Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS34224.roa
File:                     AS34224.roa (raw, json)
Hash identifier:          sCWUEgOPGWUk7BP4i3OxZIm/uv8LfeOk7L1PbAblHo0=
Subject key identifier:   29:53:34:61:C8:C4:77:46:E4:C0:F3:80:08:FB:22:2E:E2:30:6E:C3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7F1FBF3EA2C2FB192613DEA9877740E53E0F3064
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS34224.roa
Signing time:             Mon 13 Apr 2026 18:28:04 +0000
ROA not before:           Mon 13 Apr 2026 18:23:04 +0000
ROA not after:            Mon 12 Apr 2027 18:28:04 +0000
asID:                     34224
IP address blocks:        46.202.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Apr 2026 13:15:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:1f:bf:3e:a2:c2:fb:19:26:13:de:a9:87:77:40:e5:3e:0f:30:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 13 18:23:04 2026 GMT
            Not After : Apr 12 18:28:04 2027 GMT
        Subject: CN=29533461C8C47746E4C0F38008FB222EE2306EC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:74:01:8e:a2:33:7a:13:1e:6e:cc:e9:2b:b6:
                    6f:50:7a:ea:ff:39:00:b8:4a:6d:13:e4:6b:07:45:
                    07:6a:de:c9:31:f9:62:d4:7b:9a:d7:ad:2a:2e:50:
                    b9:34:3a:1e:a0:ac:cc:70:a2:47:5f:b3:16:10:9f:
                    97:95:1c:c0:f2:e8:0f:51:8d:0e:ad:0b:0c:d6:af:
                    03:ef:ae:db:e4:fa:3f:e9:d3:97:c5:1d:d9:ab:44:
                    9d:d6:1b:08:b5:a4:bc:e1:6d:a9:85:07:18:88:a7:
                    11:69:6c:6b:83:78:9d:b2:17:88:fb:a1:be:95:0f:
                    4b:69:0f:ec:ad:88:7e:a7:c0:49:9d:1b:e6:61:58:
                    19:d1:3b:12:87:05:ba:af:5a:32:ce:90:12:86:5b:
                    f0:16:22:f2:f2:a8:28:a7:5e:f6:44:86:f3:94:87:
                    04:ae:0d:c2:4a:66:8a:bd:ac:62:bf:40:2e:75:92:
                    01:92:88:2d:c4:10:95:93:b6:7a:bb:fc:24:27:4b:
                    61:80:f1:ff:85:e5:37:1e:a9:49:8c:1f:28:58:99:
                    7f:2f:91:61:d6:4b:30:9c:1e:83:85:19:13:7d:57:
                    8d:ea:57:1d:e5:bf:95:e6:4d:8e:95:e6:6c:75:c9:
                    39:42:c7:08:fa:9f:0c:06:f2:6d:33:62:79:6e:c2:
                    ff:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:53:34:61:C8:C4:77:46:E4:C0:F3:80:08:FB:22:2E:E2:30:6E:C3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS34224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:91:37:23:5f:94:c0:13:59:a5:74:e8:b4:09:25:fb:cd:cf:
         01:23:8d:94:09:11:87:2f:f5:cc:5c:99:b5:87:4e:fb:a3:cc:
         0d:7f:47:27:41:65:48:db:4d:06:61:aa:63:24:fe:ed:45:a2:
         b5:bf:43:f9:73:66:f0:87:00:85:8d:1b:1d:62:cb:46:89:65:
         b3:c1:9e:31:b9:a8:1f:ad:56:69:8c:1c:7d:e8:38:a6:04:1b:
         97:a1:c2:ab:e2:f7:94:c0:0f:6a:03:67:67:3b:b8:5e:81:5f:
         6d:72:79:9d:53:cf:8f:b8:f5:4f:df:c1:79:e4:5d:56:03:e2:
         11:20:37:1f:6e:d2:46:de:a6:1b:03:76:99:2e:68:8d:0b:94:
         77:1a:5b:e3:33:5c:5b:a9:a5:68:09:e6:b4:e5:67:6c:c2:83:
         81:9a:ea:c8:d6:5e:a0:68:a7:45:11:47:2a:fc:d2:f6:af:c2:
         a7:52:b8:91:05:f4:12:ca:8a:b7:a6:42:34:97:52:5e:36:b6:
         8e:b6:92:2a:ef:51:b5:bf:21:c6:46:ee:00:c6:3a:2c:53:5e:
         30:fc:fa:ba:a8:07:60:31:93:0e:c8:8b:3d:40:b4:b4:f8:3f:
         60:8e:6a:62:30:9f:37:25:fd:24:50:3f:4a:c0:e3:56:92:5e:
         42:30:82:e2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUfx+/PqLC+xkmE96ph3dA5T4PMGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MTMxODIzMDRaFw0yNzA0MTIxODI4MDRaMDMxMTAvBgNV
BAMTKDI5NTMzNDYxQzhDNDc3NDZFNEMwRjM4MDA4RkIyMjJFRTIzMDZFQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/dAGOojN6Ex5uzOkrtm9Qeur/
OQC4Sm0T5GsHRQdq3skx+WLUe5rXrSouULk0Oh6grMxwokdfsxYQn5eVHMDy6A9R
jQ6tCwzWrwPvrtvk+j/p05fFHdmrRJ3WGwi1pLzhbamFBxiIpxFpbGuDeJ2yF4j7
ob6VD0tpD+ytiH6nwEmdG+ZhWBnROxKHBbqvWjLOkBKGW/AWIvLyqCinXvZEhvOU
hwSuDcJKZoq9rGK/QC51kgGSiC3EEJWTtnq7/CQnS2GA8f+F5TceqUmMHyhYmX8v
kWHWSzCcHoOFGRN9V43qVx3lv5XmTY6V5mx1yTlCxwj6nwwG8m0zYnluwv83AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUKVM0YcjEd0bkwPOACPsiLuIwbsMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzQyMjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAuyicw
DQYJKoZIhvcNAQELBQADggEBAJqRNyNflMATWaV06LQJJfvNzwEjjZQJEYcv9cxc
mbWHTvujzA1/RydBZUjbTQZhqmMk/u1ForW/Q/lzZvCHAIWNGx1iy0aJZbPBnjG5
qB+tVmmMHH3oOKYEG5ehwqvi95TAD2oDZ2c7uF6BX21yeZ1Tz4+49U/fwXnkXVYD
4hEgNx9u0kbephsDdpkuaI0LlHcaW+MzXFuppWgJ5rTlZ2zCg4Ga6sjWXqBop0UR
Ryr80vavwqdSuJEF9BLKiremQjSXUl42to62kirvUbW/IcZG7gDGOixTXjD8+rqo
B2Axkw7Iiz1AtLT4P2COamIwnzcl/SRQP0rA41aSXkIwguI=
-----END CERTIFICATE-----