERTIFICATE-----