Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313532363732.roa
File:                     34352e31322e38322e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          6HTAaVLoUrwP/bdAOh7Y8s32EHNezdrTJQAqpgHyNn8=
Subject key identifier:   28:06:60:34:20:CE:5E:6D:AB:C9:39:B5:11:5B:61:AC:37:4B:43:24
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       0C02A2ADD23763BA5F94255D7BE3A11A5F262B5C
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313532363732.roa
Signing time:             Mon 01 Jun 2026 06:47:20 +0000
ROA not before:           Mon 01 Jun 2026 06:42:20 +0000
ROA not after:            Mon 31 May 2027 06:47:20 +0000
asID:                     152672
IP address blocks:        45.12.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:02:a2:ad:d2:37:63:ba:5f:94:25:5d:7b:e3:a1:1a:5f:26:2b:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun  1 06:42:20 2026 GMT
            Not After : May 31 06:47:20 2027 GMT
        Subject: CN=2806603420CE5E6DABC939B5115B61AC374B4324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bb:6a:5d:6f:7c:c7:5f:74:ed:ff:29:3d:2b:
                    6e:ec:38:da:76:eb:c1:85:27:ee:07:e3:dd:66:4b:
                    ee:da:e6:87:e4:11:9b:cb:12:1f:1f:a4:a6:a8:0f:
                    3d:9d:3b:57:36:a2:77:1f:83:e4:21:47:8b:03:e0:
                    0a:7b:79:ba:05:f4:ad:9e:f4:4b:84:d3:81:86:57:
                    d9:ff:af:22:07:aa:be:bd:33:3c:44:d3:0c:e9:17:
                    1c:97:25:af:e2:4b:32:ac:cf:37:31:0f:2d:b7:92:
                    0e:14:fe:36:ce:55:41:8b:25:9c:f9:05:31:e6:de:
                    67:f1:4c:d4:bb:ae:4b:f5:d6:04:6c:2f:c1:1c:0b:
                    41:fa:f2:5d:30:9c:08:be:7b:b1:ba:65:23:0a:5d:
                    36:52:a7:d6:e4:53:9e:31:bb:07:8c:3f:31:48:65:
                    38:a8:82:5c:65:98:c9:ed:ac:b3:68:3c:52:fe:93:
                    25:6d:3e:47:5d:01:75:29:b9:94:53:02:1b:80:b0:
                    df:13:40:81:cc:2f:2a:9d:b3:41:3f:3e:3f:72:86:
                    3e:db:e9:0a:a7:d0:30:31:43:ad:c9:a0:48:bf:75:
                    9d:c3:a0:b8:65:59:d8:c1:96:5e:9d:53:17:03:07:
                    78:aa:33:81:36:d4:e8:b6:20:05:bf:d9:c0:3e:ce:
                    2c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:06:60:34:20:CE:5E:6D:AB:C9:39:B5:11:5B:61:AC:37:4B:43:24
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38322e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c9:b0:c4:a6:15:03:d1:a2:8f:57:61:82:be:51:00:3b:7c:
         bc:ff:7b:17:15:f0:65:c7:6b:5f:82:77:59:85:90:be:25:3a:
         2b:bd:4b:5a:21:1b:8a:19:bc:c4:a5:8f:26:03:17:ba:29:ad:
         78:6b:39:f9:bc:b4:35:c4:89:20:d4:21:55:7d:1c:eb:83:5b:
         dd:b9:33:d3:16:8e:7b:df:c5:e4:a5:25:14:a9:ac:18:38:8e:
         54:8a:aa:46:2f:1b:03:28:d8:f1:bc:8e:ea:a1:60:c3:00:82:
         e8:5e:80:31:fc:53:62:e3:81:6b:00:08:50:fa:14:98:be:91:
         8c:64:2b:ee:d6:82:aa:31:60:9c:7b:41:44:f6:2a:ff:51:a4:
         bb:68:0f:99:2b:0c:a3:4a:3e:88:ad:cd:6d:ef:86:c8:76:81:
         21:0d:1a:5d:95:63:1d:51:5b:cb:e5:41:19:50:ff:b7:f0:52:
         1c:0c:5a:88:cf:e0:95:40:c2:dd:e2:96:7b:f8:8d:2f:1c:33:
         e1:de:6b:c7:8a:7e:0f:31:0b:2b:2f:ce:1a:74:f4:85:92:1b:
         e8:36:64:3c:3d:05:05:65:de:68:1e:8a:83:a7:47:2d:29:c0:
         e8:fd:f7:62:7c:90:93:aa:b5:ba:9f:d3:dd:76:63:07:bb:62:
         f9:15:a3:78
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDAKirdI3Y7pflCVde+OhGl8mK1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA2MDEwNjQyMjBaFw0yNzA1MzEwNjQ3MjBaMDMxMTAvBgNV
BAMTKDI4MDY2MDM0MjBDRTVFNkRBQkM5MzlCNTExNUI2MUFDMzc0QjQzMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCau2pdb3zHX3Tt/yk9K27sONp2
68GFJ+4H491mS+7a5ofkEZvLEh8fpKaoDz2dO1c2oncfg+QhR4sD4Ap7eboF9K2e
9EuE04GGV9n/ryIHqr69MzxE0wzpFxyXJa/iSzKszzcxDy23kg4U/jbOVUGLJZz5
BTHm3mfxTNS7rkv11gRsL8EcC0H68l0wnAi+e7G6ZSMKXTZSp9bkU54xuweMPzFI
ZTioglxlmMntrLNoPFL+kyVtPkddAXUpuZRTAhuAsN8TQIHMLyqds0E/Pj9yhj7b
6Qqn0DAxQ63JoEi/dZ3DoLhlWdjBll6dUxcDB3iqM4E21Oi2IAW/2cA+zixtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKAZgNCDOXm2ryTm1EVthrDdLQyQwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzUzMjM2MzczMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0M
UjANBgkqhkiG9w0BAQsFAAOCAQEAMsmwxKYVA9Gij1dhgr5RADt8vP97FxXwZcdr
X4J3WYWQviU6K71LWiEbihm8xKWPJgMXuimteGs5+by0NcSJINQhVX0c64Nb3bkz
0xaOe9/F5KUlFKmsGDiOVIqqRi8bAyjY8byO6qFgwwCC6F6AMfxTYuOBawAIUPoU
mL6RjGQr7taCqjFgnHtBRPYq/1Gku2gPmSsMo0o+iK3Nbe+GyHaBIQ0aXZVjHVFb
y+VBGVD/t/BSHAxaiM/glUDC3eKWe/iNLxwz4d5rx4p+DzELKy/OGnT0hZIb6DZk
PD0FBWXeaB6Kg6dHLSnA6P33YnyQk6q1up/T3XZjB7ti+RWjeA==
-----END CERTIFICATE-----