Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa
File:                     34352e36352e3131392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          cGkQwcVEE512D9C912vziYXB2qqEMT2ui3nkPwKe75c=
Subject key identifier:   AE:DD:9C:29:CC:8C:DE:00:92:2A:81:51:ED:CB:E3:68:36:41:41:19
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       3FE5AB41D1BB9D990A3FA7183343535637E3D22A
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 13 Apr 2026 13:17:01 +0000
ROA not before:           Mon 13 Apr 2026 13:12:01 +0000
ROA not after:            Mon 12 Apr 2027 13:17:01 +0000
asID:                     834
IP address blocks:        45.65.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 14:30:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:e5:ab:41:d1:bb:9d:99:0a:3f:a7:18:33:43:53:56:37:e3:d2:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Apr 13 13:12:01 2026 GMT
            Not After : Apr 12 13:17:01 2027 GMT
        Subject: CN=AEDD9C29CC8CDE00922A8151EDCBE36836414119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:94:6f:53:34:58:30:d1:04:29:f8:ae:12:61:
                    66:92:fe:24:63:1c:42:83:eb:b7:a2:50:7c:cf:e5:
                    1e:73:8d:9e:dc:53:c8:3f:7a:14:c2:50:20:1c:8f:
                    53:dc:6e:01:b4:44:f7:34:64:a6:f5:24:5e:d7:70:
                    4e:04:42:90:a2:41:82:6b:c8:c1:72:4d:db:2e:93:
                    42:d2:94:47:91:fe:d0:59:0d:f2:6a:45:ba:ba:e1:
                    3c:bc:80:71:1b:9d:9c:92:cc:4e:d6:a4:05:48:a7:
                    78:bd:7d:46:42:e6:1c:29:be:ca:04:62:ee:0e:1a:
                    1d:4b:32:e2:1f:56:7e:9f:f2:db:c9:de:51:7e:6a:
                    49:a6:3a:96:0f:2b:2f:35:85:0f:8e:5f:36:f4:cd:
                    e5:e9:32:56:52:eb:3a:92:22:a0:02:dd:63:3f:24:
                    36:e0:5f:0c:74:83:86:11:97:ed:a4:bd:b3:50:a4:
                    18:33:f1:60:78:c0:39:cb:b8:1e:84:ca:16:bc:81:
                    47:b0:a2:50:03:31:40:2f:05:67:9b:51:d4:a1:09:
                    83:a6:bf:0c:b3:a0:9e:50:33:1b:07:7d:70:d2:75:
                    ed:39:0f:71:14:c6:c9:53:01:d1:6b:e6:3e:de:a4:
                    23:b3:55:2f:6f:ec:1a:2a:d2:28:cc:10:f9:90:60:
                    f9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:DD:9C:29:CC:8C:DE:00:92:2A:81:51:ED:CB:E3:68:36:41:41:19
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a9:85:e7:41:43:e4:6f:24:7c:ed:28:3b:10:47:d3:ec:dd:
         64:66:55:b7:fe:79:20:08:3b:85:6a:1c:c3:c4:ae:cd:58:e7:
         65:43:87:ea:4f:68:94:1f:5e:95:03:17:05:23:38:b6:60:eb:
         be:b5:e4:40:a6:06:51:14:fb:2a:ca:93:8b:70:a0:c9:62:c5:
         14:ce:1b:58:63:09:47:37:89:71:fb:85:82:db:02:59:72:af:
         89:55:2a:f6:22:dd:d3:ca:79:78:00:f3:eb:b9:70:d8:90:b6:
         08:6b:67:7b:8b:d7:a3:8b:5e:ab:ff:5a:71:00:10:b8:59:34:
         b2:b4:07:c6:76:c0:7d:2b:72:d8:df:a3:cd:d9:ce:07:34:e0:
         cb:f6:52:d7:38:49:16:ea:12:97:2e:8f:b9:4b:8d:99:cf:57:
         75:98:05:9a:db:08:15:87:99:7c:37:9e:27:ce:fa:e1:84:d3:
         62:52:88:8c:15:60:29:26:2f:e4:38:b8:57:e6:18:da:47:73:
         a5:45:f3:be:13:98:17:86:e5:f6:50:b4:34:c5:2b:52:23:5c:
         32:48:2f:88:63:77:b4:97:43:ab:4b:34:f5:60:55:04:1c:a0:
         aa:2c:18:0f:c2:b3:03:07:43:f4:53:93:5a:26:7c:29:32:11:
         3f:d4:27:d8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUP+WrQdG7nZkKP6cYM0NTVjfj0iowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNjA0MTMxMzEyMDFaFw0yNzA0MTIxMzE3MDFaMDMxMTAvBgNV
BAMTKEFFREQ5QzI5Q0M4Q0RFMDA5MjJBODE1MUVEQ0JFMzY4MzY0MTQxMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9lG9TNFgw0QQp+K4SYWaS/iRj
HEKD67eiUHzP5R5zjZ7cU8g/ehTCUCAcj1PcbgG0RPc0ZKb1JF7XcE4EQpCiQYJr
yMFyTdsuk0LSlEeR/tBZDfJqRbq64Ty8gHEbnZySzE7WpAVIp3i9fUZC5hwpvsoE
Yu4OGh1LMuIfVn6f8tvJ3lF+akmmOpYPKy81hQ+OXzb0zeXpMlZS6zqSIqAC3WM/
JDbgXwx0g4YRl+2kvbNQpBgz8WB4wDnLuB6Eyha8gUewolADMUAvBWebUdShCYOm
vwyzoJ5QMxsHfXDSde05D3EUxslTAdFr5j7epCOzVS9v7Boq0ijMEPmQYPndAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUrt2cKcyM3gCSKoFR7cvjaDZBQRkwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUF3MA0G
CSqGSIb3DQEBCwUAA4IBAQCcqYXnQUPkbyR87Sg7EEfT7N1kZlW3/nkgCDuFahzD
xK7NWOdlQ4fqT2iUH16VAxcFIzi2YOu+teRApgZRFPsqypOLcKDJYsUUzhtYYwlH
N4lx+4WC2wJZcq+JVSr2It3Tynl4APPruXDYkLYIa2d7i9eji16r/1pxABC4WTSy
tAfGdsB9K3LY36PN2c4HNODL9lLXOEkW6hKXLo+5S42Zz1d1mAWa2wgVh5l8N54n
zvrhhNNiUoiMFWApJi/kOLhX5hjaR3OlRfO+E5gXhuX2ULQ0xStSI1wySC+IY3e0
l0OrSzT1YFUEHKCqLBgPwrMDB0P0U5NaJnwpMhE/1CfY
-----END CERTIFICATE-----