Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20383334.roa
File:                     34352e31322e38332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          L1uXxY3BwWFLLALuAK+CIC/PHuq4ekhQhqD5j68JFsg=
Subject key identifier:   5D:6D:5F:F9:3B:F3:64:F9:F4:A6:A1:40:88:83:C0:43:63:9A:2F:86
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       0780A89578DAFFBEE01A18919E4C0E9D93D32995
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 23 Jun 2026 06:52:01 +0000
ROA not before:           Tue 23 Jun 2026 06:47:01 +0000
ROA not after:            Tue 22 Jun 2027 06:52:01 +0000
asID:                     834
IP address blocks:        45.12.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 18:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:80:a8:95:78:da:ff:be:e0:1a:18:91:9e:4c:0e:9d:93:d3:29:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun 23 06:47:01 2026 GMT
            Not After : Jun 22 06:52:01 2027 GMT
        Subject: CN=5D6D5FF93BF364F9F4A6A1408883C043639A2F86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:99:3a:d6:20:97:d8:39:bd:4e:95:0b:14:ac:
                    57:77:fd:3d:8e:37:9a:99:54:40:b2:9a:56:4d:be:
                    7d:ee:07:e6:d0:c2:c4:53:2a:8d:37:2a:75:d7:68:
                    75:c6:17:43:80:89:c0:bc:96:55:57:bd:33:4b:ba:
                    41:79:30:37:db:e4:7d:6c:a9:02:ea:85:52:14:6c:
                    88:58:0b:89:88:b5:ab:1d:e7:af:c3:ca:f8:22:4e:
                    e2:21:8f:da:3f:42:65:e6:fd:c3:79:f2:d5:8c:82:
                    ce:df:4d:c6:16:6b:e7:76:37:20:f2:76:f5:da:5d:
                    07:09:b6:4a:92:3b:d0:06:62:bf:91:b9:1c:a5:c9:
                    1c:65:0f:2d:c5:03:48:74:19:19:92:da:4e:ad:c1:
                    9f:ec:d2:27:18:88:d7:1f:a8:ad:c4:e4:2c:59:d5:
                    ae:8a:d8:b0:da:cc:8d:b6:23:db:b9:4d:21:fc:de:
                    78:37:33:f1:7b:d5:17:90:34:7d:eb:61:25:a6:85:
                    c9:d7:be:bd:46:2f:4b:16:b9:92:a0:23:bc:0f:6b:
                    43:9e:a8:bc:fd:a8:d8:57:09:bc:88:39:e1:87:ae:
                    57:ef:37:8b:e1:02:4b:14:ed:fc:1d:5f:91:8a:77:
                    c1:12:d2:9f:5f:08:17:5c:e0:7c:1c:04:8b:ad:de:
                    2c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:6D:5F:F9:3B:F3:64:F9:F4:A6:A1:40:88:83:C0:43:63:9A:2F:86
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:e5:c7:a7:d7:b3:c2:4d:f9:2d:2a:93:d6:1b:e5:ba:2b:d6:
         3e:17:0d:c2:a5:fd:9e:78:05:ba:c2:fc:71:de:16:4d:0e:f2:
         a9:6b:5b:82:48:4d:8c:bd:76:51:43:9f:a6:b3:0c:74:2d:f5:
         b2:5d:bc:a6:61:fb:b7:a4:45:81:f0:79:01:81:33:48:96:c8:
         3d:aa:76:c9:65:4a:6e:dc:f5:dd:27:2e:32:4c:13:33:26:9e:
         fc:f1:2d:47:29:04:d6:65:38:a1:f5:d5:4e:70:1b:eb:64:13:
         45:33:7a:a6:d7:71:4e:c7:f2:cd:2a:54:fe:5e:08:1c:cd:14:
         ec:9c:9e:c4:2e:e1:cf:34:cf:06:46:16:52:d6:b3:56:59:96:
         4b:bb:81:32:99:d0:1a:cf:cd:50:7a:94:a2:ab:10:2a:44:e4:
         98:e4:3b:33:04:09:80:82:ee:c2:11:b0:b6:79:8d:a6:71:79:
         d4:07:f4:de:b0:c1:c0:90:df:12:b7:bf:1e:95:00:57:11:3a:
         b8:98:7d:e8:f9:d0:e7:84:cb:75:55:b0:97:b5:23:60:e1:b4:
         e5:6b:d4:e7:51:56:e2:7a:90:91:4e:d0:79:22:d9:08:a5:cc:
         45:97:50:1e:fc:8d:50:81:7c:0b:25:c2:58:49:b1:e2:56:cd:
         c8:24:95:a4
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUB4ColXja/77gGhiRnkwOnZPTKZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA2MjMwNjQ3MDFaFw0yNzA2MjIwNjUyMDFaMDMxMTAvBgNV
BAMTKDVENkQ1RkY5M0JGMzY0RjlGNEE2QTE0MDg4ODNDMDQzNjM5QTJGODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChmTrWIJfYOb1OlQsUrFd3/T2O
N5qZVECymlZNvn3uB+bQwsRTKo03KnXXaHXGF0OAicC8llVXvTNLukF5MDfb5H1s
qQLqhVIUbIhYC4mItasd56/DyvgiTuIhj9o/QmXm/cN58tWMgs7fTcYWa+d2NyDy
dvXaXQcJtkqSO9AGYr+RuRylyRxlDy3FA0h0GRmS2k6twZ/s0icYiNcfqK3E5CxZ
1a6K2LDazI22I9u5TSH83ng3M/F71ReQNH3rYSWmhcnXvr1GL0sWuZKgI7wPa0Oe
qLz9qNhXCbyIOeGHrlfvN4vhAksU7fwdX5GKd8ES0p9fCBdc4HwcBIut3izpAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUXW1f+TvzZPn0pqFAiIPAQ2OaL4YwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0MUzANBgkq
hkiG9w0BAQsFAAOCAQEAnuXHp9ezwk35LSqT1hvluivWPhcNwqX9nngFusL8cd4W
TQ7yqWtbgkhNjL12UUOfprMMdC31sl28pmH7t6RFgfB5AYEzSJbIPap2yWVKbtz1
3ScuMkwTMyae/PEtRykE1mU4ofXVTnAb62QTRTN6ptdxTsfyzSpU/l4IHM0U7Jye
xC7hzzTPBkYWUtazVlmWS7uBMpnQGs/NUHqUoqsQKkTkmOQ7MwQJgILuwhGwtnmN
pnF51Af03rDBwJDfEre/HpUAVxE6uJh96PnQ54TLdVWwl7UjYOG05WvU51FW4nqQ
kU7QeSLZCKXMRZdQHvyNUIF8CyXCWEmx4lbNyCSVpA==
-----END CERTIFICATE-----