Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e372e302f32342d3234203d3e203631333137.roa
File:                     34352e38302e372e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          BWTAt9eN5lq1XIWTYmYop12am0B+QaBbtHGUC//h6CQ=
Subject key identifier:   4B:F3:01:4F:A1:53:14:79:3D:72:47:32:59:7F:42:C1:EA:8A:BB:5E
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       1BEBAE0B2D79509FAA48BF19ED808EC8BAF315AE
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e372e302f32342d3234203d3e203631333137.roa
Signing time:             Sat 21 Feb 2026 21:55:39 +0000
ROA not before:           Sat 21 Feb 2026 21:50:39 +0000
ROA not after:            Sat 20 Feb 2027 21:55:39 +0000
asID:                     61317
IP address blocks:        45.80.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:eb:ae:0b:2d:79:50:9f:aa:48:bf:19:ed:80:8e:c8:ba:f3:15:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb 21 21:50:39 2026 GMT
            Not After : Feb 20 21:55:39 2027 GMT
        Subject: CN=4BF3014FA15314793D724732597F42C1EA8ABB5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b7:9f:d1:74:57:ee:70:08:56:18:7e:0a:31:
                    05:d7:19:f0:b1:df:f5:4c:2f:14:03:2b:47:f0:91:
                    77:ac:7c:48:4f:da:69:cb:6f:a9:ad:66:09:12:cb:
                    e4:1d:d1:73:a6:d8:6e:fb:bc:24:43:82:f0:e6:b7:
                    04:6f:c5:26:5d:83:b9:8a:b0:c0:62:51:a9:51:df:
                    af:80:52:74:3c:ce:c7:04:65:02:86:32:7d:93:57:
                    c5:7a:9d:2d:36:73:ae:fe:3c:1f:55:dd:0d:8e:06:
                    c5:d3:fb:32:e6:b7:ce:b0:a0:da:2f:17:fe:1a:10:
                    0a:bc:1d:d9:ec:a8:8f:f1:bb:59:7d:1b:81:32:80:
                    dd:07:77:51:d5:59:d6:fd:26:a2:9b:b7:6c:ef:8e:
                    d1:5a:81:b7:db:27:f6:d2:7e:5d:53:ba:2a:2c:dc:
                    28:9d:9b:04:01:0d:b4:f2:84:66:5a:95:80:55:9f:
                    e2:21:76:ce:b1:93:a3:36:36:45:e0:1a:7c:b8:c0:
                    87:19:75:69:bd:34:97:fb:97:7f:d9:ab:3c:4b:8c:
                    65:2f:89:51:2a:18:b1:24:26:a3:dd:cc:ba:b3:8a:
                    62:16:1f:67:8a:73:75:66:40:db:32:07:5f:13:c5:
                    22:5f:9e:04:db:bb:b6:dd:a4:a8:5e:de:46:73:90:
                    8b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:F3:01:4F:A1:53:14:79:3D:72:47:32:59:7F:42:C1:EA:8A:BB:5E
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e372e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:46:ba:e6:fa:e3:c5:dc:d8:ea:9b:27:c1:14:5f:39:41:90:
         b6:54:f1:d7:70:59:93:c8:15:c2:d3:83:fb:b9:64:30:3a:f7:
         e5:77:32:16:5a:4b:83:cb:e3:b6:5e:7c:dc:fd:78:94:73:2f:
         ee:ce:89:da:0c:6f:5c:ea:fe:29:e8:bc:97:5b:10:ab:80:7a:
         cc:2c:af:72:62:29:a3:63:c8:bb:2f:e1:98:ad:de:f4:f6:70:
         65:44:36:d5:ab:b7:42:d9:7e:15:65:2a:e1:bf:f1:3b:f2:31:
         a7:f2:58:b4:13:ec:97:86:00:53:8b:39:28:a2:ad:ec:80:70:
         e1:9a:1a:15:6f:29:5e:2c:00:7c:86:bf:73:1e:d0:6e:54:40:
         96:61:4c:ec:de:3b:97:57:5c:67:67:d5:7c:6b:4e:57:0e:f1:
         aa:bd:f5:b5:f3:83:3b:97:a4:f9:49:4d:0f:d2:7e:a1:f5:b2:
         e7:fa:bb:c8:b4:dd:3e:58:3d:33:43:d7:d7:f2:6d:b2:43:22:
         1e:20:d4:ee:11:ac:46:55:6d:93:75:b1:b0:4d:c7:3e:40:49:
         22:26:7c:4e:75:03:5e:12:bb:c3:70:eb:2d:70:a7:c5:40:c5:
         16:c4:de:7c:21:a9:6c:c1:3e:ee:eb:a7:96:80:f2:74:e9:7d:
         db:c3:96:47
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUG+uuCy15UJ+qSL8Z7YCOyLrzFa4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMjEyMTUwMzlaFw0yNzAyMjAyMTU1MzlaMDMxMTAvBgNV
BAMTKDRCRjMwMTRGQTE1MzE0NzkzRDcyNDczMjU5N0Y0MkMxRUE4QUJCNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzt5/RdFfucAhWGH4KMQXXGfCx
3/VMLxQDK0fwkXesfEhP2mnLb6mtZgkSy+Qd0XOm2G77vCRDgvDmtwRvxSZdg7mK
sMBiUalR36+AUnQ8zscEZQKGMn2TV8V6nS02c67+PB9V3Q2OBsXT+zLmt86woNov
F/4aEAq8HdnsqI/xu1l9G4EygN0Hd1HVWdb9JqKbt2zvjtFagbfbJ/bSfl1Tuios
3CidmwQBDbTyhGZalYBVn+Ihds6xk6M2NkXgGny4wIcZdWm9NJf7l3/ZqzxLjGUv
iVEqGLEkJqPdzLqzimIWH2eKc3VmQNsyB18TxSJfngTbu7bdpKhe3kZzkIuhAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUS/MBT6FTFHk9ckcyWX9CweqKu14wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzcyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzMzMTM3LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAHMA0G
CSqGSIb3DQEBCwUAA4IBAQCtRrrm+uPF3NjqmyfBFF85QZC2VPHXcFmTyBXC04P7
uWQwOvfldzIWWkuDy+O2Xnzc/XiUcy/uzonaDG9c6v4p6LyXWxCrgHrMLK9yYimj
Y8i7L+GYrd709nBlRDbVq7dC2X4VZSrhv/E78jGn8li0E+yXhgBTizkooq3sgHDh
mhoVbyleLAB8hr9zHtBuVECWYUzs3juXV1xnZ9V8a05XDvGqvfW184M7l6T5SU0P
0n6h9bLn+rvItN0+WD0zQ9fX8m2yQyIeINTuEaxGVW2TdbGwTcc+QEkiJnxOdQNe
ErvDcOstcKfFQMUWxN58IalswT7u66eWgPJ06X3bw5ZH
-----END CERTIFICATE-----