Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20383334.roa
File:                     34352e38372e3137322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          RYOmoS8p4aKgRK/Pkw04E7xsHl2zPLVSEEKlA0QC5Q4=
Subject key identifier:   C8:D6:AC:2A:27:28:59:59:24:0D:F5:47:F2:9F:24:73:84:36:52:46
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       1F2E2E8E8703732DC5C4CF7C9519A0F2EF847C69
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 02 Jun 2026 13:18:04 +0000
ROA not before:           Tue 02 Jun 2026 13:13:04 +0000
ROA not after:            Tue 01 Jun 2027 13:18:04 +0000
asID:                     834
IP address blocks:        45.87.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:2e:2e:8e:87:03:73:2d:c5:c4:cf:7c:95:19:a0:f2:ef:84:7c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jun  2 13:13:04 2026 GMT
            Not After : Jun  1 13:18:04 2027 GMT
        Subject: CN=C8D6AC2A27285959240DF547F29F247384365246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7a:f6:88:ad:ca:bb:6d:2f:21:79:5b:d8:b3:
                    94:89:06:ab:48:30:65:75:ec:8c:c4:eb:d1:63:13:
                    98:82:e6:a2:d5:be:38:6f:53:2b:84:57:2b:b0:cd:
                    c8:a5:55:79:d6:d4:a2:16:37:e1:5b:06:af:e9:81:
                    b5:20:7a:8e:16:b5:1f:ec:f8:b4:8a:95:b8:c4:ca:
                    c8:89:ff:c6:ed:44:07:33:b2:ff:90:1a:ba:ae:87:
                    71:b4:2a:fb:88:99:3f:fb:19:48:28:6d:90:30:8f:
                    71:e1:73:83:a6:4b:2a:6e:45:1b:a1:91:15:a3:73:
                    0d:89:0f:67:62:75:da:ed:0b:c2:19:02:b8:14:8a:
                    81:d7:eb:30:26:c9:9a:0b:e9:91:f3:f6:ec:dc:f8:
                    a7:9d:30:3f:a1:a5:59:9b:ae:3f:8a:4e:1e:54:bd:
                    8e:68:e8:a9:1d:f1:66:db:4b:4b:d3:64:1a:b9:fc:
                    2e:c6:ec:eb:ff:11:28:a3:2d:35:d7:35:33:e7:9d:
                    36:db:fa:ef:2b:aa:88:4c:96:c1:f7:1d:3b:7f:24:
                    c1:39:b3:1d:f9:b8:a2:25:6f:35:d3:54:ec:82:a4:
                    16:cf:07:b3:af:b3:1c:ef:a9:8d:6c:57:84:6b:2c:
                    a9:af:32:48:9d:04:10:13:50:b6:93:c6:9f:e7:4e:
                    48:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D6:AC:2A:27:28:59:59:24:0D:F5:47:F2:9F:24:73:84:36:52:46
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d6:05:b5:6f:47:62:ea:13:f7:a4:6a:2b:92:a7:df:3d:0c:
         0a:e6:ae:67:bb:fd:9c:6e:ff:c2:3c:8c:66:80:2e:1d:4a:bb:
         80:44:a5:75:3b:8e:c4:a5:de:cf:42:28:d9:c2:a9:a0:f2:b1:
         a1:f0:1d:c2:9c:06:be:a5:f7:08:ff:6f:c5:aa:98:70:77:45:
         e4:38:be:00:59:0c:84:58:7e:82:f5:c3:49:95:97:cb:ce:89:
         37:4a:1b:bc:17:c7:ae:42:f1:85:87:56:45:4f:ec:c1:2c:cd:
         2d:f5:e8:e8:7e:5f:1d:02:00:af:4e:6f:4e:b7:bd:2a:9a:2c:
         82:71:f8:7e:ca:87:96:20:04:c7:b9:37:6b:21:f3:79:49:f4:
         56:24:d2:28:49:a9:a7:24:76:73:6a:8d:de:a8:dd:9d:d5:fb:
         74:02:06:20:5a:87:78:95:eb:ca:5d:35:5f:3a:7e:7e:1a:92:
         ef:10:11:11:46:15:55:0b:fa:ba:35:2d:7b:9e:ce:23:46:04:
         2d:70:53:ea:28:1e:9c:74:6b:60:74:c9:20:a5:68:62:73:e4:
         7f:70:54:c4:2e:77:58:17:04:b8:4a:a1:23:97:b4:ab:25:4e:
         90:fa:1a:b0:db:1c:57:7c:4d:e7:85:52:5d:34:41:76:1a:a7:
         e7:04:7c:0a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUHy4ujocDcy3FxM98lRmg8u+EfGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjA2MDIxMzEzMDRaFw0yNzA2MDExMzE4MDRaMDMxMTAvBgNV
BAMTKEM4RDZBQzJBMjcyODU5NTkyNDBERjU0N0YyOUYyNDczODQzNjUyNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjevaIrcq7bS8heVvYs5SJBqtI
MGV17IzE69FjE5iC5qLVvjhvUyuEVyuwzcilVXnW1KIWN+FbBq/pgbUgeo4WtR/s
+LSKlbjEysiJ/8btRAczsv+QGrquh3G0KvuImT/7GUgobZAwj3Hhc4OmSypuRRuh
kRWjcw2JD2diddrtC8IZArgUioHX6zAmyZoL6ZHz9uzc+KedMD+hpVmbrj+KTh5U
vY5o6Kkd8WbbS0vTZBq5/C7G7Ov/ESijLTXXNTPnnTbb+u8rqohMlsH3HTt/JME5
sx35uKIlbzXTVOyCpBbPB7OvsxzvqY1sV4RrLKmvMkidBBATULaTxp/nTkh9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUyNasKicoWVkkDfVH8p8kc4Q2UkYwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzgzNzJlMzEzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVesMA0G
CSqGSIb3DQEBCwUAA4IBAQBu1gW1b0di6hP3pGorkqffPQwK5q5nu/2cbv/CPIxm
gC4dSruARKV1O47Epd7PQijZwqmg8rGh8B3CnAa+pfcI/2/Fqphwd0XkOL4AWQyE
WH6C9cNJlZfLzok3Shu8F8euQvGFh1ZFT+zBLM0t9ejofl8dAgCvTm9Ot70qmiyC
cfh+yoeWIATHuTdrIfN5SfRWJNIoSamnJHZzao3eqN2d1ft0AgYgWod4levKXTVf
On5+GpLvEBERRhVVC/q6NS17ns4jRgQtcFPqKB6cdGtgdMkgpWhic+R/cFTELndY
FwS4SqEjl7SrJU6Q+hqw2xxXfE3nhVJdNEF2GqfnBHwK
-----END CERTIFICATE-----