Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e382e302f32342d3234203d3e20383334.roa
File:                     352e3139392e382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          W4lorKFbdgXwkJ/GwpZ4l9kYz58Qzmk5EKPl/+90z+g=
Subject key identifier:   0C:5F:D3:D9:B5:CA:5A:36:25:11:DA:D9:6D:2A:A8:7F:E3:A7:63:35
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       76A03072BA69E62FAF27629F6ED7320505202301
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e382e302f32342d3234203d3e20383334.roa
Signing time:             Sat 21 Mar 2026 20:06:26 +0000
ROA not before:           Sat 21 Mar 2026 20:01:26 +0000
ROA not after:            Sat 20 Mar 2027 20:06:26 +0000
asID:                     834
IP address blocks:        5.199.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:25:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:a0:30:72:ba:69:e6:2f:af:27:62:9f:6e:d7:32:05:05:20:23:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 21 20:01:26 2026 GMT
            Not After : Mar 20 20:06:26 2027 GMT
        Subject: CN=0C5FD3D9B5CA5A362511DAD96D2AA87FE3A76335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:21:6d:9c:99:bf:4d:c4:57:01:04:f0:a3:e3:
                    17:a6:20:09:32:5a:7d:4c:6f:1b:e2:cf:bf:7a:8f:
                    f4:1e:a7:2f:4c:cb:ae:62:f3:d7:7a:22:af:45:40:
                    19:f1:79:09:0c:59:f9:73:7b:8a:a7:5d:85:0c:ab:
                    a4:9b:d0:f8:51:9e:00:76:6f:d2:c3:9a:0c:64:30:
                    53:51:30:eb:29:57:a3:e6:de:00:8f:ad:41:06:c1:
                    e5:b9:f7:d0:1e:71:71:0e:09:8a:67:a0:64:2c:90:
                    a1:ff:6b:53:49:ee:6e:80:cb:72:7e:36:59:fa:de:
                    fc:ff:58:3a:8d:7f:1f:00:7e:d7:ca:7b:d2:46:4d:
                    ba:5a:d3:73:cb:3e:22:52:d2:9d:72:50:17:9d:d8:
                    fc:45:1b:8f:db:6a:d4:e1:f5:d9:eb:4d:03:9f:c9:
                    2d:43:38:9f:9a:0f:0d:dd:7b:11:a0:d7:e7:9f:fd:
                    ef:d0:c9:7f:ac:74:93:c9:ee:9d:20:a3:dd:fd:d0:
                    87:a2:de:74:30:8f:bf:65:50:cf:aa:d2:54:82:f9:
                    ec:a1:c4:b2:c1:38:6b:f2:e0:a4:9c:9a:9f:c9:18:
                    49:d8:4d:44:98:39:cc:8f:1b:ca:33:c5:dd:4d:40:
                    ea:32:b5:f4:f9:22:76:97:8f:e9:a2:5e:18:f5:a0:
                    52:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:5F:D3:D9:B5:CA:5A:36:25:11:DA:D9:6D:2A:A8:7F:E3:A7:63:35
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:b5:c5:47:51:dc:77:f1:1b:c8:fd:80:bb:fc:bc:35:7b:3c:
         be:c0:2f:6e:b8:22:5e:82:79:86:c8:d8:ee:a6:76:f7:88:fc:
         d4:49:51:54:ca:7c:8e:ef:d3:67:ff:6f:dd:a5:bc:ba:da:7c:
         a7:3b:b9:ae:e6:c5:70:d8:19:79:c1:3b:6c:1c:c4:5b:e2:ea:
         09:d8:18:a7:35:b2:c0:03:f5:b1:da:00:c2:f0:aa:d5:00:a4:
         1f:e3:0e:82:97:a0:a8:63:a2:1e:09:4d:a6:95:64:dc:d2:f6:
         3b:71:57:55:dc:d0:ff:ed:17:8b:82:43:55:09:9b:7b:78:fc:
         93:8d:1e:74:7a:59:6b:04:94:b3:38:48:b6:2a:e8:79:7a:0f:
         12:e7:66:82:11:4a:0b:e5:a8:c0:50:a4:2d:b9:dd:7e:4d:47:
         eb:b8:01:bf:7a:ba:86:b6:7b:46:9f:96:41:c0:61:06:a2:5a:
         de:52:89:f3:cc:c9:b1:68:c8:56:33:94:90:da:d5:62:c0:28:
         cb:2a:80:ab:79:f3:f6:85:a1:1c:60:22:bb:d0:67:b5:50:be:
         a4:45:41:5f:be:8a:31:5d:46:90:c1:48:d0:65:40:8c:f9:12:
         f5:ee:fe:94:a6:76:ee:d3:c5:e4:dc:84:9c:99:4a:65:99:51:
         ce:68:7f:59
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUdqAwcrpp5i+vJ2KfbtcyBQUgIwEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMjEyMDAxMjZaFw0yNzAzMjAyMDA2MjZaMDMxMTAvBgNV
BAMTKDBDNUZEM0Q5QjVDQTVBMzYyNTExREFEOTZEMkFBODdGRTNBNzYzMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCIW2cmb9NxFcBBPCj4xemIAky
Wn1Mbxviz796j/Qepy9My65i89d6Iq9FQBnxeQkMWflze4qnXYUMq6Sb0PhRngB2
b9LDmgxkMFNRMOspV6Pm3gCPrUEGweW599AecXEOCYpnoGQskKH/a1NJ7m6Ay3J+
Nln63vz/WDqNfx8AftfKe9JGTbpa03PLPiJS0p1yUBed2PxFG4/batTh9dnrTQOf
yS1DOJ+aDw3dexGg1+ef/e/QyX+sdJPJ7p0go9390Iei3nQwj79lUM+q0lSC+eyh
xLLBOGvy4KScmp/JGEnYTUSYOcyPG8ozxd1NQOoytfT5InaXj+miXhj1oFI3AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUDF/T2bXKWjYlEdrZbSqof+OnYzUwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzgyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFxwgwDQYJKoZI
hvcNAQELBQADggEBAMi1xUdR3HfxG8j9gLv8vDV7PL7AL264Il6CeYbI2O6mdveI
/NRJUVTKfI7v02f/b92lvLrafKc7ua7mxXDYGXnBO2wcxFvi6gnYGKc1ssAD9bHa
AMLwqtUApB/jDoKXoKhjoh4JTaaVZNzS9jtxV1Xc0P/tF4uCQ1UJm3t4/JONHnR6
WWsElLM4SLYq6Hl6DxLnZoIRSgvlqMBQpC253X5NR+u4Ab96uoa2e0aflkHAYQai
Wt5SifPMybFoyFYzlJDa1WLAKMsqgKt58/aFoRxgIrvQZ7VQvqRFQV++ijFdRpDB
SNBlQIz5EvXu/pSmdu7TxeTchJyZSmWZUc5of1k=
-----END CERTIFICATE-----