Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31362e302f32342d3234203d3e20383334.roa
File:                     352e3139392e31362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +5xMbOllqXUllIDqp2cYPbh03Vh4/Aj2xfZHHyFoFaE=
Subject key identifier:   14:93:A4:2F:AB:CD:B3:38:C8:25:5C:31:F5:4E:75:F4:68:7B:DD:F2
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       5FD14CD73ACFA0B8CC77A00F652CCFB1A8F7C412
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31362e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Apr 2026 03:00:52 +0000
ROA not before:           Sat 25 Apr 2026 02:55:52 +0000
ROA not after:            Sat 24 Apr 2027 03:00:52 +0000
asID:                     834
IP address blocks:        5.199.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:d1:4c:d7:3a:cf:a0:b8:cc:77:a0:0f:65:2c:cf:b1:a8:f7:c4:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr 25 02:55:52 2026 GMT
            Not After : Apr 24 03:00:52 2027 GMT
        Subject: CN=1493A42FABCDB338C8255C31F54E75F4687BDDF2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b4:d2:08:57:04:f1:0b:97:5c:88:09:22:d9:
                    49:10:39:35:00:e8:3e:c7:99:60:06:08:e4:19:6d:
                    23:18:99:3d:e8:c6:21:0b:ed:6a:0c:2e:90:48:de:
                    95:e7:e7:03:2b:0b:3e:12:97:5f:db:88:a1:86:66:
                    e2:a7:bb:91:e6:55:da:a9:42:1e:1e:21:58:4b:51:
                    57:58:d5:8f:e0:f5:31:05:37:9c:b2:02:72:e7:34:
                    a7:ba:0b:6d:0f:5a:d4:8e:8c:4b:47:a6:2e:b5:05:
                    6b:30:09:09:cb:bd:4e:25:e5:3f:02:ce:14:b8:52:
                    6e:28:cf:2b:a9:43:8b:29:5c:95:9d:cc:74:58:b1:
                    ac:a2:23:c6:ab:87:c8:3f:c9:48:83:98:e6:a6:e9:
                    9e:0e:b4:cb:a0:6b:bd:e6:44:3b:b9:af:1b:37:e5:
                    ec:b3:6d:ef:47:29:d1:8f:3f:65:f5:db:cf:80:c3:
                    30:97:58:52:98:23:e4:b4:4f:32:fd:6f:33:91:c9:
                    f1:d0:31:40:6e:9d:ba:70:c0:13:a4:ca:fd:d4:6a:
                    7d:9e:5a:a0:98:d1:e9:30:82:4d:ef:23:10:56:66:
                    b9:5b:5d:a3:87:ee:bb:a2:dd:58:79:cb:d8:78:36:
                    d4:a6:db:22:24:c8:83:64:0f:bc:42:90:80:8a:b1:
                    f7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:93:A4:2F:AB:CD:B3:38:C8:25:5C:31:F5:4E:75:F4:68:7B:DD:F2
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:8f:75:ac:bd:a2:62:42:1d:89:17:7e:cd:59:c0:b8:b6:36:
         6e:b0:28:19:1b:84:af:77:0d:d6:88:ed:aa:ab:a8:55:86:c0:
         a0:e9:0c:1e:c5:1a:28:86:b1:62:d0:bf:7f:2f:d5:c3:ef:2b:
         dc:82:07:78:4e:b4:a8:26:6c:06:49:c0:24:8d:58:7c:00:d3:
         40:a7:5a:33:52:95:c1:4e:a2:71:d4:47:2e:e3:cd:c1:73:58:
         4b:e1:3d:da:da:66:9c:66:6d:93:c6:1c:3a:5f:20:4a:32:7d:
         64:7e:a5:8d:8b:72:32:1b:5e:8b:d1:03:4c:08:40:da:25:81:
         01:e2:8a:bb:54:33:f7:08:47:e0:c0:9a:72:e8:1c:6a:6b:2b:
         55:cf:10:ad:ef:6e:85:8c:be:d0:4b:db:c6:00:21:56:c6:f4:
         59:26:b3:76:b2:e3:ca:41:e0:65:b3:a8:59:07:9f:b6:74:b4:
         29:3d:4b:03:89:71:0c:da:67:bb:45:e2:ed:f3:5c:e3:3f:dc:
         6d:6f:6b:13:37:29:a7:3b:35:9b:77:1c:fd:04:56:b6:93:5e:
         3c:fa:00:77:0d:d0:1c:6d:c6:f7:57:6b:8f:d2:57:2e:75:c0:
         d4:f2:4d:d3:62:54:a6:25:f6:36:2f:56:1c:89:67:0d:db:98:
         13:f3:9a:37
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUX9FM1zrPoLjMd6APZSzPsaj3xBIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MjUwMjU1NTJaFw0yNzA0MjQwMzAwNTJaMDMxMTAvBgNV
BAMTKDE0OTNBNDJGQUJDREIzMzhDODI1NUMzMUY1NEU3NUY0Njg3QkRERjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdtNIIVwTxC5dciAki2UkQOTUA
6D7HmWAGCOQZbSMYmT3oxiEL7WoMLpBI3pXn5wMrCz4Sl1/biKGGZuKnu5HmVdqp
Qh4eIVhLUVdY1Y/g9TEFN5yyAnLnNKe6C20PWtSOjEtHpi61BWswCQnLvU4l5T8C
zhS4Um4ozyupQ4spXJWdzHRYsayiI8arh8g/yUiDmOam6Z4OtMuga73mRDu5rxs3
5eyzbe9HKdGPP2X128+AwzCXWFKYI+S0TzL9bzORyfHQMUBunbpwwBOkyv3Uan2e
WqCY0ekwgk3vIxBWZrlbXaOH7rui3Vh5y9h4NtSm2yIkyINkD7xCkICKsffDAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUFJOkL6vNszjIJVwx9U519Gh73fIwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXHEDANBgkq
hkiG9w0BAQsFAAOCAQEAQo91rL2iYkIdiRd+zVnAuLY2brAoGRuEr3cN1ojtqquo
VYbAoOkMHsUaKIaxYtC/fy/Vw+8r3IIHeE60qCZsBknAJI1YfADTQKdaM1KVwU6i
cdRHLuPNwXNYS+E92tpmnGZtk8YcOl8gSjJ9ZH6ljYtyMhtei9EDTAhA2iWBAeKK
u1Qz9whH4MCacugcamsrVc8Qre9uhYy+0EvbxgAhVsb0WSazdrLjykHgZbOoWQef
tnS0KT1LA4lxDNpnu0Xi7fNc4z/cbW9rEzcppzs1m3cc/QRWtpNePPoAdw3QHG3G
91drj9JXLnXA1PJN02JUpiX2Ni9WHIlnDduYE/OaNw==
-----END CERTIFICATE-----