Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32332d3234203d3e20383334.roa
File:                     3231322e37342e36322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          lVKXixlpT9j9p/Bcrh78y/x5cjA/QM9WvPu7yPYU460=
Subject key identifier:   34:54:0D:71:68:D0:40:2D:75:DB:A6:BD:0E:E5:7B:7C:18:AE:18:30
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       16C7BDD35410317DA674A32862FA5B4580A04E24
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32332d3234203d3e20383334.roa
Signing time:             Fri 29 May 2026 16:36:54 +0000
ROA not before:           Fri 29 May 2026 16:31:54 +0000
ROA not after:            Fri 28 May 2027 16:36:54 +0000
asID:                     834
IP address blocks:        212.74.62.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:c7:bd:d3:54:10:31:7d:a6:74:a3:28:62:fa:5b:45:80:a0:4e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: May 29 16:31:54 2026 GMT
            Not After : May 28 16:36:54 2027 GMT
        Subject: CN=34540D7168D0402D75DBA6BD0EE57B7C18AE1830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fb:1a:41:85:8f:d9:15:7a:c3:a3:16:3c:6d:
                    7f:b3:39:b4:58:24:62:89:14:bb:73:7f:64:78:64:
                    60:4c:84:95:a0:5f:1a:15:db:9f:66:45:42:a5:1b:
                    68:5f:ae:8b:92:48:d2:1c:38:e4:90:61:bd:2e:61:
                    49:5a:f4:6d:26:d3:e3:13:e8:e5:b8:af:c4:3c:60:
                    d5:eb:2f:7a:7e:73:ba:c0:0f:34:2b:c9:34:5f:35:
                    67:77:dd:3a:ad:63:35:30:b7:a0:7c:27:7e:4f:65:
                    60:dd:1c:50:ba:15:85:b1:78:80:c4:bc:1b:e3:31:
                    ac:a5:c1:fd:68:78:80:a4:49:4b:60:9d:23:f8:a0:
                    e1:d2:29:81:3a:ec:73:07:b3:7e:a8:b7:00:b8:cc:
                    2c:69:e4:b0:a3:f7:2c:29:00:c3:fc:eb:c4:74:0a:
                    61:11:89:f2:4d:0c:b7:d9:c9:9b:fb:38:18:6b:d6:
                    d1:03:66:ff:ad:33:05:4e:4e:49:bd:27:28:1a:03:
                    20:99:fc:35:e9:90:1a:f4:a8:21:22:3f:39:06:18:
                    9d:fe:e8:01:c7:d3:0e:2c:31:25:fc:ef:65:4c:90:
                    f1:83:5c:af:12:d9:eb:0c:03:e8:9e:ca:b4:12:ee:
                    c0:80:7e:74:e3:6c:e2:e5:fe:3f:7e:e2:61:60:70:
                    34:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:54:0D:71:68:D0:40:2D:75:DB:A6:BD:0E:E5:7B:7C:18:AE:18:30
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:19:24:8f:26:b4:45:71:6c:fa:cc:f2:3a:17:f4:c7:07:aa:
         4b:47:d0:63:ed:fb:2c:1d:5d:e8:0c:d4:ca:5f:f3:ed:f6:66:
         d4:c4:d4:93:08:11:0f:6f:e4:48:2b:92:1e:d3:ba:58:96:92:
         5d:d6:2e:f1:d1:f0:cb:fa:fb:c0:f1:f9:b0:0b:34:6f:e1:f0:
         6f:c1:27:90:84:2f:05:44:a7:e8:70:52:d9:4f:da:b2:58:0b:
         59:38:4c:09:9e:11:7b:f3:aa:05:03:0e:77:ed:5e:0a:dc:91:
         99:a3:61:32:5c:01:21:16:11:6c:10:a9:20:e4:92:77:c7:e6:
         68:02:db:83:74:39:fa:24:7f:36:58:88:48:9b:49:e0:0d:c8:
         26:80:9c:49:ab:7f:db:85:97:44:e0:a3:f2:4e:15:9a:26:2d:
         4a:57:33:01:8c:b1:c5:b6:ce:f2:c4:46:82:95:68:24:cf:32:
         86:ca:37:96:42:1f:80:b6:87:9a:99:8e:7f:12:56:34:d4:f6:
         55:8c:61:cd:bf:46:90:00:47:e0:b9:22:6b:2f:17:28:7d:15:
         bc:ba:ea:0f:40:ab:96:d7:5c:46:c2:34:29:92:ca:70:05:4b:
         35:f0:99:e3:77:49:cd:39:bb:50:01:03:28:cf:9c:92:a8:5a:
         8a:a2:4c:f8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFse901QQMX2mdKMoYvpbRYCgTiQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA1MjkxNjMxNTRaFw0yNzA1MjgxNjM2NTRaMDMxMTAvBgNV
BAMTKDM0NTQwRDcxNjhEMDQwMkQ3NURCQTZCRDBFRTU3QjdDMThBRTE4MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv+xpBhY/ZFXrDoxY8bX+zObRY
JGKJFLtzf2R4ZGBMhJWgXxoV259mRUKlG2hfrouSSNIcOOSQYb0uYUla9G0m0+MT
6OW4r8Q8YNXrL3p+c7rADzQryTRfNWd33TqtYzUwt6B8J35PZWDdHFC6FYWxeIDE
vBvjMaylwf1oeICkSUtgnSP4oOHSKYE67HMHs36otwC4zCxp5LCj9ywpAMP868R0
CmERifJNDLfZyZv7OBhr1tEDZv+tMwVOTkm9JygaAyCZ/DXpkBr0qCEiPzkGGJ3+
6AHH0w4sMSX872VMkPGDXK8S2esMA+ieyrQS7sCAfnTjbOLl/j9+4mFgcDSnAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUNFQNcWjQQC1126a9DuV7fBiuGDAwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1Eo+MA0G
CSqGSIb3DQEBCwUAA4IBAQAHGSSPJrRFcWz6zPI6F/THB6pLR9Bj7fssHV3oDNTK
X/Pt9mbUxNSTCBEPb+RIK5Ie07pYlpJd1i7x0fDL+vvA8fmwCzRv4fBvwSeQhC8F
RKfocFLZT9qyWAtZOEwJnhF786oFAw537V4K3JGZo2EyXAEhFhFsEKkg5JJ3x+Zo
AtuDdDn6JH82WIhIm0ngDcgmgJxJq3/bhZdE4KPyThWaJi1KVzMBjLHFts7yxEaC
lWgkzzKGyjeWQh+AtoeamY5/ElY01PZVjGHNv0aQAEfguSJrLxcofRW8uuoPQKuW
11xGwjQpkspwBUs18Jnjd0nNObtQAQMoz5ySqFqKokz4
-----END CERTIFICATE-----