Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20313937313936.roa
File:                     34352e382e3137332e302f32342d3234203d3e20313937313936.roa (raw, json)
Hash identifier:          3jTf9ki7y9rdeYaN5lJ4A9BLxW2mRTrdw0puXBgOnH8=
Subject key identifier:   19:32:36:76:DA:0E:11:03:51:39:A3:68:4A:BD:4F:A2:B1:70:00:D0
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       77F52719D1947D27DF19AEBC4B12EC628A9220B7
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20313937313936.roa
Signing time:             Sun 31 May 2026 15:31:11 +0000
ROA not before:           Sun 31 May 2026 15:26:11 +0000
ROA not after:            Sun 30 May 2027 15:31:11 +0000
asID:                     197196
IP address blocks:        45.8.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 00:48:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:f5:27:19:d1:94:7d:27:df:19:ae:bc:4b:12:ec:62:8a:92:20:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May 31 15:26:11 2026 GMT
            Not After : May 30 15:31:11 2027 GMT
        Subject: CN=19323676DA0E11035139A3684ABD4FA2B17000D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:eb:33:18:73:91:0b:fa:b4:7a:79:31:9a:7e:
                    62:39:a6:03:08:61:f7:47:9f:32:c4:2d:05:2b:61:
                    b3:80:e2:18:eb:c4:ff:72:59:33:69:68:7c:91:5c:
                    be:03:5c:d5:fc:b5:83:71:2f:07:66:14:3e:b3:6c:
                    0b:28:69:49:9e:da:51:09:79:f4:13:7a:25:9b:9f:
                    4b:7a:2d:6c:5a:ac:87:47:53:9b:83:58:7c:fd:15:
                    5e:82:42:53:2c:85:62:79:dd:47:7c:30:2a:e0:85:
                    a6:c3:fa:29:de:69:25:60:ba:82:66:7a:7b:94:18:
                    27:cf:c0:ea:11:44:16:be:1c:3d:de:77:ad:41:1d:
                    81:f2:bd:13:2f:bb:65:e3:07:f2:34:f4:22:6e:67:
                    87:c3:41:fb:3d:3b:bc:01:15:3f:e6:a4:d8:bf:26:
                    6e:e9:75:32:f9:7a:8e:9b:7d:62:20:48:71:1c:ad:
                    d6:78:43:37:a8:24:16:09:8d:83:95:3d:00:13:28:
                    31:cb:fc:e7:0c:5f:a2:7a:b5:3e:85:ad:c1:3d:16:
                    d1:2e:d8:c8:6a:8c:c4:d6:87:06:0b:66:db:9b:16:
                    21:b7:79:e7:92:70:14:43:7b:03:8a:1e:5c:0c:16:
                    44:f1:3f:55:5b:50:d7:12:8f:15:7c:62:14:fe:20:
                    79:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:32:36:76:DA:0E:11:03:51:39:A3:68:4A:BD:4F:A2:B1:70:00:D0
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20313937313936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:d4:4b:2c:9e:18:f6:43:b8:8f:58:ed:d9:6e:a3:f8:c2:13:
         7c:e4:5c:81:58:72:f9:62:5b:84:c6:2b:2e:d8:40:fd:cc:60:
         a0:cf:40:ac:71:37:ef:36:68:47:16:d4:31:ef:5b:da:d5:7d:
         ea:cb:30:8d:80:fa:e4:6e:e1:f3:15:0e:39:47:ca:50:34:2a:
         68:5b:34:86:55:26:db:6f:90:43:b3:ed:86:66:1d:66:e8:ae:
         67:b8:c3:81:d5:e1:d1:92:7f:6f:17:7a:7e:e5:b4:de:73:4a:
         47:ac:42:6b:ae:19:4d:b3:eb:3a:61:de:01:ae:25:70:69:9a:
         e2:c9:7c:32:3a:14:13:b9:5a:43:b2:9a:17:b2:1a:2a:14:a4:
         ed:f2:27:5f:61:29:6b:41:21:b0:db:75:45:7f:c2:2a:f3:ad:
         d0:f0:b0:90:b7:37:65:a0:59:14:03:2c:35:b1:d7:b1:00:4d:
         b6:0c:fb:3b:4a:d0:5e:fd:cf:69:98:95:cb:68:91:76:e3:84:
         6c:19:6a:73:5e:bf:a9:ae:2a:e1:92:6c:21:86:43:e5:6d:cb:
         02:ab:78:76:01:3e:75:2b:92:27:c3:37:e9:1d:e7:ff:da:dc:
         54:5d:15:75:4e:e0:6a:db:f7:c8:f5:e8:c9:b9:23:ea:5e:2d:
         61:19:b2:de
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUd/UnGdGUfSffGa68SxLsYoqSILcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA1MzExNTI2MTFaFw0yNzA1MzAxNTMxMTFaMDMxMTAvBgNV
BAMTKDE5MzIzNjc2REEwRTExMDM1MTM5QTM2ODRBQkQ0RkEyQjE3MDAwRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR6zMYc5EL+rR6eTGafmI5pgMI
YfdHnzLELQUrYbOA4hjrxP9yWTNpaHyRXL4DXNX8tYNxLwdmFD6zbAsoaUme2lEJ
efQTeiWbn0t6LWxarIdHU5uDWHz9FV6CQlMshWJ53Ud8MCrghabD+ineaSVguoJm
enuUGCfPwOoRRBa+HD3ed61BHYHyvRMvu2XjB/I09CJuZ4fDQfs9O7wBFT/mpNi/
Jm7pdTL5eo6bfWIgSHEcrdZ4QzeoJBYJjYOVPQATKDHL/OcMX6J6tT6FrcE9FtEu
2MhqjMTWhwYLZtubFiG3eeeScBRDewOKHlwMFkTxP1VbUNcSjxV8YhT+IHkrAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGTI2dtoOEQNROaNoSr1PorFwANAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzNzMxMzkzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rTANBgkqhkiG9w0BAQsFAAOCAQEAxdRLLJ4Y9kO4j1jt2W6j+MITfORcgVhy+WJb
hMYrLthA/cxgoM9ArHE37zZoRxbUMe9b2tV96sswjYD65G7h8xUOOUfKUDQqaFs0
hlUm22+QQ7PthmYdZuiuZ7jDgdXh0ZJ/bxd6fuW03nNKR6xCa64ZTbPrOmHeAa4l
cGma4sl8MjoUE7laQ7KaF7IaKhSk7fInX2Epa0EhsNt1RX/CKvOt0PCwkLc3ZaBZ
FAMsNbHXsQBNtgz7O0rQXv3PaZiVy2iRduOEbBlqc16/qa4q4ZJsIYZD5W3LAqt4
dgE+dSuSJ8M36R3n/9rcVF0VdU7gatv3yPXoybkj6l4tYRmy3g==
-----END CERTIFICATE-----