Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e2039333034.roa
File:                     34352e3134362e3130372e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          TR5fpFI2d+I8proLIyLmTzW+Txtm4kI/QnrD7NmCjec=
Subject key identifier:   82:AD:BA:34:55:DF:22:1E:E3:5C:03:2A:6E:71:F0:EE:7D:1C:BF:FF
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       784CB14037239CC87B1771C886EE39E8482F15F3
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 14 May 2026 05:45:55 +0000
ROA not before:           Thu 14 May 2026 05:40:55 +0000
ROA not after:            Thu 13 May 2027 05:45:55 +0000
asID:                     9304
IP address blocks:        45.146.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:4c:b1:40:37:23:9c:c8:7b:17:71:c8:86:ee:39:e8:48:2f:15:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: May 14 05:40:55 2026 GMT
            Not After : May 13 05:45:55 2027 GMT
        Subject: CN=82ADBA3455DF221EE35C032A6E71F0EE7D1CBFFF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:26:8b:5a:4c:40:71:5f:0b:46:c3:05:e9:31:
                    a3:84:a3:ef:aa:1e:6a:e3:e6:ec:ff:16:17:91:be:
                    33:3a:be:f4:31:49:2e:9d:bc:66:bb:33:54:2e:0e:
                    c0:84:ec:de:9d:2f:91:ad:26:2b:41:94:7d:bd:21:
                    3f:d6:99:de:09:63:64:04:98:63:4e:b8:28:13:55:
                    f6:88:2a:16:92:a4:b4:7a:6d:92:e8:51:00:d8:7b:
                    78:e4:e3:83:e7:2d:63:e4:21:55:32:2a:3f:b9:bb:
                    94:4a:42:22:29:3f:97:92:85:21:67:eb:6b:c6:13:
                    a8:20:93:0f:e0:cd:81:38:10:1d:ba:7e:f8:1d:01:
                    4f:f0:8c:d3:c6:70:62:86:56:01:ca:6d:24:15:b7:
                    86:67:fe:ed:51:ee:27:61:f3:82:28:ce:16:3a:d5:
                    8b:e3:7f:fd:0c:b5:9d:64:80:e5:69:d8:c3:c0:1d:
                    4f:c1:22:f0:e3:1d:53:50:ce:a4:63:2f:8f:6d:20:
                    d0:b3:0d:08:15:50:0c:37:bf:a8:7d:f5:33:b3:29:
                    94:e1:c6:a2:23:66:ad:e2:21:a0:93:f1:7d:47:14:
                    ff:38:b1:c4:39:48:59:05:f7:31:8c:08:57:17:2a:
                    df:fc:1c:5a:08:d0:e1:06:ff:e5:0a:f6:3b:9e:6f:
                    c3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:AD:BA:34:55:DF:22:1E:E3:5C:03:2A:6E:71:F0:EE:7D:1C:BF:FF
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:4e:05:e0:43:28:51:a9:80:ef:a0:38:06:d5:5b:31:60:b5:
         f5:9c:79:b3:aa:1c:c9:b1:a3:09:fc:4d:ec:a7:7a:75:bf:84:
         8d:97:70:57:8e:67:42:1e:a6:5c:93:55:be:4f:9a:13:67:34:
         25:71:70:f6:87:3c:06:5a:3f:ec:ca:88:9a:50:24:4c:0b:dc:
         6e:16:45:82:32:8b:5f:8a:95:29:5a:f4:3f:b9:31:32:25:c9:
         3b:e6:3a:0a:65:b2:4d:7b:6c:f8:03:08:ea:2c:cc:5c:b3:a1:
         70:5f:e0:35:4e:5e:03:bb:c0:7b:3b:41:4b:f2:ef:4d:13:81:
         87:a4:d6:c8:97:3e:d5:fe:18:5f:ef:9a:a4:1b:37:ae:de:34:
         6f:00:a9:10:a3:37:9b:97:a6:13:1f:87:3d:5e:22:bc:f9:9e:
         27:48:7f:2f:2b:ac:3d:80:4a:1f:bb:ff:f7:e2:ce:72:09:73:
         27:76:ca:36:0b:73:5b:8e:6d:b5:d6:8f:33:10:b6:0b:2b:6d:
         34:86:48:d8:77:e3:f4:b6:43:44:f6:44:04:60:7f:fc:c7:6a:
         7a:c5:fa:75:fd:f7:6c:c9:e3:83:5e:26:4c:11:1e:85:8b:16:
         1f:25:03:55:40:c7:84:ab:28:77:58:9c:a1:a9:db:d9:23:c6:
         a1:ef:16:b2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeEyxQDcjnMh7F3HIhu456EgvFfMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjA1MTQwNTQwNTVaFw0yNzA1MTMwNTQ1NTVaMDMxMTAvBgNV
BAMTKDgyQURCQTM0NTVERjIyMUVFMzVDMDMyQTZFNzFGMEVFN0QxQ0JGRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBJotaTEBxXwtGwwXpMaOEo++q
Hmrj5uz/FheRvjM6vvQxSS6dvGa7M1QuDsCE7N6dL5GtJitBlH29IT/Wmd4JY2QE
mGNOuCgTVfaIKhaSpLR6bZLoUQDYe3jk44PnLWPkIVUyKj+5u5RKQiIpP5eShSFn
62vGE6ggkw/gzYE4EB26fvgdAU/wjNPGcGKGVgHKbSQVt4Zn/u1R7idh84IozhY6
1Yvjf/0MtZ1kgOVp2MPAHU/BIvDjHVNQzqRjL49tINCzDQgVUAw3v6h99TOzKZTh
xqIjZq3iIaCT8X1HFP84scQ5SFkF9zGMCFcXKt/8HFoI0OEG/+UK9jueb8MTAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgq26NFXfIh7jXAMqbnHw7n0cv/8wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzNDM2MmUzMTMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2S
azANBgkqhkiG9w0BAQsFAAOCAQEAy04F4EMoUamA76A4BtVbMWC19Zx5s6ocybGj
CfxN7Kd6db+EjZdwV45nQh6mXJNVvk+aE2c0JXFw9oc8Blo/7MqImlAkTAvcbhZF
gjKLX4qVKVr0P7kxMiXJO+Y6CmWyTXts+AMI6izMXLOhcF/gNU5eA7vAeztBS/Lv
TROBh6TWyJc+1f4YX++apBs3rt40bwCpEKM3m5emEx+HPV4ivPmeJ0h/LyusPYBK
H7v/9+LOcglzJ3bKNgtzW45ttdaPMxC2CyttNIZI2Hfj9LZDRPZEBGB//MdqesX6
df33bMnjg14mTBEehYsWHyUDVUDHhKsod1icoanb2SPGoe8Wsg==
-----END CERTIFICATE-----