Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35362e302f32332d3234203d3e20383334.roa
File:                     3231322e37342e35362e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          6NpHLAOGT0YOa/YJc1gf3RDHvJdzYE4A9TZETvvlsy8=
Subject key identifier:   CA:4B:24:6F:19:B9:01:5A:39:F2:CF:F2:99:D9:1D:1F:20:05:84:20
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       30F870B5A7A15D06B6F993FC02E68BEFB47F5636
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35362e302f32332d3234203d3e20383334.roa
Signing time:             Sat 25 Apr 2026 00:43:57 +0000
ROA not before:           Sat 25 Apr 2026 00:38:57 +0000
ROA not after:            Sat 24 Apr 2027 00:43:57 +0000
asID:                     834
IP address blocks:        212.74.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:f8:70:b5:a7:a1:5d:06:b6:f9:93:fc:02:e6:8b:ef:b4:7f:56:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr 25 00:38:57 2026 GMT
            Not After : Apr 24 00:43:57 2027 GMT
        Subject: CN=CA4B246F19B9015A39F2CFF299D91D1F20058420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:3a:c6:af:5a:41:c5:06:b9:dd:6a:f1:61:63:
                    02:47:8b:d6:4f:5d:f7:d1:61:99:c4:62:60:c7:dc:
                    20:ad:20:af:6e:ee:6a:26:d3:99:6d:26:36:9b:05:
                    75:45:bd:ef:3d:24:7d:56:4e:1f:c9:17:a3:e6:89:
                    d3:98:0a:1e:cf:06:56:e6:83:cc:f2:b6:d5:d5:af:
                    43:11:3a:2c:3a:b2:c5:92:78:a5:69:0e:86:1c:70:
                    e7:ae:d7:14:01:fa:06:fa:de:24:17:49:b1:3f:cb:
                    a3:da:06:b5:eb:8d:3d:3d:74:95:c5:25:9a:65:45:
                    33:cc:72:2b:ad:d5:69:70:45:84:c7:1e:b7:15:69:
                    94:1b:e0:03:58:3f:c2:fe:8c:f2:0c:b8:f2:6b:73:
                    92:c1:f1:c4:de:d1:96:25:7e:1e:49:d5:b0:4e:f3:
                    11:23:f6:79:fb:73:ae:7f:29:1b:19:e5:1d:18:be:
                    8f:14:bb:d5:0c:ac:14:62:2f:4d:e1:3d:16:9a:06:
                    c1:c3:b0:12:9d:7f:9e:a8:fa:d9:a9:fc:aa:f6:fb:
                    30:05:d7:6d:85:a9:ff:5c:19:e8:87:ef:02:87:2c:
                    8f:86:ba:b6:2a:ab:ff:57:db:b4:dc:2f:b6:11:b1:
                    a2:6d:dd:51:a5:f0:77:76:b2:e2:9b:20:f0:1a:08:
                    ab:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4B:24:6F:19:B9:01:5A:39:F2:CF:F2:99:D9:1D:1F:20:05:84:20
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35362e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:94:3e:fd:6f:53:08:ab:4c:2d:7a:d3:21:30:12:6b:00:19:
         34:08:a7:c0:ba:71:a2:d6:80:3a:69:7a:f1:35:22:e8:c3:61:
         ed:50:39:0c:85:e4:b6:4e:6a:95:1a:f7:75:40:6a:55:76:42:
         82:07:57:32:3b:73:00:32:9a:83:8c:0b:c1:14:3b:2c:65:92:
         f0:66:3d:6f:48:76:49:89:25:bb:e6:cf:5b:fb:4c:a7:6e:89:
         a9:76:a5:70:e9:2c:6f:b2:0e:7c:74:04:8b:47:00:5f:77:19:
         38:29:90:f2:c3:2b:9e:e9:78:eb:5e:f8:5d:f1:31:76:23:ad:
         6b:68:a5:97:32:13:3c:f7:17:4d:96:84:b2:59:a8:ed:46:ff:
         32:9e:c5:62:ff:4b:94:22:e6:9a:9e:c8:50:b2:11:18:d1:85:
         18:60:02:37:86:95:a7:7a:2a:cc:fb:41:81:13:e6:ad:03:6b:
         84:98:e7:91:fe:8f:cc:84:a0:b0:8c:79:ca:bb:21:e3:0b:a0:
         2f:3b:c5:3b:8d:08:09:49:34:96:ef:f9:0a:2e:4b:0f:09:2e:
         43:59:a8:05:73:19:7b:e8:19:57:d4:90:cf:de:02:e6:0d:cf:
         8e:34:10:36:ee:2a:48:43:ef:db:55:3c:4a:02:18:b1:60:ce:
         00:4b:17:67
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUMPhwtaehXQa2+ZP8AuaL77R/VjYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MjUwMDM4NTdaFw0yNzA0MjQwMDQzNTdaMDMxMTAvBgNV
BAMTKENBNEIyNDZGMTlCOTAxNUEzOUYyQ0ZGMjk5RDkxRDFGMjAwNTg0MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvOsavWkHFBrndavFhYwJHi9ZP
XffRYZnEYmDH3CCtIK9u7mom05ltJjabBXVFve89JH1WTh/JF6PmidOYCh7PBlbm
g8zyttXVr0MROiw6ssWSeKVpDoYccOeu1xQB+gb63iQXSbE/y6PaBrXrjT09dJXF
JZplRTPMciut1WlwRYTHHrcVaZQb4ANYP8L+jPIMuPJrc5LB8cTe0ZYlfh5J1bBO
8xEj9nn7c65/KRsZ5R0Yvo8Uu9UMrBRiL03hPRaaBsHDsBKdf56o+tmp/Kr2+zAF
122Fqf9cGeiH7wKHLI+GurYqq/9X27TcL7YRsaJt3VGl8Hd2suKbIPAaCKsPAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUykskbxm5AVo58s/ymdkdHyAFhCAwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNTM2
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1Eo4MA0G
CSqGSIb3DQEBCwUAA4IBAQAXlD79b1MIq0wtetMhMBJrABk0CKfAunGi1oA6aXrx
NSLow2HtUDkMheS2TmqVGvd1QGpVdkKCB1cyO3MAMpqDjAvBFDssZZLwZj1vSHZJ
iSW75s9b+0ynbompdqVw6Sxvsg58dASLRwBfdxk4KZDywyue6XjrXvhd8TF2I61r
aKWXMhM89xdNloSyWajtRv8ynsVi/0uUIuaanshQshEY0YUYYAI3hpWneirM+0GB
E+atA2uEmOeR/o/MhKCwjHnKuyHjC6AvO8U7jQgJSTSW7/kKLksPCS5DWagFcxl7
6BlX1JDP3gLmDc+ONBA27ipIQ+/bVTxKAhixYM4ASxdn
-----END CERTIFICATE-----