Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32332d3234203d3e20383334.roa
File:                     352e3139392e31302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          M95Wy7LCPeO0X+YLZImhWkyiuAh2bdv1M7AF8Ct1w/M=
Subject key identifier:   44:68:A9:95:13:15:ED:3E:46:EE:C8:4B:4C:2E:ED:9C:E8:57:1C:8F
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       572A1D86C788C462E6A4DDE9AA1621434A098E3B
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32332d3234203d3e20383334.roa
Signing time:             Sat 02 May 2026 04:36:37 +0000
ROA not before:           Sat 02 May 2026 04:31:37 +0000
ROA not after:            Sat 01 May 2027 04:36:37 +0000
asID:                     834
IP address blocks:        5.199.10.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:2a:1d:86:c7:88:c4:62:e6:a4:dd:e9:aa:16:21:43:4a:09:8e:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: May  2 04:31:37 2026 GMT
            Not After : May  1 04:36:37 2027 GMT
        Subject: CN=4468A9951315ED3E46EEC84B4C2EED9CE8571C8F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dc:0e:94:0d:48:5e:32:f7:a0:11:46:5e:09:
                    25:20:77:19:13:25:46:95:ff:10:f8:96:05:26:e3:
                    af:3a:27:66:5a:58:e1:63:fc:8f:dc:5f:6a:d0:9c:
                    c1:f7:4b:f3:36:ca:f2:d1:4e:9d:be:17:1d:a4:5c:
                    22:0a:3f:9c:c5:15:d9:d9:3f:e1:b3:a7:91:82:a4:
                    0e:de:86:76:ba:8b:f6:47:b6:24:90:c9:39:19:da:
                    fc:16:03:ce:c2:b1:fa:73:af:5c:0e:6b:1d:8c:ed:
                    b0:a3:95:f3:af:46:77:49:44:29:3e:83:1b:19:bf:
                    70:20:e9:bf:ea:ea:db:06:9e:47:a4:27:36:44:d6:
                    26:bb:08:d3:6d:dd:ee:71:4d:2c:2f:ab:57:dc:74:
                    6f:e8:0b:2c:a4:a5:66:00:68:5a:fa:26:7e:53:d6:
                    d1:59:01:7b:a1:14:5c:c7:10:ab:4a:0d:7f:3e:61:
                    e3:8c:d1:99:d5:52:14:1a:e1:f5:9a:36:22:da:b5:
                    5e:97:98:39:73:a9:c9:80:13:5a:2a:f4:0f:9f:0f:
                    8f:01:d0:93:f5:50:5c:b7:8a:7a:a5:45:ac:1c:2e:
                    22:3c:4f:f4:0b:09:31:14:37:b8:b3:f6:4d:d4:a0:
                    6f:4f:dc:17:55:ac:c4:61:83:62:01:7b:df:b8:f7:
                    8e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:68:A9:95:13:15:ED:3E:46:EE:C8:4B:4C:2E:ED:9C:E8:57:1C:8F
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:92:78:3c:89:b1:7a:bd:76:2e:bf:ef:fd:58:d5:a1:36:93:
         ba:fa:3e:db:37:f9:25:be:0e:80:31:cd:91:82:e1:6b:20:70:
         7e:17:03:46:5d:d1:b3:a6:09:5e:fa:35:8f:d5:dc:f2:2e:01:
         9a:71:da:4c:ab:e8:02:da:d5:c0:ae:4a:bb:0e:65:b9:4e:d7:
         53:4b:67:4b:76:b4:1e:f4:24:ce:bb:80:6e:5d:f2:e7:6b:e8:
         2a:8b:f6:ba:6c:1a:ad:d1:4a:ae:c5:2f:3e:b6:ae:42:99:8b:
         2c:ea:0f:31:2e:d1:5c:e0:45:1c:94:09:b6:58:0e:a6:35:e8:
         c5:b8:3e:2c:22:86:63:67:21:70:2b:42:8f:7a:0d:4a:bb:6f:
         ff:73:c2:c8:65:4a:e3:16:b0:22:8f:f2:c9:c4:2a:f9:2c:d7:
         b6:dd:7c:24:ef:93:21:7a:3a:8a:cc:78:50:34:ec:9f:7c:21:
         c8:06:1e:3d:9a:a1:05:58:17:12:68:fc:3a:f9:82:ae:0c:34:
         ce:23:a3:27:a5:16:7c:1e:89:95:e3:3c:56:cf:f8:77:f6:6a:
         86:f0:db:74:f2:42:e8:c9:f2:04:81:9c:69:c1:44:0f:53:e2:
         81:35:26:61:6f:23:1b:b4:32:b6:91:78:2e:c3:f9:0b:e4:87:
         a4:5f:4b:79
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUVyodhseIxGLmpN3pqhYhQ0oJjjswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA1MDIwNDMxMzdaFw0yNzA1MDEwNDM2MzdaMDMxMTAvBgNV
BAMTKDQ0NjhBOTk1MTMxNUVEM0U0NkVFQzg0QjRDMkVFRDlDRTg1NzFDOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH3A6UDUheMvegEUZeCSUgdxkT
JUaV/xD4lgUm4686J2ZaWOFj/I/cX2rQnMH3S/M2yvLRTp2+Fx2kXCIKP5zFFdnZ
P+Gzp5GCpA7ehna6i/ZHtiSQyTkZ2vwWA87Csfpzr1wOax2M7bCjlfOvRndJRCk+
gxsZv3Ag6b/q6tsGnkekJzZE1ia7CNNt3e5xTSwvq1fcdG/oCyykpWYAaFr6Jn5T
1tFZAXuhFFzHEKtKDX8+YeOM0ZnVUhQa4fWaNiLatV6XmDlzqcmAE1oq9A+fD48B
0JP1UFy3inqlRawcLiI8T/QLCTEUN7iz9k3UoG9P3BdVrMRhg2IBe9+4946XAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQURGiplRMV7T5G7shLTC7tnOhXHI8wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzMDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQXHCjANBgkq
hkiG9w0BAQsFAAOCAQEAt5J4PImxer12Lr/v/VjVoTaTuvo+2zf5Jb4OgDHNkYLh
ayBwfhcDRl3Rs6YJXvo1j9Xc8i4BmnHaTKvoAtrVwK5Kuw5luU7XU0tnS3a0HvQk
zruAbl3y52voKov2umwardFKrsUvPrauQpmLLOoPMS7RXOBFHJQJtlgOpjXoxbg+
LCKGY2chcCtCj3oNSrtv/3PCyGVK4xawIo/yycQq+SzXtt18JO+TIXo6isx4UDTs
n3whyAYePZqhBVgXEmj8OvmCrgw0ziOjJ6UWfB6JleM8Vs/4d/ZqhvDbdPJC6Mny
BIGcacFED1PigTUmYW8jG7QytpF4LsP5C+SHpF9LeQ==
-----END CERTIFICATE-----