Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20383334.roa
File:                     34352e382e3231372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          lxgDM+2IpOwskjSyLj/88e3oNG4qGZLEbcXn/wQBWJ8=
Subject key identifier:   30:28:95:ED:CC:AC:47:E0:D0:84:DB:93:97:A7:3B:2B:39:FC:4B:6E
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       D9365C2F910C9FB869BEB5B30EB9ED43836414
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 29 Jun 2026 13:05:37 +0000
ROA not before:           Mon 29 Jun 2026 13:00:37 +0000
ROA not after:            Mon 28 Jun 2027 13:05:37 +0000
asID:                     834
IP address blocks:        45.8.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jul 2026 20:13:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d9:36:5c:2f:91:0c:9f:b8:69:be:b5:b3:0e:b9:ed:43:83:64:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Jun 29 13:00:37 2026 GMT
            Not After : Jun 28 13:05:37 2027 GMT
        Subject: CN=302895EDCCAC47E0D084DB9397A73B2B39FC4B6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3d:3a:81:c5:73:77:17:e4:43:03:6b:88:be:
                    d4:2e:da:05:e4:2a:29:82:8d:9b:dd:d4:b3:77:15:
                    af:e5:87:1e:d1:d0:7d:38:fc:eb:eb:22:1e:1d:08:
                    a4:92:61:37:86:95:bb:98:ee:24:d2:29:99:2d:11:
                    4a:64:96:dd:56:4a:7d:df:2c:df:08:d8:a7:56:31:
                    03:4a:ee:45:17:0d:d9:dd:50:81:2a:20:5f:80:43:
                    94:39:cd:e4:e5:d9:75:86:52:6c:4c:fa:24:00:05:
                    36:1a:02:e9:48:3f:2b:7e:39:fc:3a:27:d7:bf:25:
                    27:40:60:5c:c0:29:b5:7f:c7:fb:0b:99:fa:a3:af:
                    0d:1e:32:b7:1a:4e:22:68:04:5b:83:56:f3:fb:35:
                    08:3b:0f:f5:11:0d:ae:24:33:24:71:a6:b1:5a:d0:
                    9a:18:20:a1:2c:f5:54:dc:7f:6e:66:dc:90:60:66:
                    28:21:97:e0:ec:aa:af:35:b4:e1:e0:7a:50:61:2c:
                    44:10:6d:23:34:8a:2f:48:93:d4:18:53:b3:5f:87:
                    1a:89:a0:df:92:77:45:e0:1c:1f:b0:96:1f:18:dc:
                    fe:ee:2d:ab:12:69:52:4b:27:50:88:35:2a:ea:5d:
                    ee:c1:bc:dc:46:a3:71:4a:06:6e:a1:07:68:3a:04:
                    53:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:28:95:ED:CC:AC:47:E0:D0:84:DB:93:97:A7:3B:2B:39:FC:4B:6E
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:0a:33:83:c3:87:7f:ee:ec:24:7d:6d:be:52:5c:14:f8:7e:
         a8:7c:03:20:81:b0:8c:a6:96:9b:0d:4e:f0:11:c3:69:d5:b7:
         d5:62:31:8a:ec:af:ca:37:cd:8b:27:e6:b2:90:9d:dc:f7:dc:
         8b:e0:f5:db:ad:c5:f7:ba:9b:7f:96:5c:46:16:2b:61:8f:fa:
         2c:c1:98:85:b0:10:0c:1d:77:2b:1e:99:51:0c:85:f0:eb:1d:
         a6:0f:e8:52:0b:f3:6c:da:67:f8:e8:86:7f:4d:4c:e5:d2:6c:
         fb:fe:e5:86:1d:09:96:82:c1:87:1f:cd:b8:1f:d2:8d:1d:b8:
         f8:24:69:de:6f:dd:60:f4:76:e0:57:7e:49:d8:10:42:70:80:
         87:20:03:f6:28:d4:7f:77:42:88:92:87:93:02:87:d5:3a:a5:
         e8:0b:b3:05:ee:af:9a:4c:30:14:4a:31:a9:d2:4a:b7:e9:06:
         62:9f:b5:e0:ac:1a:7d:db:41:09:d0:5c:e2:fd:5d:cf:bc:12:
         7c:5e:17:c2:9e:93:81:a8:80:dd:94:e2:8e:34:bd:95:fb:66:
         96:24:dc:97:fd:57:0e:26:c4:e5:4c:1f:3a:d3:fe:1a:44:6f:
         77:0b:15:ac:e0:5e:ba:a4:f9:f2:0a:dc:47:d5:8f:36:71:ed:
         f8:44:e9:0e
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUANk2XC+RDJ+4ab61sw657UODZBQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA2MjkxMzAwMzdaFw0yNzA2MjgxMzA1MzdaMDMxMTAvBgNV
BAMTKDMwMjg5NUVEQ0NBQzQ3RTBEMDg0REI5Mzk3QTczQjJCMzlGQzRCNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8PTqBxXN3F+RDA2uIvtQu2gXk
KimCjZvd1LN3Fa/lhx7R0H04/OvrIh4dCKSSYTeGlbuY7iTSKZktEUpklt1WSn3f
LN8I2KdWMQNK7kUXDdndUIEqIF+AQ5Q5zeTl2XWGUmxM+iQABTYaAulIPyt+Ofw6
J9e/JSdAYFzAKbV/x/sLmfqjrw0eMrcaTiJoBFuDVvP7NQg7D/URDa4kMyRxprFa
0JoYIKEs9VTcf25m3JBgZighl+Dsqq81tOHgelBhLEQQbSM0ii9Ik9QYU7NfhxqJ
oN+Sd0XgHB+wlh8Y3P7uLasSaVJLJ1CINSrqXe7BvNxGo3FKBm6hB2g6BFPVAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUMCiV7cysR+DQhNuTl6c7Kzn8S24wHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I2TANBgkq
hkiG9w0BAQsFAAOCAQEAkwozg8OHf+7sJH1tvlJcFPh+qHwDIIGwjKaWmw1O8BHD
adW31WIxiuyvyjfNiyfmspCd3Pfci+D1263F97qbf5ZcRhYrYY/6LMGYhbAQDB13
Kx6ZUQyF8Osdpg/oUgvzbNpn+OiGf01M5dJs+/7lhh0JloLBhx/NuB/SjR24+CRp
3m/dYPR24Fd+SdgQQnCAhyAD9ijUf3dCiJKHkwKH1Tql6AuzBe6vmkwwFEoxqdJK
t+kGYp+14KwafdtBCdBc4v1dz7wSfF4Xwp6TgaiA3ZTijjS9lftmliTcl/1XDibE
5UwfOtP+GkRvdwsVrOBeuqT58grcR9WPNnHt+ETpDg==
-----END CERTIFICATE-----
Generated at Mon Jul 6 04:22:12 2026 by rpki-client