Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20383334.roa
File:                     34352e382e3137332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          kkaIX5wOwo6PFPeC/1QHVU2o1bwLMOC5m6Q0ux9gucU=
Subject key identifier:   8F:9B:EE:34:2B:BE:74:03:29:43:E7:5A:15:AA:53:19:63:89:24:90
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       14ABFA11B1AACE1F359DDBD4DB7C98212C170780
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20383334.roa
Signing time:             Mon 13 Apr 2026 10:18:05 +0000
ROA not before:           Mon 13 Apr 2026 10:13:05 +0000
ROA not after:            Mon 12 Apr 2027 10:18:05 +0000
asID:                     834
IP address blocks:        45.8.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Apr 2026 05:51:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:ab:fa:11:b1:aa:ce:1f:35:9d:db:d4:db:7c:98:21:2c:17:07:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Apr 13 10:13:05 2026 GMT
            Not After : Apr 12 10:18:05 2027 GMT
        Subject: CN=8F9BEE342BBE74032943E75A15AA531963892490
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:25:21:43:02:8e:3a:b2:8b:dc:9a:db:33:5f:
                    5a:ed:cc:63:61:4e:d8:c1:f8:39:22:ca:0c:f0:3b:
                    aa:57:ed:f2:bb:c2:48:75:07:86:14:e0:8b:0f:f4:
                    21:d6:b7:74:21:d9:bb:c6:e3:15:2a:c6:17:28:27:
                    c1:27:06:de:96:04:5a:db:27:cd:c5:93:9b:ad:f4:
                    55:6b:99:c6:73:36:05:be:de:5a:80:2a:fb:66:a2:
                    f6:5e:79:c7:9b:a4:68:58:7f:b0:31:7f:80:4a:6c:
                    00:25:6b:97:9e:25:ef:45:94:b3:68:bb:17:4e:cd:
                    53:e1:66:05:d3:f7:9d:9d:e5:93:03:34:ae:aa:ed:
                    0c:2a:73:d5:37:cc:5d:77:e1:ba:67:69:5c:89:77:
                    bf:89:11:91:a4:4a:b9:ad:b5:71:d0:32:fd:f5:c2:
                    35:36:52:71:89:04:2d:08:e9:7f:1b:97:82:e4:45:
                    da:d4:81:49:77:31:93:66:9c:43:24:45:3f:3b:72:
                    d5:52:1d:b7:89:97:3e:78:ce:d1:90:d6:f9:a5:e2:
                    f9:4c:7a:0b:cc:cd:ff:11:9b:a6:10:32:ac:af:d8:
                    33:59:5b:82:42:35:73:71:5e:ee:d9:44:79:22:85:
                    d8:18:e3:25:89:95:78:09:f7:fc:c3:ff:fd:be:b8:
                    a6:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:9B:EE:34:2B:BE:74:03:29:43:E7:5A:15:AA:53:19:63:89:24:90
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:4d:d9:d2:97:2d:8e:c7:59:37:33:46:2d:8a:b9:09:16:41:
         b2:08:0f:0f:d5:28:44:26:24:32:0b:5c:db:df:22:ae:9a:ae:
         35:cc:ae:dd:01:90:18:75:4d:69:80:00:cd:83:cc:5b:d8:37:
         1e:a9:35:2d:af:db:b4:8e:39:6e:6c:db:ee:50:5c:84:ff:fa:
         7b:0c:2e:f2:40:e4:91:f7:37:bb:22:54:df:de:85:fb:5b:9a:
         ca:e4:0d:02:bb:8b:5c:3d:37:6f:ec:b7:32:7e:85:e8:17:17:
         cf:48:22:dd:f7:60:4c:64:50:33:c9:83:ab:63:be:4d:25:49:
         33:c2:ae:8f:ee:97:25:1c:ed:ee:ec:6b:0e:41:43:f2:c2:cd:
         94:61:57:0c:26:fb:d4:6d:42:71:62:35:ff:12:f0:0b:e3:d1:
         fc:ff:7e:3c:00:df:ca:42:81:e8:64:76:b7:f0:98:e0:96:32:
         38:96:be:70:ff:03:a1:17:0d:b0:59:cf:68:e3:84:44:61:d2:
         8a:d7:f2:69:26:62:c8:79:55:60:d6:71:1a:85:4d:3e:b2:25:
         00:a2:f1:38:0e:c4:4f:4c:de:e6:5a:e2:2c:af:39:5c:aa:9d:
         19:d0:94:fe:d7:81:0d:e6:d6:fa:fb:bd:75:12:09:f8:e9:cb:
         bd:47:1e:47
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUFKv6EbGqzh81ndvU23yYISwXB4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA0MTMxMDEzMDVaFw0yNzA0MTIxMDE4MDVaMDMxMTAvBgNV
BAMTKDhGOUJFRTM0MkJCRTc0MDMyOTQzRTc1QTE1QUE1MzE5NjM4OTI0OTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDJSFDAo46sovcmtszX1rtzGNh
TtjB+DkiygzwO6pX7fK7wkh1B4YU4IsP9CHWt3Qh2bvG4xUqxhcoJ8EnBt6WBFrb
J83Fk5ut9FVrmcZzNgW+3lqAKvtmovZeecebpGhYf7Axf4BKbAAla5eeJe9FlLNo
uxdOzVPhZgXT952d5ZMDNK6q7Qwqc9U3zF134bpnaVyJd7+JEZGkSrmttXHQMv31
wjU2UnGJBC0I6X8bl4LkRdrUgUl3MZNmnEMkRT87ctVSHbeJlz54ztGQ1vml4vlM
egvMzf8Rm6YQMqyv2DNZW4JCNXNxXu7ZRHkihdgY4yWJlXgJ9/zD//2+uKbxAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUj5vuNCu+dAMpQ+daFapTGWOJJJAwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IrTANBgkq
hkiG9w0BAQsFAAOCAQEAiU3Z0pctjsdZNzNGLYq5CRZBsggPD9UoRCYkMgtc298i
rpquNcyu3QGQGHVNaYAAzYPMW9g3Hqk1La/btI45bmzb7lBchP/6ewwu8kDkkfc3
uyJU396F+1uayuQNAruLXD03b+y3Mn6F6BcXz0gi3fdgTGRQM8mDq2O+TSVJM8Ku
j+6XJRzt7uxrDkFD8sLNlGFXDCb71G1CcWI1/xLwC+PR/P9+PADfykKB6GR2t/CY
4JYyOJa+cP8DoRcNsFnPaOOERGHSitfyaSZiyHlVYNZxGoVNPrIlAKLxOA7ET0ze
5lriLK85XKqdGdCU/teBDebW+vu9dRIJ+OnLvUceRw==
-----END CERTIFICATE-----