Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32342d3234203d3e20383334.roa
File:                     3231322e37342e36322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          5znd/YMtHdZel74I2gfSFHjfyZzWTVb5n5lSN50/C+s=
Subject key identifier:   C3:14:E6:9C:D6:3E:66:3D:2F:AB:E8:E9:48:82:70:0B:24:77:21:68
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       027017653EC36313A69B870AD9FBD0BD44752B56
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32342d3234203d3e20383334.roa
Signing time:             Sat 02 May 2026 10:43:42 +0000
ROA not before:           Sat 02 May 2026 10:38:42 +0000
ROA not after:            Sat 01 May 2027 10:43:42 +0000
asID:                     834
IP address blocks:        212.74.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:70:17:65:3e:c3:63:13:a6:9b:87:0a:d9:fb:d0:bd:44:75:2b:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: May  2 10:38:42 2026 GMT
            Not After : May  1 10:43:42 2027 GMT
        Subject: CN=C314E69CD63E663D2FABE8E94882700B24772168
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:8f:1e:c9:e6:61:fa:e7:32:43:db:c8:fe:48:
                    e3:d7:f6:74:dd:94:aa:3e:83:13:c9:bd:cb:93:5e:
                    5a:e1:24:be:52:90:23:84:8e:e8:b0:13:ab:29:2d:
                    cf:07:de:bd:27:bf:58:5a:16:85:ea:48:90:6c:8d:
                    3e:3b:c9:c3:66:f2:45:20:77:1b:c8:7e:d8:1f:11:
                    cd:05:b4:0c:63:6c:a2:aa:56:9f:ac:e6:2d:40:09:
                    60:55:26:b2:41:c8:07:2f:0e:31:2f:0f:f0:58:9f:
                    12:b4:ec:b6:f3:4e:4e:dc:32:cc:e5:55:13:78:e9:
                    12:8b:ca:0c:17:f6:88:45:83:bd:b4:93:a6:6e:f6:
                    94:f7:1a:f6:65:af:50:a8:56:ce:b8:4f:8a:c5:f7:
                    b6:7d:1b:4c:56:d3:2b:97:7f:a7:d7:38:15:57:e2:
                    86:6c:c6:9e:07:60:59:43:48:93:b5:7b:27:cc:3c:
                    94:4f:ac:9a:2c:62:97:56:a1:89:92:5a:db:5f:64:
                    31:c7:67:61:be:20:71:ce:f1:20:c3:18:1e:8e:e2:
                    bb:a7:85:82:2f:d7:9a:11:a7:de:f2:b8:5c:04:8b:
                    7c:b4:38:35:34:08:a4:bd:15:95:e6:91:c7:13:db:
                    48:44:aa:99:d2:47:d2:d7:e7:e3:b0:23:c5:c1:b3:
                    2a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:14:E6:9C:D6:3E:66:3D:2F:AB:E8:E9:48:82:70:0B:24:77:21:68
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:91:45:76:dd:30:46:6b:28:99:7e:47:31:35:fb:08:f3:38:
         0e:fa:3d:d0:1a:43:2b:30:a9:8b:54:14:8f:3c:30:7c:62:ac:
         80:b8:82:c9:3c:09:78:41:d4:2c:42:31:3e:86:38:53:04:db:
         27:a8:05:c9:ea:e0:74:fb:4f:c2:50:68:82:f3:8c:a3:74:9f:
         de:90:eb:ae:8b:bc:54:c5:1f:c1:39:64:6b:d8:fb:08:ae:c6:
         e0:cd:cd:af:9b:7d:f8:78:44:70:78:5c:cb:ac:51:8b:31:07:
         ae:d2:37:0c:94:56:8d:09:39:01:48:67:b1:e6:a5:0c:81:5a:
         3a:94:26:1f:f6:2a:51:8a:a2:3e:6d:92:da:1d:3a:48:ad:6f:
         4d:29:ba:07:d0:59:60:d2:e1:ea:3e:16:9e:91:20:51:6c:9d:
         76:41:fa:9e:cb:31:f2:21:19:e6:af:47:8a:a9:3c:8d:00:38:
         67:b0:ea:65:ea:56:59:5d:e3:bd:48:7c:31:35:53:9b:91:d3:
         92:b6:34:80:15:68:37:d9:71:55:6e:c4:61:2b:e6:80:8e:09:
         cf:1c:fd:ae:ef:14:54:4d:79:a9:49:39:47:c9:d6:a7:dc:a3:
         43:2a:9f:c9:3a:80:05:ea:ae:f6:5f:2c:9e:98:f7:4d:f4:bb:
         db:bd:8f:f2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAnAXZT7DYxOmm4cK2fvQvUR1K1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA1MDIxMDM4NDJaFw0yNzA1MDExMDQzNDJaMDMxMTAvBgNV
BAMTKEMzMTRFNjlDRDYzRTY2M0QyRkFCRThFOTQ4ODI3MDBCMjQ3NzIxNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCijx7J5mH65zJD28j+SOPX9nTd
lKo+gxPJvcuTXlrhJL5SkCOEjuiwE6spLc8H3r0nv1haFoXqSJBsjT47ycNm8kUg
dxvIftgfEc0FtAxjbKKqVp+s5i1ACWBVJrJByAcvDjEvD/BYnxK07LbzTk7cMszl
VRN46RKLygwX9ohFg720k6Zu9pT3GvZlr1CoVs64T4rF97Z9G0xW0yuXf6fXOBVX
4oZsxp4HYFlDSJO1eyfMPJRPrJosYpdWoYmSWttfZDHHZ2G+IHHO8SDDGB6O4run
hYIv15oRp97yuFwEi3y0ODU0CKS9FZXmkccT20hEqpnSR9LX5+OwI8XBsyq7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUwxTmnNY+Zj0vq+jpSIJwCyR3IWgwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Eo+MA0G
CSqGSIb3DQEBCwUAA4IBAQA4kUV23TBGayiZfkcxNfsI8zgO+j3QGkMrMKmLVBSP
PDB8YqyAuILJPAl4QdQsQjE+hjhTBNsnqAXJ6uB0+0/CUGiC84yjdJ/ekOuui7xU
xR/BOWRr2PsIrsbgzc2vm334eERweFzLrFGLMQeu0jcMlFaNCTkBSGex5qUMgVo6
lCYf9ipRiqI+bZLaHTpIrW9NKboH0Flg0uHqPhaekSBRbJ12QfqeyzHyIRnmr0eK
qTyNADhnsOpl6lZZXeO9SHwxNVObkdOStjSAFWg32XFVbsRhK+aAjgnPHP2u7xRU
TXmpSTlHydan3KNDKp/JOoAF6q72XyyemPdN9LvbvY/y
-----END CERTIFICATE-----