Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20323038353034.roa
File:                     34352e31322e38332e302f32342d3234203d3e20323038353034.roa (raw, json)
Hash identifier:          WYcQa6xwYL2bCUUTAcLdsDJ8RFlUtXNsdJ0aWyo3xwc=
Subject key identifier:   C3:C4:AA:0F:31:E4:57:CA:0A:CB:56:A5:24:E3:63:A8:23:04:D8:30
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       343973CCD2B4B3E9AC3A24CE34ABDF378C6B5516
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20323038353034.roa
Signing time:             Thu 23 Apr 2026 07:00:16 +0000
ROA not before:           Thu 23 Apr 2026 06:55:16 +0000
ROA not after:            Thu 22 Apr 2027 07:00:16 +0000
asID:                     208504
IP address blocks:        45.12.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 21:44:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:39:73:cc:d2:b4:b3:e9:ac:3a:24:ce:34:ab:df:37:8c:6b:55:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Apr 23 06:55:16 2026 GMT
            Not After : Apr 22 07:00:16 2027 GMT
        Subject: CN=C3C4AA0F31E457CA0ACB56A524E363A82304D830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0c:42:f0:82:66:3c:32:fa:98:2b:ad:4b:7e:
                    7f:ff:7a:1b:bf:d6:a2:88:57:02:d5:92:0b:88:8c:
                    46:1e:c2:29:55:88:e9:05:9a:50:1a:e3:36:07:2e:
                    d0:93:92:54:9d:10:99:89:ca:2e:2f:61:9a:e1:77:
                    6b:bb:1f:cf:29:96:47:47:74:0a:ee:1f:e1:83:6f:
                    d8:2f:5a:74:c7:3e:7d:fa:42:38:79:56:97:fa:b1:
                    74:08:e8:56:b0:1a:b2:9e:48:cd:7f:3e:e5:b6:df:
                    60:ae:0a:5b:f9:97:33:61:b3:dd:f8:f7:40:f5:3c:
                    cd:00:05:87:9b:ea:6f:36:21:1b:f3:0e:21:42:1f:
                    ca:80:f5:c8:b5:80:88:b9:2c:4c:38:e6:fe:44:24:
                    1a:c7:c0:bb:4d:08:5d:d7:64:fe:e1:43:f3:ee:0d:
                    97:1b:8e:ab:4f:8a:bf:23:7a:45:8b:75:7e:71:93:
                    b2:00:40:92:b6:5e:f5:ac:ea:04:ac:d6:81:3d:e3:
                    a5:fa:81:5b:76:20:ca:dd:9f:96:da:f1:75:66:7a:
                    94:06:dc:6c:9c:54:a5:38:53:dc:b0:0a:db:82:85:
                    48:5d:1c:cd:5f:d0:e1:20:0d:3b:f0:b5:13:2f:37:
                    27:e3:cd:3f:61:a8:49:2d:97:09:0f:e0:f3:34:4d:
                    35:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:C4:AA:0F:31:E4:57:CA:0A:CB:56:A5:24:E3:63:A8:23:04:D8:30
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20323038353034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:2b:04:a4:7b:dd:fe:00:cd:78:d1:2f:f8:8a:92:74:a2:65:
         8c:52:a2:45:bb:7e:2f:b4:5b:f4:9d:7b:9f:75:da:d5:c0:24:
         b9:82:4e:78:ad:b9:9a:e5:10:ac:89:94:40:17:71:a9:f5:e2:
         ee:f5:7d:98:63:47:ad:ac:b3:5b:04:55:d7:23:91:17:86:5d:
         a2:c7:96:8a:7d:d2:4e:be:53:60:b7:43:29:63:8f:9e:e6:7e:
         cf:f7:52:64:00:17:6f:e7:e5:72:7c:e3:92:d3:66:f3:53:e9:
         6f:a6:e1:c1:18:cd:18:53:d1:b1:17:b4:cd:49:d8:a6:95:6b:
         36:b8:d6:7e:eb:45:84:64:0a:06:d1:ba:90:b3:61:47:ae:99:
         bb:ab:8c:6b:6c:79:a6:42:81:ca:86:49:6b:33:2c:e3:99:7c:
         a4:a2:23:2f:ab:03:92:38:10:8a:99:1d:fd:9a:ee:9d:db:6f:
         a7:47:43:e2:5e:d7:48:e3:f2:96:29:91:10:52:fb:2f:6e:6a:
         3b:90:3c:3d:43:d5:4e:0e:d9:53:b4:db:c0:cc:b5:36:c3:a4:
         27:50:76:9c:ba:35:23:41:4e:10:7c:68:be:eb:11:21:67:7a:
         5e:c0:a4:1c:f1:64:1a:70:39:92:b5:7b:9e:de:85:05:b4:0e:
         8a:e8:c2:0c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNDlzzNK0s+msOiTONKvfN4xrVRYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA0MjMwNjU1MTZaFw0yNzA0MjIwNzAwMTZaMDMxMTAvBgNV
BAMTKEMzQzRBQTBGMzFFNDU3Q0EwQUNCNTZBNTI0RTM2M0E4MjMwNEQ4MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6DELwgmY8MvqYK61Lfn//ehu/
1qKIVwLVkguIjEYewilViOkFmlAa4zYHLtCTklSdEJmJyi4vYZrhd2u7H88plkdH
dAruH+GDb9gvWnTHPn36Qjh5Vpf6sXQI6FawGrKeSM1/PuW232CuClv5lzNhs934
90D1PM0ABYeb6m82IRvzDiFCH8qA9ci1gIi5LEw45v5EJBrHwLtNCF3XZP7hQ/Pu
DZcbjqtPir8jekWLdX5xk7IAQJK2XvWs6gSs1oE946X6gVt2IMrdn5ba8XVmepQG
3GycVKU4U9ywCtuChUhdHM1f0OEgDTvwtRMvNyfjzT9hqEktlwkP4PM0TTU5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUw8SqDzHkV8oKy1alJONjqCME2DAwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzODM1MzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0M
UzANBgkqhkiG9w0BAQsFAAOCAQEAqysEpHvd/gDNeNEv+IqSdKJljFKiRbt+L7Rb
9J17n3Xa1cAkuYJOeK25muUQrImUQBdxqfXi7vV9mGNHrayzWwRV1yORF4ZdoseW
in3STr5TYLdDKWOPnuZ+z/dSZAAXb+flcnzjktNm81Ppb6bhwRjNGFPRsRe0zUnY
ppVrNrjWfutFhGQKBtG6kLNhR66Zu6uMa2x5pkKByoZJazMs45l8pKIjL6sDkjgQ
ipkd/Zrundtvp0dD4l7XSOPylimREFL7L25qO5A8PUPVTg7ZU7TbwMy1NsOkJ1B2
nLo1I0FOEHxovusRIWd6XsCkHPFkGnA5krV7nt6FBbQOiujCDA==
-----END CERTIFICATE-----