Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131372e302f32342d3234203d3e203134363138.roa
File:                     34352e36352e3131372e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          YsuhpLZLtEnsW3gxyfLMrYTwjA1jWDaFyhQCk0QKpEE=
Subject key identifier:   06:A1:85:B9:EB:45:50:4A:B9:DA:90:37:16:01:88:BC:2C:8F:10:09
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       4E86C9BCE82C521595CE085D53EDB0B4CCB0FBC4
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131372e302f32342d3234203d3e203134363138.roa
Signing time:             Mon 30 Mar 2026 14:28:59 +0000
ROA not before:           Mon 30 Mar 2026 14:23:59 +0000
ROA not after:            Mon 29 Mar 2027 14:28:59 +0000
asID:                     14618
IP address blocks:        45.65.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Apr 2026 10:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:86:c9:bc:e8:2c:52:15:95:ce:08:5d:53:ed:b0:b4:cc:b0:fb:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Mar 30 14:23:59 2026 GMT
            Not After : Mar 29 14:28:59 2027 GMT
        Subject: CN=06A185B9EB45504AB9DA9037160188BC2C8F1009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:67:6b:4a:f9:4d:b0:75:e7:42:9f:6f:4b:40:
                    bf:47:51:f4:07:17:9d:52:d8:c2:80:00:41:60:b6:
                    d4:0e:02:8d:18:2b:e3:7c:6f:23:80:02:b3:a7:c1:
                    34:f6:c9:4e:bb:8c:04:7f:e4:97:21:6a:c4:69:b6:
                    f5:92:bc:82:41:57:69:22:40:b0:d5:16:7b:44:0e:
                    67:d4:86:21:d6:49:03:b8:b8:50:bb:96:56:d6:87:
                    b3:9b:ee:35:ea:5e:3d:e1:59:6f:64:25:6d:24:52:
                    e3:e8:8e:8c:83:7c:c7:82:66:d7:96:63:dc:d9:ec:
                    e5:f3:75:15:34:ac:d4:73:81:8c:d2:4a:fd:56:dd:
                    eb:26:64:de:d6:b9:9e:de:27:e1:61:18:d5:3a:2a:
                    aa:d3:1c:c3:94:e9:a2:f3:d9:51:85:56:17:5a:c3:
                    c9:04:1c:17:9b:d6:2e:63:98:00:a6:f7:d8:b5:bd:
                    3d:3b:96:02:74:7c:84:29:7f:45:68:1e:0d:6d:1c:
                    55:5f:fb:1c:5f:8c:44:7c:62:80:08:f1:4f:69:a4:
                    55:5d:27:0d:5c:ab:61:f2:7f:a2:6d:c1:20:14:ac:
                    68:94:01:1b:24:16:60:de:ff:34:6f:88:a5:82:ff:
                    b7:65:09:07:d5:e0:f6:a3:2b:72:60:2f:fd:2c:b5:
                    e2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:A1:85:B9:EB:45:50:4A:B9:DA:90:37:16:01:88:BC:2C:8F:10:09
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131372e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:82:fd:18:6a:6d:fe:4f:e5:be:74:25:38:8b:77:ec:d5:d8:
         2b:da:ea:35:cf:7b:8b:c2:ab:c5:e3:d0:1e:91:3b:d3:1a:a0:
         a6:8d:59:c3:1b:4d:04:53:9e:28:75:4c:0b:cc:83:69:f8:2c:
         6c:71:0d:d1:69:5d:f9:da:b3:ee:a3:c5:cc:97:36:9d:83:40:
         66:a5:9e:8a:68:69:42:60:09:85:fc:8f:67:65:56:d4:5a:f8:
         0f:f5:64:8d:51:95:3d:ec:37:f3:d6:89:56:05:c0:07:1f:57:
         bd:b4:5f:6b:fa:e7:ef:ee:0b:d9:18:35:b2:b1:82:47:09:18:
         8a:bd:ea:06:4c:20:2f:1f:5c:09:02:ce:9b:0c:79:b5:f9:97:
         07:9a:1f:da:0e:87:d2:50:ec:ce:88:f3:f5:db:50:4a:1c:a0:
         aa:b1:bd:4f:02:66:e5:46:3a:94:13:1c:ce:4c:f8:98:e1:8b:
         20:4a:37:82:59:72:08:26:a3:29:27:ef:13:7d:cf:28:14:35:
         2d:52:10:d3:17:a1:cf:ff:8e:ad:2e:87:a4:a7:74:67:2f:cb:
         a0:79:ae:eb:d0:1e:1d:37:79:b4:f3:18:8f:85:6a:a6:2b:33:
         77:9b:eb:e2:3f:d2:4d:9d:a5:39:a5:2f:d7:44:90:36:c1:7b:
         6d:f3:a4:06
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTobJvOgsUhWVzghdU+2wtMyw+8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNjAzMzAxNDIzNTlaFw0yNzAzMjkxNDI4NTlaMDMxMTAvBgNV
BAMTKDA2QTE4NUI5RUI0NTUwNEFCOURBOTAzNzE2MDE4OEJDMkM4RjEwMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZ2tK+U2wdedCn29LQL9HUfQH
F51S2MKAAEFgttQOAo0YK+N8byOAArOnwTT2yU67jAR/5JchasRptvWSvIJBV2ki
QLDVFntEDmfUhiHWSQO4uFC7llbWh7Ob7jXqXj3hWW9kJW0kUuPojoyDfMeCZteW
Y9zZ7OXzdRU0rNRzgYzSSv1W3esmZN7WuZ7eJ+FhGNU6KqrTHMOU6aLz2VGFVhda
w8kEHBeb1i5jmACm99i1vT07lgJ0fIQpf0VoHg1tHFVf+xxfjER8YoAI8U9ppFVd
Jw1cq2Hyf6JtwSAUrGiUARskFmDe/zRviKWC/7dlCQfV4PajK3JgL/0steKLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBqGFuetFUEq52pA3FgGIvCyPEAkwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1B
dTANBgkqhkiG9w0BAQsFAAOCAQEAT4L9GGpt/k/lvnQlOIt37NXYK9rqNc97i8Kr
xePQHpE70xqgpo1ZwxtNBFOeKHVMC8yDafgsbHEN0Wld+dqz7qPFzJc2nYNAZqWe
imhpQmAJhfyPZ2VW1Fr4D/VkjVGVPew389aJVgXABx9XvbRfa/rn7+4L2Rg1srGC
RwkYir3qBkwgLx9cCQLOmwx5tfmXB5of2g6H0lDszojz9dtQShygqrG9TwJm5UY6
lBMczkz4mOGLIEo3gllyCCajKSfvE33PKBQ1LVIQ0xehz/+OrS6HpKd0Zy/LoHmu
69AeHTd5tPMYj4Vqpiszd5vr4j/STZ2lOaUv10SQNsF7bfOkBg==
-----END CERTIFICATE-----