Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35362e302f32332d3234203d3e20383334.roa
File:                     34352e38312e35362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          Owft5MlrXPzDCqAtIj6Xho5F1QHToynJvYlpIsxaEgQ=
Subject key identifier:   25:2A:FD:E6:CA:6D:33:58:CF:2B:B0:A4:E0:42:AF:C0:B8:2C:58:7D
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       7CAC625B7D1AE254DAE33D7DC2A7AC4F71037917
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35362e302f32332d3234203d3e20383334.roa
Signing time:             Sun 14 Jun 2026 00:03:02 +0000
ROA not before:           Sat 13 Jun 2026 23:58:02 +0000
ROA not after:            Sun 13 Jun 2027 00:03:02 +0000
asID:                     834
IP address blocks:        45.81.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 18:37:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:ac:62:5b:7d:1a:e2:54:da:e3:3d:7d:c2:a7:ac:4f:71:03:79:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Jun 13 23:58:02 2026 GMT
            Not After : Jun 13 00:03:02 2027 GMT
        Subject: CN=252AFDE6CA6D3358CF2BB0A4E042AFC0B82C587D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4a:c9:1a:7d:ff:a0:d1:84:8c:7d:55:6b:42:
                    f9:e5:af:ee:20:47:6f:98:99:f6:56:b7:f9:cb:6a:
                    fb:68:f0:59:5f:46:b7:34:5b:e5:eb:ea:cd:e3:63:
                    64:af:c5:65:a4:79:56:1f:c4:35:08:86:2a:4f:62:
                    df:57:6b:2e:7a:55:7a:c0:c2:13:0f:cc:9d:49:78:
                    a6:9b:c2:2b:8f:4e:1f:7d:5c:db:99:11:b2:f0:e3:
                    4f:e2:51:d9:f3:fa:cb:51:a0:50:ca:7d:20:67:dd:
                    18:83:bf:47:bc:b4:dc:be:7e:c4:de:ae:2b:e5:02:
                    28:ae:eb:81:25:d3:18:78:65:8b:26:41:78:bb:09:
                    48:02:fa:a7:ff:c5:83:ae:c6:33:f5:7e:1f:5a:27:
                    4b:81:aa:db:6e:f5:33:6f:9d:02:01:68:2b:a1:c6:
                    f3:e6:27:85:2b:bf:13:45:f2:8e:5a:dc:a0:15:6c:
                    b7:6f:ab:bd:2e:9c:ac:96:50:02:f9:85:9d:4e:53:
                    e0:d2:c9:ee:0a:bd:70:b9:bf:9a:63:52:23:95:79:
                    ca:be:93:02:59:33:29:bc:9b:ef:fc:32:9e:45:b0:
                    46:f5:3c:35:49:d1:11:e1:fa:b0:d7:34:b5:7f:96:
                    af:2d:73:6e:a2:2c:fc:fa:93:44:2d:a9:69:f6:35:
                    b6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2A:FD:E6:CA:6D:33:58:CF:2B:B0:A4:E0:42:AF:C0:B8:2C:58:7D
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:a6:8d:0e:dd:d6:d1:8d:ce:72:d9:77:66:ab:29:2e:e0:3d:
         ae:2a:6f:66:de:73:88:11:8d:0c:b8:85:7a:ec:bc:24:ec:0f:
         7b:ca:28:06:83:14:d4:ca:b9:9a:62:89:8c:72:d4:16:7f:12:
         93:2f:7c:17:b8:0d:e9:1b:30:c0:5c:30:82:1e:29:dc:a8:8b:
         54:e9:bc:f0:3f:0d:1f:f3:c8:f1:99:8e:2c:d2:7a:11:98:c1:
         71:51:6c:a9:b8:d4:ba:a4:61:67:f9:3e:1d:99:f8:f8:dd:1a:
         cc:0e:22:70:f1:90:a5:e4:4a:d9:7a:bd:e5:b4:e2:95:36:17:
         79:09:c9:62:9b:7e:26:45:8b:a5:a9:2a:83:03:96:73:a4:0e:
         59:7e:6b:39:ec:13:68:5c:d4:5a:88:0d:ca:a1:eb:37:5b:52:
         a3:10:40:c4:b3:35:a2:e8:ea:3a:3f:f3:f3:26:8b:02:bd:15:
         0f:14:58:18:c6:cb:c8:1b:2b:e8:c6:00:48:f5:44:22:35:8e:
         43:29:e2:6f:46:90:15:15:df:9e:30:f4:3a:ce:a7:2e:99:95:
         d2:f7:cb:1d:fe:c5:aa:ac:17:17:51:99:d7:b1:60:6c:59:bc:
         20:27:c6:a2:73:22:09:d1:4f:e5:12:da:2a:83:97:e5:dd:80:
         8d:e4:28:c9
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUfKxiW30a4lTa4z19wqesT3EDeRcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNjA2MTMyMzU4MDJaFw0yNzA2MTMwMDAzMDJaMDMxMTAvBgNV
BAMTKDI1MkFGREU2Q0E2RDMzNThDRjJCQjBBNEUwNDJBRkMwQjgyQzU4N0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Sskaff+g0YSMfVVrQvnlr+4g
R2+YmfZWt/nLavto8FlfRrc0W+Xr6s3jY2SvxWWkeVYfxDUIhipPYt9Xay56VXrA
whMPzJ1JeKabwiuPTh99XNuZEbLw40/iUdnz+stRoFDKfSBn3RiDv0e8tNy+fsTe
rivlAiiu64El0xh4ZYsmQXi7CUgC+qf/xYOuxjP1fh9aJ0uBqttu9TNvnQIBaCuh
xvPmJ4UrvxNF8o5a3KAVbLdvq70unKyWUAL5hZ1OU+DSye4KvXC5v5pjUiOVecq+
kwJZMym8m+/8Mp5FsEb1PDVJ0RHh+rDXNLV/lq8tc26iLPz6k0QtqWn2NbazAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUJSr95sptM1jPK7Ck4EKvwLgsWH0wHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzNjJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1RODANBgkq
hkiG9w0BAQsFAAOCAQEAC6aNDt3W0Y3Octl3ZqspLuA9ripvZt5ziBGNDLiFeuy8
JOwPe8ooBoMU1Mq5mmKJjHLUFn8Sky98F7gN6RswwFwwgh4p3KiLVOm88D8NH/PI
8ZmOLNJ6EZjBcVFsqbjUuqRhZ/k+HZn4+N0azA4icPGQpeRK2Xq95bTilTYXeQnJ
Ypt+JkWLpakqgwOWc6QOWX5rOewTaFzUWogNyqHrN1tSoxBAxLM1oujqOj/z8yaL
Ar0VDxRYGMbLyBsr6MYASPVEIjWOQynib0aQFRXfnjD0Os6nLpmV0vfLHf7FqqwX
F1GZ17FgbFm8ICfGonMiCdFP5RLaKoOX5d2AjeQoyQ==
-----END CERTIFICATE-----