Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32342d3234203d3e20323134363633.roa
File:                     352e3139392e322e302f32342d3234203d3e20323134363633.roa (raw, json)
Hash identifier:          BlV4dzwTLgPk6Zty0G3NIjefrDjjib7SHfink/KS7C0=
Subject key identifier:   A9:95:4A:F7:D2:1C:78:2A:D5:CF:6A:5D:CC:7E:5A:0C:C3:1A:F0:D6
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       45A27D463753A0F2E5EA1AB207D7CB42B318F92D
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32342d3234203d3e20323134363633.roa
Signing time:             Mon 04 May 2026 19:47:45 +0000
ROA not before:           Mon 04 May 2026 19:42:45 +0000
ROA not after:            Mon 03 May 2027 19:47:45 +0000
asID:                     214663
IP address blocks:        5.199.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a2:7d:46:37:53:a0:f2:e5:ea:1a:b2:07:d7:cb:42:b3:18:f9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: May  4 19:42:45 2026 GMT
            Not After : May  3 19:47:45 2027 GMT
        Subject: CN=A9954AF7D21C782AD5CF6A5DCC7E5A0CC31AF0D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ba:01:75:b6:51:a3:b2:14:79:0f:77:b1:05:
                    c2:b3:6e:9c:6c:7f:5a:65:e7:71:b4:2b:92:33:32:
                    fb:3a:5c:7f:22:fb:81:d3:db:34:a5:52:17:40:e5:
                    e3:13:34:e2:e2:96:87:87:09:97:1a:15:aa:fa:4c:
                    7d:04:b3:28:60:58:af:de:83:7f:3f:dd:52:18:9f:
                    e1:43:36:e9:9d:7d:f3:f5:c3:7c:bb:53:0f:f6:c0:
                    1e:bf:fb:60:f2:da:8e:55:25:4d:bc:2b:d1:66:e1:
                    3f:72:b4:42:eb:22:8e:e6:88:ae:f4:d2:6a:1a:6e:
                    ad:ec:5a:60:4d:17:8c:8d:4e:b2:f7:3e:32:24:59:
                    f4:b3:f0:f4:5d:e5:cf:4c:e7:df:40:d9:23:3f:a9:
                    92:ef:79:d5:db:d6:14:bd:c9:da:3f:fe:bc:a5:f2:
                    87:2d:ab:c8:9a:ab:ba:a3:df:3e:a5:7d:c6:93:cf:
                    3a:19:01:c5:7a:c7:b2:5e:33:0c:64:c1:b7:66:e3:
                    f5:03:3b:16:b1:f8:d1:7d:9f:ea:c7:5a:27:ad:18:
                    f0:ed:7a:f5:10:00:61:4d:c5:15:82:3a:e4:5b:8f:
                    24:e9:f9:06:d0:31:ba:cf:67:2a:67:f7:a9:f4:b9:
                    c3:20:c6:74:ff:8b:3c:9a:a6:57:39:ed:83:0f:f9:
                    d6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:95:4A:F7:D2:1C:78:2A:D5:CF:6A:5D:CC:7E:5A:0C:C3:1A:F0:D6
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32342d3234203d3e20323134363633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:97:01:c9:cd:04:02:c2:a5:16:78:6f:8e:a1:81:69:ce:17:
         61:a8:f1:aa:39:f7:de:99:4a:0e:54:59:9b:9a:ad:c5:b6:35:
         6a:91:d7:d0:be:2f:a7:3d:f5:be:09:58:2b:ff:86:ee:f3:cd:
         84:d8:08:98:b2:c8:37:d8:b9:49:a1:77:42:72:f7:2f:27:31:
         fb:7d:f9:da:f9:7e:8b:10:12:4e:a7:a5:20:29:77:ba:1b:b3:
         74:24:16:86:48:3a:5a:ff:6d:7d:ac:7c:6d:ce:3c:05:76:6d:
         ad:16:3d:f9:39:42:9e:75:88:ab:9f:b7:4d:07:be:79:02:b1:
         d2:88:3f:51:32:50:55:38:02:3c:0b:75:4f:16:4b:dc:b8:45:
         82:84:12:8a:bd:60:6c:50:21:f8:ca:b2:1e:5e:d0:b1:14:6d:
         6f:f8:e2:e3:bd:73:73:e6:1d:e5:a3:30:c5:b9:2b:39:5f:15:
         23:13:68:84:f9:e7:ac:64:3e:b4:0c:cf:4b:72:08:02:9a:e6:
         d3:4f:f8:76:32:48:53:d6:14:18:4b:21:13:03:db:36:42:ba:
         e4:4c:27:98:f5:d3:76:c0:98:b0:a8:aa:df:02:b2:0b:b6:39:
         18:e5:cf:4f:83:37:19:ff:da:e8:07:23:c7:ab:5d:c6:94:93:
         2a:cc:c0:9b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURaJ9RjdToPLl6hqyB9fLQrMY+S0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA1MDQxOTQyNDVaFw0yNzA1MDMxOTQ3NDVaMDMxMTAvBgNV
BAMTKEE5OTU0QUY3RDIxQzc4MkFENUNGNkE1RENDN0U1QTBDQzMxQUYwRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtugF1tlGjshR5D3exBcKzbpxs
f1pl53G0K5IzMvs6XH8i+4HT2zSlUhdA5eMTNOLiloeHCZcaFar6TH0EsyhgWK/e
g38/3VIYn+FDNumdffP1w3y7Uw/2wB6/+2Dy2o5VJU28K9Fm4T9ytELrIo7miK70
0moabq3sWmBNF4yNTrL3PjIkWfSz8PRd5c9M599A2SM/qZLvedXb1hS9ydo//ryl
8octq8iaq7qj3z6lfcaTzzoZAcV6x7JeMwxkwbdm4/UDOxax+NF9n+rHWietGPDt
evUQAGFNxRWCOuRbjyTp+QbQMbrPZypn96n0ucMgxnT/izyaplc57YMP+dZDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqZVK99IceCrVz2pdzH5aDMMa8NYwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzQzNjM2MzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFxwIw
DQYJKoZIhvcNAQELBQADggEBAAWXAcnNBALCpRZ4b46hgWnOF2Go8ao5996ZSg5U
WZuarcW2NWqR19C+L6c99b4JWCv/hu7zzYTYCJiyyDfYuUmhd0Jy9y8nMft9+dr5
fosQEk6npSApd7obs3QkFoZIOlr/bX2sfG3OPAV2ba0WPfk5Qp51iKuft00HvnkC
sdKIP1EyUFU4AjwLdU8WS9y4RYKEEoq9YGxQIfjKsh5e0LEUbW/44uO9c3PmHeWj
MMW5KzlfFSMTaIT556xkPrQMz0tyCAKa5tNP+HYySFPWFBhLIRMD2zZCuuRMJ5j1
03bAmLCoqt8Csgu2ORjlz0+DNxn/2ugHI8erXcaUkyrMwJs=
-----END CERTIFICATE-----