Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e20383334.roa
File:                     34352e3133322e39382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          q6xxGuyGFK/anbplAvrUWDXabyULM0xdRUdMADfw4Fg=
Subject key identifier:   2F:1A:60:0E:48:AD:4E:D9:87:5A:D2:D2:FA:F5:DD:13:F7:47:F4:87
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       6B663DD3794225EF0C9CC4EBF1497252F68F452F
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e20383334.roa
Signing time:             Fri 17 Apr 2026 08:58:52 +0000
ROA not before:           Fri 17 Apr 2026 08:53:52 +0000
ROA not after:            Fri 16 Apr 2027 08:58:52 +0000
asID:                     834
IP address blocks:        45.132.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 19:42:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:66:3d:d3:79:42:25:ef:0c:9c:c4:eb:f1:49:72:52:f6:8f:45:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 17 08:53:52 2026 GMT
            Not After : Apr 16 08:58:52 2027 GMT
        Subject: CN=2F1A600E48AD4ED9875AD2D2FAF5DD13F747F487
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:59:d2:47:80:1b:7b:e7:9b:69:d7:4a:4d:64:
                    69:90:6f:18:22:bb:d1:eb:53:e2:f1:f9:2e:3d:6e:
                    06:fd:1c:83:7c:4d:65:4b:c4:e0:fd:93:83:e0:8c:
                    da:df:cb:06:97:49:53:07:d0:4d:b5:d1:f9:52:fa:
                    12:74:94:74:11:a1:84:f9:e2:e7:cc:b7:a2:b7:c5:
                    81:f6:0c:6f:88:9c:bb:ff:68:46:2e:3e:d5:ca:64:
                    20:30:72:f7:df:99:ae:51:e9:47:81:5d:e0:e7:5b:
                    c8:f4:57:66:60:87:6f:2e:e5:29:68:70:ff:cc:6d:
                    ba:cc:58:ef:55:e6:bd:67:73:3e:91:f1:27:2c:1b:
                    81:8d:48:9e:fa:93:3e:c3:40:25:b5:a9:65:3b:90:
                    b5:e1:ba:78:a4:15:6b:c3:a9:ae:a0:45:67:cf:55:
                    c7:02:3b:79:47:8f:ee:92:be:e3:3d:86:51:cd:c5:
                    1f:a2:24:d0:eb:c1:c4:ad:b0:0b:60:be:d6:61:78:
                    15:53:7a:a4:a5:79:84:73:3d:20:d4:88:a0:3e:9c:
                    ad:82:71:fe:4c:fc:45:7f:f8:67:59:43:8f:e2:94:
                    ba:a3:19:4f:fa:40:2b:fc:3b:1c:fe:3b:0e:c9:e9:
                    f3:5b:a5:a3:63:7b:6e:78:51:66:13:eb:1c:85:da:
                    00:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:1A:60:0E:48:AD:4E:D9:87:5A:D2:D2:FA:F5:DD:13:F7:47:F4:87
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:a9:86:91:35:d8:8c:ec:52:0a:8c:cb:1c:83:97:6f:07:38:
         43:0e:c0:9b:14:d2:4a:2b:5c:97:39:9c:5c:a4:92:77:f5:f1:
         44:a6:60:3f:62:9a:12:5d:37:67:4b:95:00:0a:34:14:90:bc:
         c4:4f:2c:ab:ac:f3:7a:69:0a:ca:77:25:a3:d3:21:85:5f:73:
         da:48:19:07:70:07:fb:99:cd:30:73:8d:fa:86:8a:fa:22:57:
         68:63:b2:ff:a3:93:61:63:24:67:ed:4a:fd:1f:a7:8a:30:ab:
         6e:9d:1b:02:0f:40:8a:27:6e:0f:76:09:40:1f:a0:ad:05:17:
         84:95:9c:6a:91:30:91:14:0e:d3:e2:e8:63:45:39:b1:ff:86:
         2c:d7:2a:d6:eb:89:71:50:bf:5a:93:23:00:52:81:f4:67:71:
         d6:71:90:46:f3:0b:89:f3:18:36:8e:97:eb:f7:23:27:7e:69:
         3e:6e:be:8f:38:55:86:34:51:80:20:25:e4:37:cf:3a:f7:70:
         b2:eb:21:f4:3c:92:01:81:c9:68:61:7e:1f:a0:bd:99:92:53:
         db:4d:78:30:2b:08:88:14:8c:0c:91:b1:c0:67:2c:1a:1a:be:
         83:3d:25:d4:24:5d:42:ca:77:80:d8:a8:bf:29:e8:2c:4b:e9:
         e6:14:03:c3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUa2Y903lCJe8MnMTr8UlyUvaPRS8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjA0MTcwODUzNTJaFw0yNzA0MTYwODU4NTJaMDMxMTAvBgNV
BAMTKDJGMUE2MDBFNDhBRDRFRDk4NzVBRDJEMkZBRjVERDEzRjc0N0Y0ODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSWdJHgBt755tp10pNZGmQbxgi
u9HrU+Lx+S49bgb9HIN8TWVLxOD9k4PgjNrfywaXSVMH0E210flS+hJ0lHQRoYT5
4ufMt6K3xYH2DG+InLv/aEYuPtXKZCAwcvffma5R6UeBXeDnW8j0V2Zgh28u5Slo
cP/MbbrMWO9V5r1ncz6R8ScsG4GNSJ76kz7DQCW1qWU7kLXhunikFWvDqa6gRWfP
VccCO3lHj+6SvuM9hlHNxR+iJNDrwcStsAtgvtZheBVTeqSleYRzPSDUiKA+nK2C
cf5M/EV/+GdZQ4/ilLqjGU/6QCv8Oxz+Ow7J6fNbpaNje254UWYT6xyF2gBXAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQULxpgDkitTtmHWtLS+vXdE/dH9IcwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzMzMyMmUzOTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYRiMA0G
CSqGSIb3DQEBCwUAA4IBAQBWqYaRNdiM7FIKjMscg5dvBzhDDsCbFNJKK1yXOZxc
pJJ39fFEpmA/YpoSXTdnS5UACjQUkLzETyyrrPN6aQrKdyWj0yGFX3PaSBkHcAf7
mc0wc436hor6IldoY7L/o5NhYyRn7Ur9H6eKMKtunRsCD0CKJ24PdglAH6CtBReE
lZxqkTCRFA7T4uhjRTmx/4Ys1yrW64lxUL9akyMAUoH0Z3HWcZBG8wuJ8xg2jpfr
9yMnfmk+br6POFWGNFGAICXkN88693Cy6yH0PJIBgcloYX4foL2ZklPbTXgwKwiI
FIwMkbHAZywaGr6DPSXUJF1CyneA2Ki/KegsS+nmFAPD
-----END CERTIFICATE-----