Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137352e302f32342d3234203d3e2037343838.roa
File:                     34352e38372e3137352e302f32342d3234203d3e2037343838.roa (raw, json)
Hash identifier:          K0PWyZPfribs4fyTQ+ZsTn52d2uMZvz1SaKe6V3ao3U=
Subject key identifier:   4E:BB:71:96:EB:1C:87:52:81:90:86:50:EE:7F:BF:5B:68:95:E8:56
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       2035451F0250D8504AD430635F5539486C19C06A
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137352e302f32342d3234203d3e2037343838.roa
Signing time:             Tue 10 Mar 2026 07:31:51 +0000
ROA not before:           Tue 10 Mar 2026 07:26:51 +0000
ROA not after:            Tue 09 Mar 2027 07:31:51 +0000
asID:                     7488
IP address blocks:        45.87.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 06:32:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:35:45:1f:02:50:d8:50:4a:d4:30:63:5f:55:39:48:6c:19:c0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar 10 07:26:51 2026 GMT
            Not After : Mar  9 07:31:51 2027 GMT
        Subject: CN=4EBB7196EB1C875281908650EE7FBF5B6895E856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:70:3e:ac:c6:3c:98:af:19:65:1d:8a:00:60:
                    69:c1:51:0b:6f:57:e9:82:47:71:25:69:38:bb:ed:
                    49:fb:dc:62:b0:3b:1d:66:77:e1:2e:7b:58:12:53:
                    bb:d9:66:d5:65:de:34:33:ea:02:3e:4b:63:f5:f2:
                    65:09:11:bb:39:bd:5c:2d:88:f2:ec:b6:fa:11:a5:
                    2a:71:7e:e8:56:d9:fa:45:97:51:9e:44:ee:c1:b8:
                    9f:67:06:b2:74:4c:d8:fe:9c:46:fa:e2:15:6f:cd:
                    3e:e5:63:1d:e5:9f:80:59:59:57:02:e1:c9:15:a2:
                    26:e9:6e:fc:b2:6a:52:1a:10:b7:49:78:77:e0:1f:
                    97:f3:ae:49:ce:85:fe:98:94:92:f6:56:35:88:11:
                    ee:73:f6:e8:9c:f9:16:23:28:12:54:17:15:25:ce:
                    95:98:31:74:2f:b6:c7:05:d2:52:1c:2c:f9:85:a9:
                    c1:ce:72:86:0e:b8:ab:45:be:d5:d8:58:6d:97:79:
                    14:97:92:92:8a:5f:86:b9:e4:77:4d:8b:30:ad:e1:
                    42:ce:50:7f:02:b7:ae:89:70:07:9f:bd:27:8e:66:
                    bd:44:0b:2e:3f:e5:8a:4b:d8:0e:fd:23:d1:d0:0c:
                    60:85:da:22:3b:5e:18:36:6d:5c:d5:77:90:9d:07:
                    54:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:BB:71:96:EB:1C:87:52:81:90:86:50:EE:7F:BF:5B:68:95:E8:56
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137352e302f32342d3234203d3e2037343838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:3f:2c:4e:0f:46:35:f4:98:56:79:d5:13:48:71:d2:ae:61:
         69:8a:06:73:77:9f:7a:4b:95:a8:8c:a9:6b:94:29:13:6e:e2:
         7c:2a:cf:8f:47:0e:77:6d:fb:a2:93:14:1d:cc:5e:3c:1d:66:
         e3:dc:2d:78:66:5a:7e:cd:eb:0c:6a:54:d9:fa:aa:23:a7:55:
         1f:ae:8a:ba:07:40:95:39:55:87:e5:b1:1b:fd:40:39:ae:ed:
         18:86:b2:af:95:2a:e6:ed:6b:89:98:3f:26:62:4f:b2:1d:9a:
         27:8e:2d:8e:a3:d7:cb:5a:85:f1:e8:b4:b8:9b:06:37:6f:0d:
         2f:f6:68:86:3f:7e:db:4c:7a:32:0e:ff:82:96:14:91:85:cb:
         f7:3e:3c:4f:ba:08:94:1c:5c:02:91:4e:7b:94:38:9b:78:44:
         02:4d:11:24:1b:b0:ab:70:4a:57:86:2f:e0:c8:8e:cf:08:22:
         a2:11:8c:6e:eb:fa:ab:4c:ef:3f:4c:dd:31:01:17:56:56:d2:
         fb:a7:c1:64:1f:cb:6a:85:e1:2a:ed:73:60:e2:2f:2b:29:10:
         47:97:36:5b:e6:ec:f4:66:95:b9:0f:64:42:4f:98:66:3e:24:
         8f:c9:d8:89:b1:9b:6d:e8:04:3e:e5:75:4c:b8:4d:9e:d9:91:
         1d:f1:b0:d8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIDVFHwJQ2FBK1DBjX1U5SGwZwGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjAzMTAwNzI2NTFaFw0yNzAzMDkwNzMxNTFaMDMxMTAvBgNV
BAMTKDRFQkI3MTk2RUIxQzg3NTI4MTkwODY1MEVFN0ZCRjVCNjg5NUU4NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKcD6sxjyYrxllHYoAYGnBUQtv
V+mCR3ElaTi77Un73GKwOx1md+Eue1gSU7vZZtVl3jQz6gI+S2P18mUJEbs5vVwt
iPLstvoRpSpxfuhW2fpFl1GeRO7BuJ9nBrJ0TNj+nEb64hVvzT7lYx3ln4BZWVcC
4ckVoibpbvyyalIaELdJeHfgH5fzrknOhf6YlJL2VjWIEe5z9uic+RYjKBJUFxUl
zpWYMXQvtscF0lIcLPmFqcHOcoYOuKtFvtXYWG2XeRSXkpKKX4a55HdNizCt4ULO
UH8Ct66JcAefvSeOZr1ECy4/5YpL2A79I9HQDGCF2iI7Xhg2bVzVd5CdB1QhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUTrtxlusch1KBkIZQ7n+/W2iV6FYwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzgzNzJlMzEzNzM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczNDM4Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtV68w
DQYJKoZIhvcNAQELBQADggEBAFI/LE4PRjX0mFZ51RNIcdKuYWmKBnN3n3pLlaiM
qWuUKRNu4nwqz49HDndt+6KTFB3MXjwdZuPcLXhmWn7N6wxqVNn6qiOnVR+uiroH
QJU5VYflsRv9QDmu7RiGsq+VKubta4mYPyZiT7IdmieOLY6j18tahfHotLibBjdv
DS/2aIY/fttMejIO/4KWFJGFy/c+PE+6CJQcXAKRTnuUOJt4RAJNESQbsKtwSleG
L+DIjs8IIqIRjG7r+qtM7z9M3TEBF1ZW0vunwWQfy2qF4Srtc2DiLyspEEeXNlvm
7PRmlbkPZEJPmGY+JI/J2Imxm23oBD7ldUy4TZ7ZkR3xsNg=
-----END CERTIFICATE-----