Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35302e302f32332d3234203d3e20383334.roa
File:                     3231322e37342e35302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          2CQGzqrJPzmRKDjtxfU2p/RSei33V0IOfWEHbE6YzOY=
Subject key identifier:   A5:B8:CB:95:DF:2A:35:05:A3:FF:4E:AB:66:DB:E2:98:49:7A:D6:1B
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       38D4E398B11B6E6511581C346AC7CCEB7B071106
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35302e302f32332d3234203d3e20383334.roa
Signing time:             Tue 24 Mar 2026 02:34:11 +0000
ROA not before:           Tue 24 Mar 2026 02:29:11 +0000
ROA not after:            Tue 23 Mar 2027 02:34:11 +0000
asID:                     834
IP address blocks:        212.74.50.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:25:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:d4:e3:98:b1:1b:6e:65:11:58:1c:34:6a:c7:cc:eb:7b:07:11:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 24 02:29:11 2026 GMT
            Not After : Mar 23 02:34:11 2027 GMT
        Subject: CN=A5B8CB95DF2A3505A3FF4EAB66DBE298497AD61B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f7:b6:d7:47:4b:25:2a:be:1d:94:16:a3:5f:
                    dd:0e:c5:3c:ff:f4:8b:36:d5:12:05:a7:b1:fe:70:
                    8a:06:30:53:c4:5d:0b:24:a8:cd:be:4a:6f:6b:e2:
                    31:de:b2:b5:31:4f:23:62:60:62:f9:4e:f4:ee:a3:
                    de:af:0f:65:b1:38:91:b0:7d:50:dd:9a:0a:0b:7f:
                    ae:c1:a8:30:2a:e0:a1:ae:17:f1:19:6e:07:44:0f:
                    28:f8:86:49:85:ed:f8:7a:6c:5f:50:c7:ce:d1:f3:
                    3d:fe:04:1d:0c:38:62:18:a0:6c:66:75:ad:7f:98:
                    69:99:71:5b:b0:68:96:08:1b:4b:bf:eb:20:50:fd:
                    6e:e8:3a:31:8c:09:82:f7:3d:a4:4c:2a:12:50:a3:
                    c1:7f:44:30:c5:ba:88:f3:bb:73:09:2e:76:72:d1:
                    d4:33:34:c6:79:9b:90:bc:03:2c:ec:d9:72:66:c2:
                    72:49:fc:54:89:a8:51:bf:d6:97:aa:d0:90:67:25:
                    73:99:71:b5:c9:5f:f0:22:b1:b6:86:31:7b:76:c1:
                    dc:e6:6d:80:25:28:83:8e:91:93:66:b3:70:5b:d0:
                    b1:05:c0:a3:fe:4c:9e:88:2e:9e:7a:e8:88:89:c2:
                    40:b8:8b:ad:8f:6d:c0:3d:37:d5:ef:e9:1a:fa:b3:
                    1e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B8:CB:95:DF:2A:35:05:A3:FF:4E:AB:66:DB:E2:98:49:7A:D6:1B
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:b4:bc:a2:a7:f0:18:c8:70:99:ba:49:60:d7:be:c2:19:9f:
         ad:7d:dc:44:a6:e2:05:34:db:fc:ab:71:2b:ce:c0:d9:ed:76:
         c8:08:0d:9a:e0:98:85:39:52:eb:5d:96:0a:13:ce:bf:39:32:
         fd:fd:e5:67:9d:7f:ea:e4:6f:f8:94:d3:fe:5e:ef:e3:76:86:
         23:b0:6d:63:d5:fe:6a:1d:78:de:96:1d:43:69:d2:e1:e8:69:
         6a:82:da:97:58:b5:19:ae:11:cb:77:70:3b:a6:66:98:76:fe:
         cd:ea:ac:e4:bc:cb:d1:ae:b5:91:13:03:8f:0d:f8:31:dc:d7:
         73:cf:05:f6:ce:ba:99:a3:3a:2d:72:19:e9:57:f8:8b:db:8a:
         52:d2:17:cd:c5:2c:ff:f3:e5:23:ad:30:93:83:5b:22:d8:73:
         5a:a0:23:1d:8d:b6:34:72:c2:00:be:52:37:91:ea:19:fa:c2:
         a6:05:87:5c:2b:0e:d2:c1:a7:ef:64:e1:c8:30:bd:91:16:80:
         1c:d5:d7:43:c1:9b:42:48:c5:dd:42:05:1f:78:c7:6c:15:78:
         8c:15:72:d8:20:0e:45:f5:d0:ec:97:aa:e2:af:8a:11:4f:4c:
         58:7c:f9:e6:ee:61:af:11:d3:c4:0a:3f:57:5d:5b:89:88:5d:
         54:4a:b6:e8
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUONTjmLEbbmURWBw0asfM63sHEQYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMjQwMjI5MTFaFw0yNzAzMjMwMjM0MTFaMDMxMTAvBgNV
BAMTKEE1QjhDQjk1REYyQTM1MDVBM0ZGNEVBQjY2REJFMjk4NDk3QUQ2MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJ97bXR0slKr4dlBajX90OxTz/
9Is21RIFp7H+cIoGMFPEXQskqM2+Sm9r4jHesrUxTyNiYGL5TvTuo96vD2WxOJGw
fVDdmgoLf67BqDAq4KGuF/EZbgdEDyj4hkmF7fh6bF9Qx87R8z3+BB0MOGIYoGxm
da1/mGmZcVuwaJYIG0u/6yBQ/W7oOjGMCYL3PaRMKhJQo8F/RDDFuojzu3MJLnZy
0dQzNMZ5m5C8Ayzs2XJmwnJJ/FSJqFG/1peq0JBnJXOZcbXJX/AisbaGMXt2wdzm
bYAlKIOOkZNms3Bb0LEFwKP+TJ6ILp566IiJwkC4i62PbcA9N9Xv6Rr6sx4hAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUpbjLld8qNQWj/06rZtvimEl61hswHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNTMw
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1EoyMA0G
CSqGSIb3DQEBCwUAA4IBAQBCtLyip/AYyHCZuklg177CGZ+tfdxEpuIFNNv8q3Er
zsDZ7XbICA2a4JiFOVLrXZYKE86/OTL9/eVnnX/q5G/4lNP+Xu/jdoYjsG1j1f5q
HXjelh1DadLh6GlqgtqXWLUZrhHLd3A7pmaYdv7N6qzkvMvRrrWREwOPDfgx3Ndz
zwX2zrqZozotchnpV/iL24pS0hfNxSz/8+UjrTCTg1si2HNaoCMdjbY0csIAvlI3
keoZ+sKmBYdcKw7SwafvZOHIML2RFoAc1ddDwZtCSMXdQgUfeMdsFXiMFXLYIA5F
9dDsl6rir4oRT0xYfPnm7mGvEdPECj9XXVuJiF1USrbo
-----END CERTIFICATE-----