Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e20383334.roa
File:                     34352e39352e3231342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          uyj9M5GZXb1vwLJgAddMi8WHcGBSQHUnQEDwce5+NPA=
Subject key identifier:   99:F2:00:32:61:D1:39:2A:A9:95:B0:2C:77:7F:5B:FB:D4:E1:C7:66
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       146E75AD829E85B7F74E2F359B14FFD77111A3C1
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e20383334.roa
Signing time:             Thu 02 Apr 2026 00:03:54 +0000
ROA not before:           Wed 01 Apr 2026 23:58:54 +0000
ROA not after:            Thu 01 Apr 2027 00:03:54 +0000
asID:                     834
IP address blocks:        45.95.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Apr 2026 07:05:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:6e:75:ad:82:9e:85:b7:f7:4e:2f:35:9b:14:ff:d7:71:11:a3:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Apr  1 23:58:54 2026 GMT
            Not After : Apr  1 00:03:54 2027 GMT
        Subject: CN=99F2003261D1392AA995B02C777F5BFBD4E1C766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d9:7c:a4:a6:99:0a:53:31:ee:79:f0:e2:0b:
                    60:46:0a:b8:88:39:b9:a7:e9:5e:d3:44:35:7e:ca:
                    e9:7f:a6:6c:05:49:1f:6f:4c:aa:19:03:2f:6c:84:
                    d3:82:f2:2e:72:d2:f7:27:c5:48:31:03:1a:6e:cb:
                    62:a2:f9:0b:18:03:0e:3a:2c:67:e3:f2:d9:47:55:
                    93:ed:66:f0:f4:99:4a:64:4a:1e:aa:cc:68:46:9e:
                    21:a6:e9:7f:b2:f2:3c:fa:b8:1f:92:3e:d9:97:3a:
                    76:c8:bd:ba:f3:c8:ad:76:f6:31:63:50:1d:6f:e9:
                    0a:29:bb:56:46:7c:6e:51:86:cd:6e:af:f3:ac:26:
                    12:02:c2:a4:bc:27:02:af:7a:9e:7f:6c:9e:7e:fc:
                    bc:54:5d:bc:d7:37:dd:ad:f3:70:fa:a7:8d:e5:4c:
                    57:eb:f7:91:a2:54:be:0b:c1:bc:64:ee:01:f6:36:
                    91:99:3d:d1:04:e6:b9:fc:a3:12:a5:52:aa:a8:a8:
                    b4:49:d4:4e:51:92:ee:3a:1c:8c:dc:54:ab:45:00:
                    51:07:c7:0e:5d:b0:24:7d:d5:d2:2b:0d:c3:69:5a:
                    1f:6e:ca:ad:e9:27:36:bf:03:80:a9:f4:b5:f5:26:
                    e9:4f:3c:e2:98:f3:ae:01:16:0a:0c:8f:e4:23:75:
                    8b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F2:00:32:61:D1:39:2A:A9:95:B0:2C:77:7F:5B:FB:D4:E1:C7:66
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e39352e3231342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:6d:10:7c:5c:c3:fd:1c:0e:8e:d3:44:8e:d7:e7:af:a8:80:
         2e:52:05:a2:2f:10:e3:a3:1e:97:71:b6:48:26:c7:58:0f:37:
         62:63:7a:d0:fc:25:7a:99:43:f7:c2:50:cb:86:a5:97:1f:86:
         b7:ea:55:cc:39:7f:54:8e:91:76:67:45:df:5f:96:f8:13:80:
         48:26:a6:db:b3:a1:84:cf:48:4a:41:2d:9c:df:3a:bc:0b:41:
         de:69:61:ef:3f:76:12:1b:e9:39:46:48:de:8c:fd:ee:3d:1b:
         40:f6:4a:c0:ba:89:13:62:b5:36:3d:0e:21:02:f4:37:5f:5b:
         45:c5:9b:a5:b8:5d:13:e3:0c:cd:dd:e3:55:5d:c4:a4:e7:5d:
         40:97:81:90:63:2f:86:9d:93:8b:de:48:f1:68:6a:e0:ed:b4:
         f9:33:8c:66:3a:f9:10:87:fc:1d:62:8e:36:a0:c0:77:98:5d:
         9c:05:99:33:58:50:84:0e:34:7b:5e:11:db:93:dd:83:ab:38:
         c8:b9:1a:a1:27:9c:6c:6f:9f:20:76:b5:ff:1d:0a:a8:72:c7:
         86:4f:12:ce:30:4f:78:e3:58:83:d2:3e:f9:21:70:76:52:c0:
         2d:e7:d6:11:ab:a6:e4:71:65:4f:c4:fa:ef:e4:35:68:df:4b:
         3a:d6:cb:6f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUFG51rYKehbf3Ti81mxT/13ERo8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjA0MDEyMzU4NTRaFw0yNzA0MDEwMDAzNTRaMDMxMTAvBgNV
BAMTKDk5RjIwMDMyNjFEMTM5MkFBOTk1QjAyQzc3N0Y1QkZCRDRFMUM3NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCG2XykppkKUzHuefDiC2BGCriI
Obmn6V7TRDV+yul/pmwFSR9vTKoZAy9shNOC8i5y0vcnxUgxAxpuy2Ki+QsYAw46
LGfj8tlHVZPtZvD0mUpkSh6qzGhGniGm6X+y8jz6uB+SPtmXOnbIvbrzyK129jFj
UB1v6Qopu1ZGfG5Rhs1ur/OsJhICwqS8JwKvep5/bJ5+/LxUXbzXN92t83D6p43l
TFfr95GiVL4Lwbxk7gH2NpGZPdEE5rn8oxKlUqqoqLRJ1E5Rku46HIzcVKtFAFEH
xw5dsCR91dIrDcNpWh9uyq3pJza/A4Cp9LX1JulPPOKY864BFgoMj+QjdYtHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUmfIAMmHROSqplbAsd39b+9Thx2YwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzkzNTJlMzIzMTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV/WMA0G
CSqGSIb3DQEBCwUAA4IBAQCybRB8XMP9HA6O00SO1+evqIAuUgWiLxDjox6XcbZI
JsdYDzdiY3rQ/CV6mUP3wlDLhqWXH4a36lXMOX9UjpF2Z0XfX5b4E4BIJqbbs6GE
z0hKQS2c3zq8C0HeaWHvP3YSG+k5RkjejP3uPRtA9krAuokTYrU2PQ4hAvQ3X1tF
xZuluF0T4wzN3eNVXcSk511Al4GQYy+GnZOL3kjxaGrg7bT5M4xmOvkQh/wdYo42
oMB3mF2cBZkzWFCEDjR7XhHbk92DqzjIuRqhJ5xsb58gdrX/HQqocseGTxLOME94
41iD0j75IXB2UsAt59YRq6bkcWVPxPrv5DVo30s61stv
-----END CERTIFICATE-----