Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e372e302f32342d3234203d3e203430363736.roa
File:                     34352e3135302e372e302f32342d3234203d3e203430363736.roa (raw, json)
Hash identifier:          T+zbNugzb1bsH98kHS+RI8JGsyekk0ffpARbCOfuE7Y=
Subject key identifier:   67:B4:76:49:6E:F9:97:D7:8C:C8:81:14:1C:11:F6:D7:A1:C5:29:A4
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       4632DB6810C753CF0D9D9FA94E6C94B937B3CB8E
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e372e302f32342d3234203d3e203430363736.roa
Signing time:             Wed 17 Jun 2026 00:47:38 +0000
ROA not before:           Wed 17 Jun 2026 00:42:38 +0000
ROA not after:            Wed 16 Jun 2027 00:47:38 +0000
asID:                     40676
IP address blocks:        45.150.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 Jul 2026 08:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:32:db:68:10:c7:53:cf:0d:9d:9f:a9:4e:6c:94:b9:37:b3:cb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Jun 17 00:42:38 2026 GMT
            Not After : Jun 16 00:47:38 2027 GMT
        Subject: CN=67B476496EF997D78CC881141C11F6D7A1C529A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4b:08:87:63:59:6a:df:b8:c6:22:ec:9c:2b:
                    67:b3:46:3f:8e:03:54:05:23:a8:45:38:d5:4f:f6:
                    11:f8:99:6d:71:6f:a4:c3:45:de:db:a9:41:56:6e:
                    3f:f0:0f:d6:c6:70:ed:a5:16:1c:52:f4:45:b0:52:
                    d6:43:2c:ee:38:df:0a:91:d3:9f:69:0c:f9:16:70:
                    fc:8e:a3:fb:ef:79:04:9e:ec:1d:e9:04:c7:d9:b2:
                    3a:45:be:fe:4e:01:d5:6a:5f:6e:ce:e9:96:b2:5c:
                    be:95:49:e5:ee:ab:a8:8d:7e:48:18:c5:9e:58:0b:
                    a7:92:84:a0:5b:9e:fe:21:73:da:16:11:9c:58:73:
                    12:85:2c:a8:d9:2d:f9:28:8d:1e:d1:32:45:09:a8:
                    15:4b:89:e5:60:b0:28:46:5c:1e:57:0b:51:01:92:
                    c9:22:87:a1:43:9f:18:7e:dc:6e:b7:3c:aa:43:de:
                    ad:af:a0:9f:4f:55:22:40:05:4a:8c:45:39:52:50:
                    43:e4:ea:83:fb:6f:09:20:32:36:69:a8:d9:51:45:
                    ed:e7:3e:2a:9c:da:d5:92:64:c7:72:c9:4e:03:c9:
                    3c:c6:15:f8:6f:81:a2:04:c5:21:12:5f:bd:cb:b8:
                    2d:7e:dc:4c:4b:f3:0a:5f:54:52:f9:98:11:47:09:
                    55:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:B4:76:49:6E:F9:97:D7:8C:C8:81:14:1C:11:F6:D7:A1:C5:29:A4
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e372e302f32342d3234203d3e203430363736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:08:7f:fb:d2:c0:14:11:27:62:33:74:dc:1e:c0:a1:83:d9:
         85:ab:dd:a9:00:18:8b:bd:a8:d4:be:67:4b:a1:5c:56:6a:00:
         e9:c5:15:f5:e7:a3:f6:26:0f:fb:79:5d:13:a4:13:2e:ea:fa:
         7e:23:64:3e:8a:5b:bd:50:39:df:bf:98:68:27:6f:b8:7b:e5:
         f5:11:12:71:bb:63:d2:56:af:a3:c5:66:c4:73:3d:d0:21:0d:
         3f:7f:4c:01:c9:e0:66:74:e4:02:24:85:c3:32:bd:18:3d:9a:
         e8:75:e2:10:10:a8:9a:59:b9:9f:10:34:01:69:55:8f:e1:26:
         8a:4d:aa:d0:d1:24:a7:e3:89:27:bc:f1:59:b0:ea:f6:bc:1d:
         c2:bf:50:e3:7a:5c:51:22:a4:5d:aa:37:d1:12:27:3e:c1:97:
         e0:43:65:d6:ae:41:bc:bb:d9:b5:a4:c6:f5:11:db:ab:0d:e7:
         5d:be:d1:02:32:86:1f:c9:02:42:1a:9e:e7:a2:0f:c7:3a:dd:
         77:b3:28:81:98:c5:3b:f7:01:b9:9a:c9:8e:4d:4a:50:cc:21:
         98:b3:6e:6a:5f:ff:2f:50:88:f5:aa:42:dd:d4:0d:48:ff:ae:
         66:8f:19:ed:85:c1:f0:26:84:cd:53:6b:28:c7:e7:72:eb:32:
         a9:18:3b:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURjLbaBDHU88NnZ+pTmyUuTezy44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNjA2MTcwMDQyMzhaFw0yNzA2MTYwMDQ3MzhaMDMxMTAvBgNV
BAMTKDY3QjQ3NjQ5NkVGOTk3RDc4Q0M4ODExNDFDMTFGNkQ3QTFDNTI5QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZSwiHY1lq37jGIuycK2ezRj+O
A1QFI6hFONVP9hH4mW1xb6TDRd7bqUFWbj/wD9bGcO2lFhxS9EWwUtZDLO443wqR
059pDPkWcPyOo/vveQSe7B3pBMfZsjpFvv5OAdVqX27O6ZayXL6VSeXuq6iNfkgY
xZ5YC6eShKBbnv4hc9oWEZxYcxKFLKjZLfkojR7RMkUJqBVLieVgsChGXB5XC1EB
kskih6FDnxh+3G63PKpD3q2voJ9PVSJABUqMRTlSUEPk6oP7bwkgMjZpqNlRRe3n
Piqc2tWSZMdyyU4DyTzGFfhvgaIExSESX73LuC1+3ExL8wpfVFL5mBFHCVUJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZ7R2SW75l9eMyIEUHBH216HFKaQwHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzNjM3MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlgcw
DQYJKoZIhvcNAQELBQADggEBAIEIf/vSwBQRJ2IzdNwewKGD2YWr3akAGIu9qNS+
Z0uhXFZqAOnFFfXno/YmD/t5XROkEy7q+n4jZD6KW71QOd+/mGgnb7h75fUREnG7
Y9JWr6PFZsRzPdAhDT9/TAHJ4GZ05AIkhcMyvRg9muh14hAQqJpZuZ8QNAFpVY/h
JopNqtDRJKfjiSe88Vmw6va8HcK/UON6XFEipF2qN9ESJz7Bl+BDZdauQby72bWk
xvUR26sN512+0QIyhh/JAkIanueiD8c63XezKIGYxTv3AbmayY5NSlDMIZizbmpf
/y9QiPWqQt3UDUj/rmaPGe2FwfAmhM1TayjH53LrMqkYOx0=
-----END CERTIFICATE-----
Generated at Wed Jul 1 13:54:10 2026 by rpki-client