Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33382e302f32332d3234203d3e20383334.roa
File:                     352e3139392e33382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          ZH4WS75AGubgbHqydo0PW7PP8NIoV/8OMg/AC1kJ+RE=
Subject key identifier:   56:86:28:EA:05:F7:80:8E:45:FB:66:89:82:A1:5F:AC:09:33:BD:84
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       761E4F71772FEACFA4AE0C6329B0DFC25FFCC6B1
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33382e302f32332d3234203d3e20383334.roa
Signing time:             Sat 14 Mar 2026 10:14:20 +0000
ROA not before:           Sat 14 Mar 2026 10:09:20 +0000
ROA not after:            Sat 13 Mar 2027 10:14:20 +0000
asID:                     834
IP address blocks:        5.199.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:25:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1e:4f:71:77:2f:ea:cf:a4:ae:0c:63:29:b0:df:c2:5f:fc:c6:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 14 10:09:20 2026 GMT
            Not After : Mar 13 10:14:20 2027 GMT
        Subject: CN=568628EA05F7808E45FB668982A15FAC0933BD84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:af:94:39:52:b6:42:d1:58:e1:f3:5b:22:12:
                    0b:86:7e:10:24:26:44:d8:56:a2:67:6f:f7:70:ca:
                    4c:0e:e4:65:68:51:65:be:f3:4c:b2:b2:4f:45:48:
                    45:f2:53:bb:ea:54:ec:c9:e0:66:91:f1:29:72:64:
                    8d:64:32:16:94:16:a7:3b:43:30:12:b9:ba:df:b7:
                    21:46:1d:3d:3a:ea:f5:0c:44:ee:4b:71:05:bb:eb:
                    5d:ad:fc:fb:41:12:40:1a:65:96:56:25:3b:5c:9a:
                    ba:73:88:a0:3a:36:a9:27:0b:7c:de:9e:24:10:f7:
                    2a:4e:b9:f2:97:98:cd:6a:3f:61:96:e7:50:c0:43:
                    51:f7:5e:f3:7d:6b:e8:ac:7d:5e:d8:ad:91:28:3e:
                    fe:23:92:65:b6:d6:9a:e9:d2:f9:6a:23:71:76:c3:
                    08:6c:ef:f0:04:95:e4:3e:c7:5c:ee:2e:19:d2:f2:
                    af:62:09:47:5f:e6:ef:bd:f1:88:ed:23:16:90:03:
                    df:fa:a7:08:b6:d6:8d:6c:4f:93:4a:61:b3:31:09:
                    be:72:c2:ad:4e:3a:b4:f7:9c:6a:aa:49:91:36:e8:
                    b9:49:1a:fe:22:c9:f1:1a:ea:fa:22:5d:d4:07:63:
                    0d:1a:29:2e:88:ae:e5:44:d1:49:aa:58:87:66:1d:
                    85:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:86:28:EA:05:F7:80:8E:45:FB:66:89:82:A1:5F:AC:09:33:BD:84
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:5c:df:bd:a1:01:5f:dd:67:ee:21:03:f8:46:61:f5:02:79:
         f7:25:83:50:bd:1a:9e:a3:a1:c7:7c:2b:60:25:22:08:2e:38:
         6d:c4:f2:f8:e1:b9:38:63:fe:c6:58:ed:41:93:2b:17:26:fa:
         d5:13:88:e6:a8:3f:4f:0d:5a:d1:c0:bb:06:34:00:a5:fd:11:
         ef:6e:c3:44:61:c9:df:d8:e5:ab:33:81:79:3c:e6:44:31:6a:
         59:ac:fc:e2:00:18:13:e2:7d:2e:8e:04:20:91:6e:02:45:7f:
         33:3c:ad:ff:67:bf:84:40:30:e3:6f:bf:69:51:13:29:fc:f0:
         01:31:71:cc:53:68:33:2c:20:13:b7:d2:45:c0:09:c8:29:26:
         3d:a6:e6:9e:28:44:50:74:06:59:b7:b6:66:77:62:57:87:f7:
         94:e8:92:4f:84:62:c6:77:f4:78:17:b4:48:3d:a5:19:6c:8a:
         fa:09:e5:61:50:1f:97:d4:5c:a7:df:e2:c0:85:f7:27:99:66:
         16:33:ff:8f:b5:54:8c:b4:e3:ce:cf:f3:57:8f:57:9b:e4:6d:
         c7:ac:fb:86:6e:bc:e5:96:17:cd:4e:47:25:2d:5e:05:91:cb:
         1b:f8:76:85:c7:a8:c0:a8:a2:78:8d:6e:0c:87:97:c6:cd:eb:
         ff:17:36:71
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUdh5PcXcv6s+krgxjKbDfwl/8xrEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMTQxMDA5MjBaFw0yNzAzMTMxMDE0MjBaMDMxMTAvBgNV
BAMTKDU2ODYyOEVBMDVGNzgwOEU0NUZCNjY4OTgyQTE1RkFDMDkzM0JEODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfr5Q5UrZC0Vjh81siEguGfhAk
JkTYVqJnb/dwykwO5GVoUWW+80yysk9FSEXyU7vqVOzJ4GaR8SlyZI1kMhaUFqc7
QzASubrftyFGHT066vUMRO5LcQW7612t/PtBEkAaZZZWJTtcmrpziKA6NqknC3ze
niQQ9ypOufKXmM1qP2GW51DAQ1H3XvN9a+isfV7YrZEoPv4jkmW21prp0vlqI3F2
wwhs7/AEleQ+x1zuLhnS8q9iCUdf5u+98YjtIxaQA9/6pwi21o1sT5NKYbMxCb5y
wq1OOrT3nGqqSZE26LlJGv4iyfEa6voiXdQHYw0aKS6IruVE0UmqWIdmHYWtAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUVoYo6gX3gI5F+2aJgqFfrAkzvYQwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzMzODJl
MzAyZjMyMzMyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAQXHJjANBgkq
hkiG9w0BAQsFAAOCAQEAclzfvaEBX91n7iED+EZh9QJ59yWDUL0anqOhx3wrYCUi
CC44bcTy+OG5OGP+xljtQZMrFyb61ROI5qg/Tw1a0cC7BjQApf0R727DRGHJ39jl
qzOBeTzmRDFqWaz84gAYE+J9Lo4EIJFuAkV/Mzyt/2e/hEAw42+/aVETKfzwATFx
zFNoMywgE7fSRcAJyCkmPabmnihEUHQGWbe2ZndiV4f3lOiST4Rixnf0eBe0SD2l
GWyK+gnlYVAfl9Rcp9/iwIX3J5lmFjP/j7VUjLTjzs/zV49Xm+Rtx6z7hm685ZYX
zU5HJS1eBZHLG/h2hceowKiieI1uDIeXxs3r/xc2cQ==
-----END CERTIFICATE-----