Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32332d3234203d3e20383334.roa
File:                     352e3139392e31302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          PW2b0/VNzXNvLCWOj9ochiu/eS0jEaMx/qmjXR1E+SI=
Subject key identifier:   BD:6B:72:23:8C:C3:5D:FD:A3:17:51:19:03:AA:27:03:AE:05:9D:D2
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       3470668CAB2B168B686D95EDF4D24481A187465C
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32332d3234203d3e20383334.roa
Signing time:             Fri 27 Mar 2026 12:53:38 +0000
ROA not before:           Fri 27 Mar 2026 12:48:38 +0000
ROA not after:            Fri 26 Mar 2027 12:53:38 +0000
asID:                     834
IP address blocks:        5.199.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 14:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:70:66:8c:ab:2b:16:8b:68:6d:95:ed:f4:d2:44:81:a1:87:46:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 27 12:48:38 2026 GMT
            Not After : Mar 26 12:53:38 2027 GMT
        Subject: CN=BD6B72238CC35DFDA317511903AA2703AE059DD2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9d:d4:77:83:82:83:5a:4b:48:76:fd:fa:a1:
                    f9:64:33:39:95:bf:56:e6:70:86:38:9b:94:72:dc:
                    06:9e:2b:05:1d:39:df:a8:0d:29:96:19:42:88:b7:
                    8d:ca:7a:df:8e:b6:f3:34:c7:1e:b5:c5:c0:be:66:
                    c4:08:ae:46:87:72:86:98:d3:7a:6a:e6:3d:e0:b5:
                    da:42:82:87:94:c0:06:e7:41:1d:77:57:f9:97:d0:
                    e1:ab:44:d2:f8:e3:e1:be:af:b6:52:05:6b:e5:d9:
                    b9:8b:b0:69:f9:53:f2:74:e0:c6:a0:ed:5f:d6:9d:
                    e1:ed:f7:8d:d1:e9:a4:f5:e3:d2:13:89:ac:47:a7:
                    66:96:a7:24:36:77:58:02:64:e9:27:a4:b4:8a:df:
                    7b:25:06:e5:67:73:22:4d:35:cd:f4:d7:8b:3d:64:
                    d7:ed:c2:2a:61:c4:84:e9:cf:d3:ae:ce:89:ad:bb:
                    ee:41:7b:45:53:fa:96:bc:28:7b:c5:ef:49:06:57:
                    19:1c:9a:ff:27:fe:19:1c:cd:01:ab:93:30:47:6a:
                    fa:55:82:72:34:ea:31:34:5d:20:6e:bb:74:65:a9:
                    4a:0e:50:a3:39:03:a7:bf:83:c1:90:b4:21:30:8d:
                    22:cd:74:56:4f:a6:b7:62:79:9b:56:31:0f:89:91:
                    14:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:6B:72:23:8C:C3:5D:FD:A3:17:51:19:03:AA:27:03:AE:05:9D:D2
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:03:b9:1a:64:45:62:bb:a6:4a:59:80:7d:d6:57:1f:12:f6:
         81:46:e6:0c:b2:bc:f9:ff:a9:4c:46:b0:3f:4f:98:9d:e6:6d:
         d8:d9:ab:6d:a2:5c:d3:f6:47:0d:a0:56:00:60:8b:d0:fc:ca:
         12:57:04:ce:19:5c:c3:a0:32:88:24:de:31:31:20:48:05:73:
         df:58:ef:ff:52:f4:c0:1b:07:05:c2:9d:e8:38:14:58:93:a0:
         5b:de:fe:9c:b8:fc:fd:3e:31:35:42:23:ad:8c:73:cc:56:f5:
         2a:f0:74:95:79:f3:c8:5d:fb:03:88:14:2d:8f:f4:4d:46:bd:
         2e:23:56:e4:dd:0c:3d:6e:47:77:4d:4d:81:cf:f3:05:5e:19:
         f4:3e:42:fd:42:64:c4:7c:c5:91:f7:ab:6a:02:d0:cf:80:c9:
         cd:96:bf:0e:ab:fe:09:b7:1c:75:72:2e:a8:51:41:84:28:39:
         36:20:59:01:5d:6e:56:af:84:0c:5a:3e:fb:2b:90:ef:d6:1a:
         4c:a8:f9:1a:c7:e3:37:e6:2a:ef:50:64:f0:a7:cb:6f:77:35:
         97:df:5a:ac:38:4e:c1:a0:35:70:5c:26:9d:4e:b1:18:3e:c2:
         dc:aa:90:94:6c:26:9f:b8:84:12:b7:0d:70:1f:4f:59:af:ac:
         17:a6:7f:96
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUNHBmjKsrFotobZXt9NJEgaGHRlwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMjcxMjQ4MzhaFw0yNzAzMjYxMjUzMzhaMDMxMTAvBgNV
BAMTKEJENkI3MjIzOENDMzVERkRBMzE3NTExOTAzQUEyNzAzQUUwNTlERDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClndR3g4KDWktIdv36oflkMzmV
v1bmcIY4m5Ry3AaeKwUdOd+oDSmWGUKIt43Ket+OtvM0xx61xcC+ZsQIrkaHcoaY
03pq5j3gtdpCgoeUwAbnQR13V/mX0OGrRNL44+G+r7ZSBWvl2bmLsGn5U/J04Mag
7V/WneHt943R6aT149ITiaxHp2aWpyQ2d1gCZOknpLSK33slBuVncyJNNc3014s9
ZNftwiphxITpz9Ouzomtu+5Be0VT+pa8KHvF70kGVxkcmv8n/hkczQGrkzBHavpV
gnI06jE0XSBuu3RlqUoOUKM5A6e/g8GQtCEwjSLNdFZPprdieZtWMQ+JkRQZAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUvWtyI4zDXf2jF1EZA6onA64FndIwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzMDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQXHCjANBgkq
hkiG9w0BAQsFAAOCAQEAdgO5GmRFYrumSlmAfdZXHxL2gUbmDLK8+f+pTEawP0+Y
neZt2NmrbaJc0/ZHDaBWAGCL0PzKElcEzhlcw6AyiCTeMTEgSAVz31jv/1L0wBsH
BcKd6DgUWJOgW97+nLj8/T4xNUIjrYxzzFb1KvB0lXnzyF37A4gULY/0TUa9LiNW
5N0MPW5Hd01Ngc/zBV4Z9D5C/UJkxHzFkferagLQz4DJzZa/Dqv+CbccdXIuqFFB
hCg5NiBZAV1uVq+EDFo++yuQ79YaTKj5GsfjN+Yq71Bk8KfLb3c1l99arDhOwaA1
cFwmnU6xGD7C3KqQlGwmn7iEErcNcB9PWa+sF6Z/lg==
-----END CERTIFICATE-----