Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33302e302f32332d3234203d3e20383334.roa
File:                     352e3139392e33302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          p5mC0Ax+1bWHpa8WbvhlAC0MW+ukKKRUaeoA9/KqTqU=
Subject key identifier:   02:2D:0B:EB:46:13:0A:38:53:95:91:0E:04:5D:9F:96:01:ED:CB:4D
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       5B41BFB988201F90B991327CCDD00BF544AD8164
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33302e302f32332d3234203d3e20383334.roa
Signing time:             Fri 20 Mar 2026 06:26:25 +0000
ROA not before:           Fri 20 Mar 2026 06:21:25 +0000
ROA not after:            Fri 19 Mar 2027 06:26:25 +0000
asID:                     834
IP address blocks:        5.199.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:22:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:41:bf:b9:88:20:1f:90:b9:91:32:7c:cd:d0:0b:f5:44:ad:81:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 20 06:21:25 2026 GMT
            Not After : Mar 19 06:26:25 2027 GMT
        Subject: CN=022D0BEB46130A385395910E045D9F9601EDCB4D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0b:5f:c1:8f:4a:c5:59:7f:9e:94:09:e6:bb:
                    70:ca:44:33:08:b1:1d:30:27:b0:b3:5c:8b:4e:d8:
                    22:4a:50:39:50:a1:1b:5b:01:5c:56:2e:34:63:59:
                    ac:f7:5b:3a:89:76:36:c6:44:d9:ce:9c:f1:c5:ee:
                    c5:02:9d:00:57:a0:a2:e8:e3:90:7b:c2:00:7d:54:
                    eb:48:ed:a2:d4:36:b3:fb:a7:c7:c5:43:e9:ed:a1:
                    03:6b:e8:41:2e:a9:41:28:7a:0a:9b:04:05:4a:08:
                    3f:ca:70:8e:bf:36:59:96:f9:bb:9e:a9:d7:d6:03:
                    91:fb:42:80:e8:63:d7:c8:56:c5:2a:10:c1:89:ff:
                    6d:24:b8:ed:4c:47:7a:41:c0:a8:71:21:b3:54:b5:
                    d4:42:be:34:ba:01:cf:f5:57:10:64:f7:03:32:da:
                    9a:f9:2d:ed:3c:17:1c:00:d4:2c:63:bc:45:42:75:
                    2f:7f:d6:3f:ea:d3:61:87:76:25:e6:57:ae:a3:09:
                    dc:a6:b9:96:f1:cf:25:48:df:13:53:eb:69:48:29:
                    de:62:37:dd:45:ae:0c:0a:69:05:7a:49:18:e3:a6:
                    00:12:75:da:0e:18:65:c3:79:b6:59:df:71:2b:75:
                    d8:9a:1f:0d:ca:4d:f6:ca:7a:38:61:0e:6f:d6:16:
                    1d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:2D:0B:EB:46:13:0A:38:53:95:91:0E:04:5D:9F:96:01:ED:CB:4D
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:1c:6d:d2:25:5e:22:56:8e:9a:5e:b5:59:83:dc:6d:66:85:
         58:d3:12:ca:b6:9c:a9:82:8b:3a:0a:c2:f6:02:8f:7e:b9:ac:
         34:7c:38:df:e0:7d:7e:d2:7c:82:2a:a8:e5:3b:51:52:31:a5:
         f2:88:96:82:67:04:f2:81:71:85:ec:df:29:e3:9a:46:ab:1c:
         32:f1:22:ee:cf:4b:98:d9:33:ed:bf:3c:7f:46:8e:70:be:7d:
         23:a0:c3:78:89:0e:71:97:ed:1a:27:4c:a5:0b:5b:ef:0f:df:
         ac:72:14:1f:03:97:b1:e9:2f:78:9a:e6:1e:1a:26:ba:83:02:
         94:ab:b9:b9:50:73:a5:4d:4b:c2:91:33:6e:8d:e1:57:ac:c2:
         43:18:c6:ab:54:8d:60:29:9a:76:9d:02:dd:28:80:e0:da:ff:
         80:f2:0b:e0:43:99:4f:f7:dd:94:3e:ed:ac:fd:cc:e5:3e:8d:
         81:26:ec:21:ee:5f:92:4b:34:ab:54:22:12:4e:67:ef:12:1d:
         89:da:f7:0f:25:ee:6a:7d:5f:c5:b0:32:7b:0d:9f:db:b7:59:
         cb:bf:0f:32:28:f8:33:49:74:36:d8:2d:86:5b:fb:e6:de:43:
         2d:e2:3d:b8:4e:99:03:65:5e:7e:1b:06:47:db:ec:32:44:47:
         ee:33:d5:bb
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUW0G/uYggH5C5kTJ8zdAL9UStgWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMjAwNjIxMjVaFw0yNzAzMTkwNjI2MjVaMDMxMTAvBgNV
BAMTKDAyMkQwQkVCNDYxMzBBMzg1Mzk1OTEwRTA0NUQ5Rjk2MDFFRENCNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZC1/Bj0rFWX+elAnmu3DKRDMI
sR0wJ7CzXItO2CJKUDlQoRtbAVxWLjRjWaz3WzqJdjbGRNnOnPHF7sUCnQBXoKLo
45B7wgB9VOtI7aLUNrP7p8fFQ+ntoQNr6EEuqUEoegqbBAVKCD/KcI6/NlmW+bue
qdfWA5H7QoDoY9fIVsUqEMGJ/20kuO1MR3pBwKhxIbNUtdRCvjS6Ac/1VxBk9wMy
2pr5Le08FxwA1CxjvEVCdS9/1j/q02GHdiXmV66jCdymuZbxzyVI3xNT62lIKd5i
N91FrgwKaQV6SRjjpgASddoOGGXDebZZ33ErddiaHw3KTfbKejhhDm/WFh1nAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUAi0L60YTCjhTlZEOBF2flgHty00wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzMzMDJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQXHHjANBgkq
hkiG9w0BAQsFAAOCAQEAOhxt0iVeIlaOml61WYPcbWaFWNMSyracqYKLOgrC9gKP
frmsNHw43+B9ftJ8giqo5TtRUjGl8oiWgmcE8oFxhezfKeOaRqscMvEi7s9LmNkz
7b88f0aOcL59I6DDeIkOcZftGidMpQtb7w/frHIUHwOXsekveJrmHhomuoMClKu5
uVBzpU1LwpEzbo3hV6zCQxjGq1SNYCmadp0C3SiA4Nr/gPIL4EOZT/fdlD7trP3M
5T6NgSbsIe5fkks0q1QiEk5n7xIdidr3DyXuan1fxbAyew2f27dZy78PMij4M0l0
Ntgthlv75t5DLeI9uE6ZA2VefhsGR9vsMkRH7jPVuw==
-----END CERTIFICATE-----