Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20383334.roa
File:                     34352e382e3231372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          986H7DOlh4JMdwtbTV1uEyMKn5HaeRMCufNEqQ0K23s=
Subject key identifier:   51:FF:2C:89:18:C4:66:78:B1:11:A4:9B:2A:27:C5:D6:3F:E3:40:19
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       7491BB3F2357506581EBA5059D273D07376F1D58
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Mar 2026 10:45:28 +0000
ROA not before:           Fri 20 Mar 2026 10:40:28 +0000
ROA not after:            Fri 19 Mar 2027 10:45:28 +0000
asID:                     834
IP address blocks:        45.8.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Mar 2026 13:22:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:91:bb:3f:23:57:50:65:81:eb:a5:05:9d:27:3d:07:37:6f:1d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Mar 20 10:40:28 2026 GMT
            Not After : Mar 19 10:45:28 2027 GMT
        Subject: CN=51FF2C8918C46678B111A49B2A27C5D63FE34019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:51:d3:c7:53:3a:a3:94:16:62:29:a1:e4:4b:
                    d5:8a:15:a2:e5:fb:01:c2:aa:3c:5c:f5:f9:d8:a6:
                    5d:b8:75:95:7d:fd:a6:14:34:30:f0:7d:4c:62:e3:
                    46:03:e1:7c:a4:3b:9b:d9:a9:72:fc:1b:39:fc:ca:
                    fe:fe:11:b0:6d:87:79:89:9e:67:26:27:30:09:c2:
                    d1:0b:cc:a7:6b:af:44:ed:9e:8b:4e:fb:c5:bc:78:
                    b8:1f:22:5f:b2:1f:4b:e2:bd:f4:5a:e8:a6:98:5c:
                    82:ee:a4:27:d2:89:9e:80:1f:83:0c:ef:f5:e1:ed:
                    79:0e:34:b2:f7:90:63:6c:df:e5:46:ad:0b:7f:58:
                    cc:89:b5:c3:9e:ca:a0:23:fa:c0:e6:31:88:9e:38:
                    77:c6:2d:d3:1d:2b:06:3c:be:91:bc:80:dd:cc:5a:
                    aa:22:cb:af:ae:d7:a0:fd:4e:e4:0e:87:98:80:ad:
                    d9:3e:f1:0b:51:1b:2f:a4:36:74:e5:83:b8:9a:d0:
                    f7:38:dc:fd:89:de:d8:b2:89:f2:d0:e7:f2:4b:8e:
                    89:e0:64:9b:37:14:a2:8b:8d:55:e1:ba:da:3e:ce:
                    2f:31:53:69:ee:6e:51:2b:09:90:a3:98:f7:96:b8:
                    95:84:8c:65:f8:43:8b:bd:dd:03:32:d4:e8:0d:a9:
                    85:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:FF:2C:89:18:C4:66:78:B1:11:A4:9B:2A:27:C5:D6:3F:E3:40:19
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:84:54:5b:b5:3f:f3:c3:85:3b:e8:4b:88:84:91:9c:1b:55:
         f3:5a:f6:fd:a4:0a:2d:f1:9b:d9:da:15:a4:65:23:d0:c3:88:
         00:38:74:6a:88:fc:fa:15:65:a4:52:14:be:9d:2f:4c:54:bf:
         98:95:70:1d:9d:db:f7:8d:cc:c3:7f:de:70:66:d5:d1:4d:f9:
         5c:fb:58:1b:d9:1a:4d:6c:14:a9:76:7c:0a:ab:f6:e0:7c:5b:
         b9:2d:3e:b7:f3:2c:c1:14:be:8e:7f:76:25:c3:01:79:35:43:
         1f:0c:b8:e1:28:4e:c9:35:76:23:86:fc:59:b1:e9:1d:cc:8b:
         5d:96:7f:ad:c9:88:f3:fd:1d:60:13:d5:f7:44:21:05:c1:4e:
         a6:c0:ce:5b:19:3f:ef:91:05:cf:3f:13:68:0e:0e:6d:12:88:
         e2:06:58:4f:4f:54:a4:c6:b9:bf:5a:23:7b:1d:88:28:ff:38:
         e2:1d:99:24:e8:72:b0:47:43:46:d9:cb:5f:17:04:5f:9b:cf:
         2a:d3:c9:0b:92:24:6d:c1:07:b3:bc:ba:7f:b6:35:6e:34:83:
         de:a6:ef:df:9c:f0:c7:7d:38:48:25:aa:d4:f1:94:23:76:49:
         e5:d4:b4:fb:88:34:9e:09:0b:0a:76:cf:0d:81:91:6e:29:b1:
         2e:c0:ea:97
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUdJG7PyNXUGWB66UFnSc9BzdvHVgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjAzMjAxMDQwMjhaFw0yNzAzMTkxMDQ1MjhaMDMxMTAvBgNV
BAMTKDUxRkYyQzg5MThDNDY2NzhCMTExQTQ5QjJBMjdDNUQ2M0ZFMzQwMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqUdPHUzqjlBZiKaHkS9WKFaLl
+wHCqjxc9fnYpl24dZV9/aYUNDDwfUxi40YD4XykO5vZqXL8Gzn8yv7+EbBth3mJ
nmcmJzAJwtELzKdrr0TtnotO+8W8eLgfIl+yH0vivfRa6KaYXILupCfSiZ6AH4MM
7/Xh7XkONLL3kGNs3+VGrQt/WMyJtcOeyqAj+sDmMYieOHfGLdMdKwY8vpG8gN3M
Wqoiy6+u16D9TuQOh5iArdk+8QtRGy+kNnTlg7ia0Pc43P2J3tiyifLQ5/JLjong
ZJs3FKKLjVXhuto+zi8xU2nublErCZCjmPeWuJWEjGX4Q4u93QMy1OgNqYX9AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUUf8siRjEZnixEaSbKifF1j/jQBkwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I2TANBgkq
hkiG9w0BAQsFAAOCAQEAwYRUW7U/88OFO+hLiISRnBtV81r2/aQKLfGb2doVpGUj
0MOIADh0aoj8+hVlpFIUvp0vTFS/mJVwHZ3b943Mw3/ecGbV0U35XPtYG9kaTWwU
qXZ8Cqv24HxbuS0+t/MswRS+jn92JcMBeTVDHwy44ShOyTV2I4b8WbHpHcyLXZZ/
rcmI8/0dYBPV90QhBcFOpsDOWxk/75EFzz8TaA4ObRKI4gZYT09UpMa5v1ojex2I
KP844h2ZJOhysEdDRtnLXxcEX5vPKtPJC5IkbcEHs7y6f7Y1bjSD3qbv35zwx304
SCWq1PGUI3ZJ5dS0+4g0ngkLCnbPDYGRbimxLsDqlw==
-----END CERTIFICATE-----