Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e3133352e3232352e302f32342d3234203d3e2035353131.roa
File:                     34352e3133352e3232352e302f32342d3234203d3e2035353131.roa (raw, json)
Hash identifier:          P/29TxjmNPyIOgiMiNTsAagPMlTDzIF0GaiuoC5HRds=
Subject key identifier:   5B:AF:20:80:64:A7:AE:D8:EF:5A:77:A4:98:DD:93:86:2A:55:41:4A
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       1699309522EB8B93A7F8494C4F583ED314BDD7B3
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e3133352e3232352e302f32342d3234203d3e2035353131.roa
Signing time:             Fri 20 Mar 2026 11:48:41 +0000
ROA not before:           Fri 20 Mar 2026 11:43:41 +0000
ROA not after:            Fri 19 Mar 2027 11:48:41 +0000
asID:                     5511
IP address blocks:        45.135.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:99:30:95:22:eb:8b:93:a7:f8:49:4c:4f:58:3e:d3:14:bd:d7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: Mar 20 11:43:41 2026 GMT
            Not After : Mar 19 11:48:41 2027 GMT
        Subject: CN=5BAF208064A7AED8EF5A77A498DD93862A55414A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8e:6e:5e:9c:12:7b:f4:9f:36:97:db:49:08:
                    fb:43:95:50:fb:54:b3:36:a6:10:21:03:3c:3d:d2:
                    53:f0:a3:06:05:18:de:ed:aa:24:b2:46:7f:6f:df:
                    89:fa:0f:fd:57:94:68:26:ec:a2:ca:fb:e0:de:d9:
                    07:b0:fc:d4:de:0c:65:ab:2d:fa:43:c3:b8:6b:bf:
                    50:64:14:db:97:82:6c:07:39:d0:fe:f3:a3:38:6e:
                    07:eb:bc:90:6d:25:95:7b:f6:61:c1:c6:92:6b:a3:
                    f2:f9:30:50:56:2a:03:8b:40:b6:81:bd:77:20:05:
                    8d:49:94:a8:4b:c6:6b:98:66:87:27:89:44:d7:16:
                    00:e6:44:4d:a9:ab:4f:90:da:c4:6f:6f:30:e6:e9:
                    16:37:14:ca:c8:85:5d:b8:05:86:f6:14:b5:71:22:
                    62:7e:be:65:a9:0f:fc:d7:90:0c:95:86:a1:2f:b4:
                    f9:e9:c1:ca:b5:a1:a0:c9:da:69:df:2a:89:6d:59:
                    c6:1e:15:a3:1c:95:b3:13:6e:c7:b4:c9:e5:5a:d7:
                    64:89:2e:9e:9f:b8:fd:c7:b3:8b:27:b3:ec:1f:4b:
                    41:22:5b:e1:0e:fb:17:73:f6:56:3a:d2:c0:00:68:
                    f1:4c:e5:a5:8f:25:7f:48:5f:42:f5:0e:30:dd:32:
                    65:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:AF:20:80:64:A7:AE:D8:EF:5A:77:A4:98:DD:93:86:2A:55:41:4A
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/34352e3133352e3232352e302f32342d3234203d3e2035353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:7c:81:6a:f2:97:77:6a:d1:0d:29:fd:fa:ed:af:d3:08:0b:
         67:a4:af:34:0c:dc:b4:0d:db:54:d3:a3:95:bb:7d:5e:1c:a7:
         2f:56:89:08:5a:aa:36:8c:5d:a3:85:4e:d6:07:e3:af:4e:74:
         55:37:c9:7f:64:61:5a:b9:5c:1b:af:62:3b:a3:e4:7a:b9:49:
         b7:f6:b2:ee:1f:6a:dc:5d:32:88:51:bc:12:5f:0f:5f:00:1f:
         2c:c1:c9:c9:90:cc:d1:8b:2a:97:0d:4a:c4:28:0e:d8:57:d7:
         b6:59:40:28:14:cb:46:f8:27:21:fc:ef:ae:e8:b0:b8:f7:8f:
         5c:19:7e:d2:41:84:d1:e1:5e:82:1d:71:a1:cf:08:cc:21:b3:
         ce:99:97:9e:e1:d0:e5:e2:5b:bf:ab:b3:95:cd:77:b5:6c:5b:
         d8:e0:aa:48:ad:36:ff:fc:b2:a6:19:16:a7:50:f5:e9:44:4d:
         73:ab:60:43:a5:d2:c4:42:c5:46:e5:a2:48:50:79:33:50:05:
         99:96:1e:15:6f:45:c3:00:3c:64:16:a5:24:51:00:8d:f6:ba:
         57:bc:d3:fe:be:3a:3f:e9:b9:b4:44:ab:0f:e1:92:ad:e3:48:
         fe:06:59:40:54:a4:ac:88:a6:97:5c:17:3a:b0:09:94:e5:4a:
         a3:2f:bc:e3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUFpkwlSLri5On+ElMT1g+0xS917MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjAzMjAxMTQzNDFaFw0yNzAzMTkxMTQ4NDFaMDMxMTAvBgNV
BAMTKDVCQUYyMDgwNjRBN0FFRDhFRjVBNzdBNDk4REQ5Mzg2MkE1NTQxNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzjm5enBJ79J82l9tJCPtDlVD7
VLM2phAhAzw90lPwowYFGN7tqiSyRn9v34n6D/1XlGgm7KLK++De2Qew/NTeDGWr
LfpDw7hrv1BkFNuXgmwHOdD+86M4bgfrvJBtJZV79mHBxpJro/L5MFBWKgOLQLaB
vXcgBY1JlKhLxmuYZocniUTXFgDmRE2pq0+Q2sRvbzDm6RY3FMrIhV24BYb2FLVx
ImJ+vmWpD/zXkAyVhqEvtPnpwcq1oaDJ2mnfKoltWcYeFaMclbMTbse0yeVa12SJ
Lp6fuP3Hs4sns+wfS0EiW+EO+xdz9lY60sAAaPFM5aWPJX9IX0L1DjDdMmVlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW68ggGSnrtjvWnekmN2ThipVQUowHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzQzNTJlMzEzMzM1MmUzMjMy
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM1MzEzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2H
4TANBgkqhkiG9w0BAQsFAAOCAQEAfHyBavKXd2rRDSn9+u2v0wgLZ6SvNAzctA3b
VNOjlbt9XhynL1aJCFqqNoxdo4VO1gfjr050VTfJf2RhWrlcG69iO6PkerlJt/ay
7h9q3F0yiFG8El8PXwAfLMHJyZDM0Ysqlw1KxCgO2FfXtllAKBTLRvgnIfzvruiw
uPePXBl+0kGE0eFegh1xoc8IzCGzzpmXnuHQ5eJbv6uzlc13tWxb2OCqSK02//yy
phkWp1D16URNc6tgQ6XSxELFRuWiSFB5M1AFmZYeFW9FwwA8ZBalJFEAjfa6V7zT
/r46P+m5tESrD+GSreNI/gZZQFSkrIiml1wXOrAJlOVKoy+84w==
-----END CERTIFICATE-----