Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32332d3234203d3e20383334.roa
File:                     352e3139392e322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          WOh/QUU6NBdFvv4UEmI27tigyXkAEV2QxBMV8j7iMRo=
Subject key identifier:   97:4E:18:13:6B:8D:DE:62:EF:56:95:18:F8:BA:6F:EF:47:C0:D9:BE
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       459179A9D5E896C6AAE3CF9DDE548D6AFA1483E3
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32332d3234203d3e20383334.roa
Signing time:             Wed 25 Mar 2026 11:49:16 +0000
ROA not before:           Wed 25 Mar 2026 11:44:16 +0000
ROA not after:            Wed 24 Mar 2027 11:49:16 +0000
asID:                     834
IP address blocks:        5.199.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:22:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:91:79:a9:d5:e8:96:c6:aa:e3:cf:9d:de:54:8d:6a:fa:14:83:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 25 11:44:16 2026 GMT
            Not After : Mar 24 11:49:16 2027 GMT
        Subject: CN=974E18136B8DDE62EF569518F8BA6FEF47C0D9BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b4:3e:5d:99:fb:83:1f:32:a5:ed:f5:84:19:
                    43:1c:42:b3:40:ff:72:bc:15:e3:30:f1:d5:a8:a2:
                    6b:23:25:7e:68:1b:a4:b2:2b:ae:51:89:de:a4:18:
                    21:98:96:6b:21:86:0c:34:fe:c3:35:a6:78:28:a5:
                    6c:fb:96:4c:7b:8e:9c:8f:ef:34:42:17:c7:c8:df:
                    bd:3b:e8:aa:5a:dd:21:c3:94:d3:cb:91:06:5d:a4:
                    b5:02:09:59:7d:3e:d4:41:e6:f2:a2:ef:93:98:dc:
                    7d:33:5a:40:4f:76:59:34:32:95:43:34:6c:ca:84:
                    ce:3b:c8:05:39:0e:ec:e2:bb:46:41:f1:d5:e9:6e:
                    9c:d1:6e:95:02:53:47:9b:6f:f8:84:d5:66:c8:29:
                    57:01:4f:6f:0a:80:69:d5:fb:8e:ee:37:ff:69:d1:
                    bc:33:cf:d3:66:4d:5f:b4:f9:0d:4b:3f:f1:cd:be:
                    84:fb:b4:71:78:80:3d:f8:7b:f9:b4:53:ea:12:9e:
                    6d:af:ef:c8:f9:dc:40:e8:2b:09:fe:f6:9d:de:9a:
                    86:15:4e:3c:cc:ae:02:8f:21:62:75:d6:d8:29:8b:
                    45:06:b6:7f:b2:d7:42:b0:eb:b3:5c:35:cd:a3:c1:
                    99:eb:6e:9c:3d:e2:fb:bd:40:47:6d:49:95:77:f5:
                    e3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:4E:18:13:6B:8D:DE:62:EF:56:95:18:F8:BA:6F:EF:47:C0:D9:BE
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:4c:ca:44:c8:73:e2:91:a5:b2:a0:c9:ad:8e:7e:1d:fd:24:
         8b:fe:ed:64:20:0b:c9:66:21:4a:23:7a:06:4d:61:b4:22:97:
         17:28:74:72:b4:67:9d:d0:d6:f5:de:00:0e:5f:d5:17:60:dc:
         91:fb:45:b3:88:ae:2c:d8:ec:9e:46:a4:01:00:0a:3a:02:65:
         05:bd:08:28:de:c1:70:d0:ed:54:8d:32:6c:79:92:c3:29:92:
         d0:b1:72:ac:45:f0:ed:75:3a:5e:8d:d2:98:1c:31:b6:fa:22:
         65:3c:1e:e4:1f:df:0b:ed:55:70:d9:ad:bc:f9:5e:3b:93:07:
         6e:a7:ef:5b:c8:c9:47:13:0b:fa:3c:7d:f0:8d:b0:58:ff:af:
         a2:5f:41:b1:73:8e:fe:8b:a0:b6:f0:a6:07:f1:55:87:56:c3:
         2c:f7:a2:9c:1c:b7:f2:d2:c9:14:52:6c:df:93:da:d9:45:18:
         f7:16:24:dd:17:27:8f:f8:03:3d:36:85:00:e0:e5:14:de:e7:
         83:d2:da:6e:e4:30:49:7c:9a:d3:ff:85:65:ca:2a:7d:96:f5:
         3f:d5:b3:4f:15:99:7d:f6:a0:f5:51:f8:65:a0:54:1a:c6:f7:
         3b:ca:a7:55:50:36:f0:a2:7e:a3:f3:cc:4e:12:4f:62:33:d6:
         c4:df:9c:98
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIURZF5qdXolsaq48+d3lSNavoUg+MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMjUxMTQ0MTZaFw0yNzAzMjQxMTQ5MTZaMDMxMTAvBgNV
BAMTKDk3NEUxODEzNkI4RERFNjJFRjU2OTUxOEY4QkE2RkVGNDdDMEQ5QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCutD5dmfuDHzKl7fWEGUMcQrNA
/3K8FeMw8dWoomsjJX5oG6SyK65Rid6kGCGYlmshhgw0/sM1pngopWz7lkx7jpyP
7zRCF8fI37076Kpa3SHDlNPLkQZdpLUCCVl9PtRB5vKi75OY3H0zWkBPdlk0MpVD
NGzKhM47yAU5Duziu0ZB8dXpbpzRbpUCU0ebb/iE1WbIKVcBT28KgGnV+47uN/9p
0bwzz9NmTV+0+Q1LP/HNvoT7tHF4gD34e/m0U+oSnm2v78j53EDoKwn+9p3emoYV
TjzMrgKPIWJ11tgpi0UGtn+y10Kw67NcNc2jwZnrbpw94vu9QEdtSZV39ePBAgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUl04YE2uN3mLvVpUY+Lpv70fA2b4wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzIyZTMw
MmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEFxwIwDQYJKoZI
hvcNAQELBQADggEBACxMykTIc+KRpbKgya2Ofh39JIv+7WQgC8lmIUojegZNYbQi
lxcodHK0Z53Q1vXeAA5f1Rdg3JH7RbOIrizY7J5GpAEACjoCZQW9CCjewXDQ7VSN
Mmx5ksMpktCxcqxF8O11Ol6N0pgcMbb6ImU8HuQf3wvtVXDZrbz5XjuTB26n71vI
yUcTC/o8ffCNsFj/r6JfQbFzjv6LoLbwpgfxVYdWwyz3opwct/LSyRRSbN+T2tlF
GPcWJN0XJ4/4Az02hQDg5RTe54PS2m7kMEl8mtP/hWXKKn2W9T/Vs08VmX32oPVR
+GWgVBrG9zvKp1VQNvCifqPzzE4ST2Iz1sTfnJg=
-----END CERTIFICATE-----