Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20383334.roa
File:                     34352e382e3137332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          YEDTXlUaFsJpq/3Ylv7woQxTMZ8YQE+IFqmycSQTPOc=
Subject key identifier:   88:E9:7C:12:1E:36:59:14:3F:14:D1:21:90:15:E8:F5:6E:7E:FC:FE
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       38FC14F3CFD2F92DF1E4CB67B026070D3EF2245C
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20383334.roa
Signing time:             Sun 17 May 2026 05:48:47 +0000
ROA not before:           Sun 17 May 2026 05:43:47 +0000
ROA not after:            Sun 16 May 2027 05:48:47 +0000
asID:                     834
IP address blocks:        45.8.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 May 2026 23:12:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:fc:14:f3:cf:d2:f9:2d:f1:e4:cb:67:b0:26:07:0d:3e:f2:24:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: May 17 05:43:47 2026 GMT
            Not After : May 16 05:48:47 2027 GMT
        Subject: CN=88E97C121E3659143F14D1219015E8F56E7EFCFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:13:e0:5f:b0:f2:b0:87:aa:5e:cb:ec:bc:cf:
                    d0:e9:18:fb:a1:47:f0:85:3f:71:f3:12:8f:2f:94:
                    35:03:2b:2c:83:4f:58:53:6a:05:82:bc:77:ea:19:
                    a3:57:7b:41:b3:22:ba:c8:89:f9:d1:ef:64:bd:8c:
                    7e:02:5f:a5:98:96:7f:51:0f:8e:56:28:53:6a:42:
                    75:71:ee:a7:51:59:0d:af:31:c2:a0:3f:ca:a4:d8:
                    d0:95:4b:aa:b4:a6:12:8f:91:90:f6:a1:2b:13:36:
                    ca:26:07:b6:06:16:5d:64:96:fc:08:bc:e1:1d:d3:
                    58:7c:f1:2f:b2:4a:30:94:0b:c5:1d:52:4c:dd:dc:
                    fd:cc:75:57:e3:2a:da:39:06:e4:65:c1:aa:84:5e:
                    38:c8:ef:60:c3:83:49:d3:7d:08:25:94:b1:fb:b4:
                    51:cd:f6:4d:df:7e:4f:3f:1c:c0:33:74:7e:8c:17:
                    58:3a:13:22:3a:7c:2e:30:d3:3f:69:3a:e3:d4:b6:
                    6b:a2:85:cd:6b:d3:58:f8:49:60:b6:fd:c7:51:cd:
                    bd:b7:b2:3b:59:d2:9c:f2:73:07:cf:fb:19:07:84:
                    72:0f:76:38:9c:f0:bd:f1:36:e8:18:4c:62:7f:25:
                    19:f6:26:4a:e7:28:c7:5f:88:a1:9e:86:e5:1f:18:
                    7a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:E9:7C:12:1E:36:59:14:3F:14:D1:21:90:15:E8:F5:6E:7E:FC:FE
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:01:ee:23:18:fd:bb:95:e0:f8:b0:01:8f:3c:ee:de:61:e0:
         14:5b:12:57:cf:52:8f:1f:01:ee:19:ba:fe:ce:78:c3:75:52:
         20:f0:ec:2e:b6:b2:e1:f6:c6:d7:c7:66:f6:09:9d:88:c8:fb:
         e2:a2:65:5d:c3:52:a3:41:c1:16:9e:31:9f:2b:8e:75:91:66:
         a2:62:7b:be:99:68:7d:6c:99:0c:bc:05:44:d3:43:89:62:73:
         cd:24:02:3c:8f:4d:8f:e7:4d:35:3d:10:38:40:6e:26:16:a5:
         84:fb:eb:5e:07:55:96:86:82:4e:51:f6:6f:87:cd:bc:1b:06:
         91:6a:49:a1:33:46:55:93:97:8b:5e:7e:00:53:85:f5:33:a2:
         58:95:5c:5c:0a:e8:c6:48:5a:d1:7f:52:7e:47:c6:70:81:56:
         20:63:4a:96:b5:33:e2:c8:6c:72:2f:de:77:72:28:de:3f:0c:
         55:04:6d:d4:14:f8:e2:7e:a4:d8:da:ff:5f:0f:19:d0:77:57:
         ed:95:0d:40:b0:9f:9e:1a:75:71:dd:2c:2c:a0:7e:84:6a:a4:
         2c:74:33:20:2c:01:9c:5c:f2:ba:08:30:2e:78:f6:1e:84:8a:
         49:f2:ca:9f:c4:ca:1a:89:b5:4a:00:61:ab:f4:c9:f3:5e:c2:
         a1:81:e2:5c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUOPwU88/S+S3x5MtnsCYHDT7yJFwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA1MTcwNTQzNDdaFw0yNzA1MTYwNTQ4NDdaMDMxMTAvBgNV
BAMTKDg4RTk3QzEyMUUzNjU5MTQzRjE0RDEyMTkwMTVFOEY1NkU3RUZDRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvE+BfsPKwh6pey+y8z9DpGPuh
R/CFP3HzEo8vlDUDKyyDT1hTagWCvHfqGaNXe0GzIrrIifnR72S9jH4CX6WYln9R
D45WKFNqQnVx7qdRWQ2vMcKgP8qk2NCVS6q0phKPkZD2oSsTNsomB7YGFl1klvwI
vOEd01h88S+ySjCUC8UdUkzd3P3MdVfjKto5BuRlwaqEXjjI72DDg0nTfQgllLH7
tFHN9k3ffk8/HMAzdH6MF1g6EyI6fC4w0z9pOuPUtmuihc1r01j4SWC2/cdRzb23
sjtZ0pzycwfP+xkHhHIPdjic8L3xNugYTGJ/JRn2JkrnKMdfiKGehuUfGHrJAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUiOl8Eh42WRQ/FNEhkBXo9W5+/P4wHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IrTANBgkq
hkiG9w0BAQsFAAOCAQEAOwHuIxj9u5Xg+LABjzzu3mHgFFsSV89Sjx8B7hm6/s54
w3VSIPDsLray4fbG18dm9gmdiMj74qJlXcNSo0HBFp4xnyuOdZFmomJ7vplofWyZ
DLwFRNNDiWJzzSQCPI9Nj+dNNT0QOEBuJhalhPvrXgdVloaCTlH2b4fNvBsGkWpJ
oTNGVZOXi15+AFOF9TOiWJVcXAroxkha0X9SfkfGcIFWIGNKlrUz4shsci/ed3Io
3j8MVQRt1BT44n6k2Nr/Xw8Z0HdX7ZUNQLCfnhp1cd0sLKB+hGqkLHQzICwBnFzy
uggwLnj2HoSKSfLKn8TKGom1SgBhq/TJ817CoYHiXA==
-----END CERTIFICATE-----