Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa
File:                     34352e38312e35382e302f32342d3234203d3e20323039323432.roa (raw, json)
Hash identifier:          UKvcqUxUrgd2F0qduNt/9nJuPUaDtCItgdXC0fI9BhQ=
Subject key identifier:   9C:C0:89:A3:17:02:C6:08:06:80:F5:9B:30:B2:0B:BE:9E:25:CF:16
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       647EFD3D84D4423AC2820AA783DFE3CD44DE96A1
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa
Signing time:             Fri 27 Mar 2026 10:46:56 +0000
ROA not before:           Fri 27 Mar 2026 10:41:56 +0000
ROA not after:            Fri 26 Mar 2027 10:46:56 +0000
asID:                     209242
IP address blocks:        45.81.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 22:58:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:7e:fd:3d:84:d4:42:3a:c2:82:0a:a7:83:df:e3:cd:44:de:96:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Mar 27 10:41:56 2026 GMT
            Not After : Mar 26 10:46:56 2027 GMT
        Subject: CN=9CC089A31702C6080680F59B30B20BBE9E25CF16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:56:d3:e6:84:a7:ee:54:98:0d:7f:a0:b7:93:
                    59:68:8f:ba:06:fd:75:73:1f:8a:d6:c8:ae:b0:3e:
                    47:4b:b5:7e:35:42:6a:ec:a7:6c:77:af:db:a2:09:
                    90:39:77:31:82:e9:95:dd:27:37:06:0e:4a:dd:13:
                    a4:62:cd:8a:7f:73:18:6f:47:20:b7:92:b4:ff:81:
                    d6:c3:46:c2:25:cd:17:7b:e7:f5:df:92:07:42:d9:
                    63:27:a0:72:fd:b6:02:37:c4:82:df:bd:1e:b4:20:
                    f8:07:84:bd:c8:3c:cf:18:8e:66:88:4e:e6:6d:74:
                    24:e8:d7:03:4e:3b:08:35:78:9a:91:57:c8:e7:44:
                    22:46:fb:8d:4c:ed:09:eb:4f:6c:13:6b:89:53:2a:
                    db:47:b6:cb:64:ce:a6:b7:a3:d0:54:28:68:c0:cd:
                    c5:c3:a2:57:69:ae:f1:cd:73:99:47:ba:b9:5e:7a:
                    f5:20:1c:5d:63:58:d6:03:e8:3b:90:ea:5d:a4:40:
                    dd:9b:9f:1a:a0:99:0f:02:c9:04:38:86:79:88:ec:
                    7a:39:dc:ca:d9:94:c5:a5:c6:e8:21:31:7a:58:76:
                    2b:a1:09:50:8c:99:ac:95:f8:89:ce:c3:4d:21:80:
                    d7:a9:79:ef:19:f0:75:f8:8c:19:39:4e:d2:8f:13:
                    b0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C0:89:A3:17:02:C6:08:06:80:F5:9B:30:B2:0B:BE:9E:25:CF:16
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e20323039323432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e3:c8:63:f5:bb:b7:8c:54:69:26:2e:fc:56:90:ab:14:13:
         e6:7c:59:cb:5a:05:6d:4f:71:5b:fd:43:4a:bf:c4:7b:9f:b2:
         25:66:19:82:2c:9c:b4:9c:ed:cd:fe:8e:72:8a:74:6b:64:78:
         c8:83:74:e2:8b:83:1d:da:00:f2:14:9e:ff:9c:b1:78:8a:24:
         c9:fe:b5:e9:47:1b:9d:00:77:23:b9:1b:df:4b:85:11:81:69:
         88:c6:ff:8e:f3:18:48:f0:42:04:5d:39:7a:ec:d0:85:02:88:
         b8:2d:66:f9:3b:ff:c4:39:81:f1:7b:af:91:6c:af:4f:69:36:
         24:e6:e6:47:78:a8:bd:8b:4f:32:f1:99:46:b3:59:d9:28:40:
         ba:22:de:bf:a0:9b:30:d4:2e:42:7a:9c:59:14:51:2a:23:5a:
         6a:f2:1f:38:95:03:8d:50:10:a3:db:71:03:68:7b:93:04:34:
         c6:52:b6:33:01:78:27:e3:1b:a4:2f:9c:02:8b:0c:77:4c:73:
         46:a0:bf:96:83:05:98:8a:db:63:b9:c2:e8:7f:fd:5e:e7:5a:
         9c:41:6f:fe:92:c3:0c:21:6a:70:1c:da:65:da:17:bf:0a:36:
         d3:2c:39:ee:b8:7a:32:7a:7c:c3:d1:dd:db:a6:34:27:c9:13:
         3e:9c:a9:ae
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZH79PYTUQjrCggqng9/jzUTelqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNjAzMjcxMDQxNTZaFw0yNzAzMjYxMDQ2NTZaMDMxMTAvBgNV
BAMTKDlDQzA4OUEzMTcwMkM2MDgwNjgwRjU5QjMwQjIwQkJFOUUyNUNGMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOVtPmhKfuVJgNf6C3k1loj7oG
/XVzH4rWyK6wPkdLtX41Qmrsp2x3r9uiCZA5dzGC6ZXdJzcGDkrdE6RizYp/cxhv
RyC3krT/gdbDRsIlzRd75/XfkgdC2WMnoHL9tgI3xILfvR60IPgHhL3IPM8YjmaI
TuZtdCTo1wNOOwg1eJqRV8jnRCJG+41M7QnrT2wTa4lTKttHtstkzqa3o9BUKGjA
zcXDoldprvHNc5lHurleevUgHF1jWNYD6DuQ6l2kQN2bnxqgmQ8CyQQ4hnmI7Ho5
3MrZlMWlxughMXpYdiuhCVCMmayV+InOw00hgNepee8Z8HX4jBk5TtKPE7CpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUnMCJoxcCxggGgPWbMLILvp4lzxYwHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzOTMyMzQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1R
OjANBgkqhkiG9w0BAQsFAAOCAQEAPOPIY/W7t4xUaSYu/FaQqxQT5nxZy1oFbU9x
W/1DSr/Ee5+yJWYZgiyctJztzf6Ocop0a2R4yIN04ouDHdoA8hSe/5yxeIokyf61
6UcbnQB3I7kb30uFEYFpiMb/jvMYSPBCBF05euzQhQKIuC1m+Tv/xDmB8XuvkWyv
T2k2JObmR3iovYtPMvGZRrNZ2ShAuiLev6CbMNQuQnqcWRRRKiNaavIfOJUDjVAQ
o9txA2h7kwQ0xlK2MwF4J+MbpC+cAosMd0xzRqC/loMFmIrbY7nC6H/9XudanEFv
/pLDDCFqcBzaZdoXvwo20yw57rh6Mnp8w9Hd26Y0J8kTPpyprg==
-----END CERTIFICATE-----