Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131372e302f32342d3234203d3e20383334.roa
File:                     34352e36352e3131372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          X3RB9rknKSv++HAGHsS3Ear0gkAfukvHaYKT6ND85Ig=
Subject key identifier:   1C:3A:8F:45:C6:9E:F9:03:86:B3:9A:8E:51:AC:41:FD:26:D7:DC:40
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       205374532567E2279E422C4495220C410AC22A90
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131372e302f32342d3234203d3e20383334.roa
Signing time:             Fri 27 Mar 2026 09:14:10 +0000
ROA not before:           Fri 27 Mar 2026 09:09:10 +0000
ROA not after:            Fri 26 Mar 2027 09:14:10 +0000
asID:                     834
IP address blocks:        45.65.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:53:74:53:25:67:e2:27:9e:42:2c:44:95:22:0c:41:0a:c2:2a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Mar 27 09:09:10 2026 GMT
            Not After : Mar 26 09:14:10 2027 GMT
        Subject: CN=1C3A8F45C69EF90386B39A8E51AC41FD26D7DC40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:10:d2:f5:00:05:5a:27:7b:ea:dd:a1:b4:e1:
                    a1:d7:5d:ea:de:af:d2:7f:d6:a5:6a:0a:98:9f:e1:
                    69:90:18:40:15:7a:82:1b:23:df:a8:17:27:7d:a7:
                    10:3b:8b:43:73:1a:48:eb:2d:c9:47:da:a8:86:1f:
                    ca:0d:3d:6b:86:ae:29:02:ea:18:19:3c:b0:0b:cb:
                    fb:c3:87:23:bf:2e:04:90:6b:99:85:60:26:24:ce:
                    bf:77:f3:b0:99:76:2c:77:fc:d6:7f:f9:9b:48:89:
                    26:96:7f:f8:2e:5a:75:c5:ad:e9:5b:c2:6c:8c:b1:
                    2a:88:c3:ea:ed:0d:ab:65:2f:b1:05:23:1e:c4:bd:
                    af:f5:14:d4:2f:7a:10:16:cb:4e:7f:79:98:05:6b:
                    3c:30:22:d8:3f:a9:3d:dd:09:7d:c1:a9:3a:d7:2e:
                    64:6a:f4:8a:dd:f7:09:22:b2:c9:2e:7e:b1:42:d8:
                    eb:3b:39:a8:54:a0:89:59:60:b8:48:71:21:d5:7a:
                    6e:d2:8f:3e:87:95:fa:db:42:68:2e:e5:26:e0:61:
                    80:36:54:bb:65:ac:8a:7f:2e:94:55:fd:55:c2:b5:
                    84:10:6e:66:70:85:2f:5d:a3:d7:b8:58:ca:86:09:
                    68:e5:0f:74:e6:9e:75:fa:fd:d8:8f:c2:b5:49:c2:
                    0b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3A:8F:45:C6:9E:F9:03:86:B3:9A:8E:51:AC:41:FD:26:D7:DC:40
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:d7:50:a5:9b:a7:4f:5c:f4:88:d2:70:8d:ac:0b:76:92:ae:
         95:8f:d8:cb:6b:93:0c:ba:8c:30:a5:5b:62:7e:44:e6:9f:cf:
         7e:ae:ec:52:0f:42:aa:7b:4f:b8:a8:0d:ff:70:37:5a:26:2b:
         d8:e1:af:75:b7:7d:1d:c6:5b:74:61:6c:9a:b1:7e:bd:41:f4:
         be:b3:7e:91:d2:cd:fa:44:79:ab:4c:07:72:83:40:36:7a:a2:
         6b:e7:ee:f2:a9:38:b3:81:e2:9c:23:1b:18:1a:d5:0a:95:d3:
         07:26:81:dc:08:59:02:54:2f:be:53:8f:20:b2:d9:84:d4:8d:
         c2:e3:ec:fd:6b:0b:69:27:c3:dd:be:b4:80:ef:cf:0e:f4:7d:
         8f:ed:3b:d0:3b:83:76:aa:85:27:d4:17:bb:49:b4:66:0a:0f:
         30:da:e1:8a:28:56:b8:46:ad:6f:ce:63:62:f1:cd:54:98:a7:
         32:a8:82:d2:90:fd:c3:0c:d4:b3:62:29:72:9b:d8:81:4c:25:
         b4:ee:21:f3:96:cd:07:2e:6c:7e:66:c6:3d:e5:57:f5:cb:47:
         c1:c6:c3:8f:b1:8f:00:22:58:46:ff:8d:27:fe:cb:6e:d5:57:
         96:4a:17:b5:08:b0:a8:6f:cc:3d:ec:7b:8c:c5:d2:5f:5c:9d:
         75:4e:e8:af
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUIFN0UyVn4ieeQixElSIMQQrCKpAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNjAzMjcwOTA5MTBaFw0yNzAzMjYwOTE0MTBaMDMxMTAvBgNV
BAMTKDFDM0E4RjQ1QzY5RUY5MDM4NkIzOUE4RTUxQUM0MUZEMjZEN0RDNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ENL1AAVaJ3vq3aG04aHXXere
r9J/1qVqCpif4WmQGEAVeoIbI9+oFyd9pxA7i0NzGkjrLclH2qiGH8oNPWuGrikC
6hgZPLALy/vDhyO/LgSQa5mFYCYkzr9387CZdix3/NZ/+ZtIiSaWf/guWnXFrelb
wmyMsSqIw+rtDatlL7EFIx7Eva/1FNQvehAWy05/eZgFazwwItg/qT3dCX3BqTrX
LmRq9Ird9wkisskufrFC2Os7OahUoIlZYLhIcSHVem7Sjz6HlfrbQmgu5SbgYYA2
VLtlrIp/LpRV/VXCtYQQbmZwhS9do9e4WMqGCWjlD3TmnnX6/diPwrVJwgtFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUHDqPRcae+QOGs5qOUaxB/SbX3EAwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUF1MA0G
CSqGSIb3DQEBCwUAA4IBAQCe11Clm6dPXPSI0nCNrAt2kq6Vj9jLa5MMuowwpVti
fkTmn89+ruxSD0Kqe0+4qA3/cDdaJivY4a91t30dxlt0YWyasX69QfS+s36R0s36
RHmrTAdyg0A2eqJr5+7yqTizgeKcIxsYGtUKldMHJoHcCFkCVC++U48gstmE1I3C
4+z9awtpJ8PdvrSA788O9H2P7TvQO4N2qoUn1Be7SbRmCg8w2uGKKFa4Rq1vzmNi
8c1UmKcyqILSkP3DDNSzYilym9iBTCW07iHzls0HLmx+ZsY95Vf1y0fBxsOPsY8A
IlhG/40n/stu1VeWShe1CLCob8w97HuMxdJfXJ11Tuiv
-----END CERTIFICATE-----