Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33372e302f32342d3234203d3e20383334.roa
File:                     352e3139392e33372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          brAqhL3y4YfMjlkiq82AN8Y44KzvazJf7w+Lg50h5cM=
Subject key identifier:   07:CB:8E:05:26:B9:F9:8E:AD:E4:47:F4:7D:3A:14:07:22:9A:7D:BA
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       3660AACCD605ADFD5583D7F98644B292A79EF3E0
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 07 Mar 2026 19:29:57 +0000
ROA not before:           Sat 07 Mar 2026 19:24:57 +0000
ROA not after:            Sat 06 Mar 2027 19:29:57 +0000
asID:                     834
IP address blocks:        5.199.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:25:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:60:aa:cc:d6:05:ad:fd:55:83:d7:f9:86:44:b2:92:a7:9e:f3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar  7 19:24:57 2026 GMT
            Not After : Mar  6 19:29:57 2027 GMT
        Subject: CN=07CB8E0526B9F98EADE447F47D3A1407229A7DBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7d:5f:c2:69:30:31:e2:58:4f:ec:66:85:66:
                    fe:c7:cc:fa:ab:3b:2d:dd:22:f1:f1:f5:d0:a8:fe:
                    37:9f:12:bc:22:35:1a:31:7f:56:51:8c:8e:f3:b6:
                    bf:94:6b:a3:11:16:0a:ae:36:df:30:ff:0e:2f:41:
                    15:f2:a9:25:8d:df:cf:3a:51:f8:c4:06:b7:d4:58:
                    ef:8f:9f:43:e0:d9:31:41:40:e0:98:85:be:5d:9e:
                    6c:f4:a9:0e:ec:ef:12:b6:6f:18:ba:eb:fd:e7:c6:
                    62:e5:89:ed:f0:22:aa:7f:d2:72:7a:2d:d7:41:37:
                    e5:75:c5:13:50:7e:40:a0:12:ca:8f:fc:cd:ad:3f:
                    7c:91:ea:59:b8:c5:84:b8:30:5f:89:ba:01:01:54:
                    b1:39:69:e2:cf:f0:8c:b2:96:d5:44:40:b3:21:b2:
                    c6:ae:82:53:79:5e:cc:e0:1d:2a:7f:31:34:30:0e:
                    ba:be:e8:8e:4e:a2:16:c0:5b:dd:88:0e:33:7c:2b:
                    69:27:85:e9:b6:0e:cd:c0:3d:9b:fb:2b:7c:fc:b5:
                    8e:db:bb:1c:dc:d1:d8:4a:21:6e:9f:7b:20:72:96:
                    18:bf:24:11:e0:6c:e1:e4:f9:6f:4d:2f:12:46:ec:
                    35:8f:e5:43:33:55:4f:d8:8d:cd:5a:6d:83:a3:07:
                    24:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:CB:8E:05:26:B9:F9:8E:AD:E4:47:F4:7D:3A:14:07:22:9A:7D:BA
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:58:f2:8d:8d:10:15:e6:a8:5c:2b:52:9b:bf:79:fd:31:af:
         d4:bc:36:19:d6:8b:3e:58:5f:27:3c:64:c0:4d:2b:35:71:a6:
         d1:39:c1:4c:a6:dd:95:09:9e:6b:b1:e5:3f:46:fa:fe:21:e2:
         4f:c0:5c:aa:f6:c3:f9:98:f5:a4:8c:ad:bc:a3:07:d3:48:44:
         fa:92:6b:21:90:46:25:45:65:e5:8a:0a:cd:37:0f:ec:37:a9:
         0f:e0:b6:3d:76:89:0f:ee:c7:ca:40:2e:06:38:5f:5c:f6:e8:
         c8:18:80:e5:b5:a7:66:1b:eb:de:61:b4:d9:e1:4a:1d:3e:f8:
         f8:7d:b8:c3:b8:39:50:04:e8:2f:fb:40:10:f2:b9:3e:6a:56:
         f4:a0:b7:a3:07:b9:f1:b1:26:ca:30:35:b7:1a:34:29:21:f3:
         8c:b7:6b:3b:dd:ac:ee:56:90:90:60:70:6c:24:94:a9:c7:ed:
         58:cf:00:1f:5f:bd:d6:ab:75:9e:14:5f:f7:ae:b6:2a:d5:25:
         58:b2:45:c0:30:e6:73:19:bd:0f:7f:f6:1b:1e:d2:48:df:46:
         1f:e3:b1:7a:80:47:d2:36:f6:1f:f4:76:26:e4:5a:c7:e8:ed:
         b8:9a:09:68:7c:0f:dc:9b:3e:67:6d:65:0e:e2:93:a4:6b:35:
         d6:e0:b2:4e
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUNmCqzNYFrf1Vg9f5hkSykqee8+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMDcxOTI0NTdaFw0yNzAzMDYxOTI5NTdaMDMxMTAvBgNV
BAMTKDA3Q0I4RTA1MjZCOUY5OEVBREU0NDdGNDdEM0ExNDA3MjI5QTdEQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCffV/CaTAx4lhP7GaFZv7HzPqr
Oy3dIvHx9dCo/jefErwiNRoxf1ZRjI7ztr+Ua6MRFgquNt8w/w4vQRXyqSWN3886
UfjEBrfUWO+Pn0Pg2TFBQOCYhb5dnmz0qQ7s7xK2bxi66/3nxmLlie3wIqp/0nJ6
LddBN+V1xRNQfkCgEsqP/M2tP3yR6lm4xYS4MF+JugEBVLE5aeLP8IyyltVEQLMh
ssauglN5XszgHSp/MTQwDrq+6I5OohbAW92IDjN8K2knhem2Ds3APZv7K3z8tY7b
uxzc0dhKIW6feyBylhi/JBHgbOHk+W9NLxJG7DWP5UMzVU/Yjc1abYOjByRvAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUB8uOBSa5+Y6t5Ef0fToUByKafbowHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzMzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXHJTANBgkq
hkiG9w0BAQsFAAOCAQEA1ljyjY0QFeaoXCtSm795/TGv1Lw2GdaLPlhfJzxkwE0r
NXGm0TnBTKbdlQmea7HlP0b6/iHiT8BcqvbD+Zj1pIytvKMH00hE+pJrIZBGJUVl
5YoKzTcP7DepD+C2PXaJD+7HykAuBjhfXPboyBiA5bWnZhvr3mG02eFKHT74+H24
w7g5UAToL/tAEPK5PmpW9KC3owe58bEmyjA1txo0KSHzjLdrO92s7laQkGBwbCSU
qcftWM8AH1+91qt1nhRf9662KtUlWLJFwDDmcxm9D3/2Gx7SSN9GH+OxeoBH0jb2
H/R2JuRax+jtuJoJaHwP3Js+Z21lDuKTpGs11uCyTg==
-----END CERTIFICATE-----