Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e392e302f32342d3234203d3e20323032303731.roa
File:                     352e3139392e392e302f32342d3234203d3e20323032303731.roa (raw, json)
Hash identifier:          cATbUl4GIr4OPOwhWFZi04XydP5Y0xl39RnfUda9KDU=
Subject key identifier:   93:85:D7:6B:F2:95:6A:5D:D4:BA:7E:57:F9:7D:CA:EA:C6:08:88:B0
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       2DA673A2641271726E670C4F5C9B702EA18FB898
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e392e302f32342d3234203d3e20323032303731.roa
Signing time:             Sat 21 Mar 2026 20:03:57 +0000
ROA not before:           Sat 21 Mar 2026 19:58:57 +0000
ROA not after:            Sat 20 Mar 2027 20:03:57 +0000
asID:                     202071
IP address blocks:        5.199.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:22:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:a6:73:a2:64:12:71:72:6e:67:0c:4f:5c:9b:70:2e:a1:8f:b8:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 21 19:58:57 2026 GMT
            Not After : Mar 20 20:03:57 2027 GMT
        Subject: CN=9385D76BF2956A5DD4BA7E57F97DCAEAC60888B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b2:3c:7e:33:b8:12:c9:55:2a:4b:44:78:27:
                    4b:f2:1a:83:b5:4d:2c:b2:00:ac:30:8b:0e:93:9b:
                    2e:15:37:25:2d:75:ef:7c:49:2e:34:48:07:35:01:
                    59:d6:ba:c3:ed:e6:df:dc:56:5f:88:cf:89:9b:f6:
                    aa:02:d7:78:07:bc:28:ea:fd:fe:66:fc:d4:74:f9:
                    3b:bb:17:e7:58:f7:a1:c0:88:d3:48:7c:e1:57:c8:
                    18:fa:70:67:ec:dd:49:91:52:9d:c2:f5:4e:c1:a3:
                    b3:b3:cd:6e:8e:55:62:0f:e3:dc:c8:8d:34:8e:bb:
                    4c:a3:5f:48:f1:d7:f4:a5:d0:d0:ee:38:26:d2:78:
                    5c:3b:4f:b8:01:50:58:d1:9d:89:c6:ed:10:82:8d:
                    7b:15:39:9d:e4:d4:4a:a6:ea:93:24:f7:b2:60:d7:
                    57:54:8a:da:2c:13:15:05:98:03:70:90:c8:69:a2:
                    f0:c3:85:54:7f:6e:1c:93:df:a8:a5:47:37:65:02:
                    b7:3d:dc:61:42:7e:79:48:a0:9d:ff:46:33:f9:b3:
                    16:a0:b3:8a:dc:98:21:3b:83:bc:b5:b7:47:fc:a5:
                    0a:73:b8:59:25:24:7f:71:00:72:5c:fc:48:b8:78:
                    c6:5d:41:c2:b5:6b:88:93:eb:38:e8:65:ec:73:cd:
                    b6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:85:D7:6B:F2:95:6A:5D:D4:BA:7E:57:F9:7D:CA:EA:C6:08:88:B0
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e392e302f32342d3234203d3e20323032303731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:0e:12:52:4b:40:cc:0a:2f:b2:7d:f5:e8:b1:90:cb:2c:56:
         5b:e8:9a:db:25:4e:61:50:2b:2b:dc:22:07:73:60:ef:97:c2:
         ca:a7:f3:e5:d7:66:69:3b:0d:35:5d:d4:68:4b:a0:95:68:21:
         12:bb:06:a9:02:11:5d:52:8a:96:70:7f:47:da:1b:20:20:c8:
         81:f3:13:59:25:a0:f3:7e:bc:0f:33:ce:8a:92:92:fd:57:e5:
         12:ba:6a:56:78:8a:41:58:0a:e2:45:52:26:10:f4:5a:14:75:
         b7:20:af:bd:62:7e:b3:be:1c:40:cf:31:c9:2c:fd:d5:4a:12:
         c0:36:77:50:42:f6:07:24:b2:33:6f:df:a2:3f:0a:0f:f9:18:
         4b:6c:f5:6a:f9:68:bb:66:bc:34:4e:a4:54:10:64:53:a6:80:
         a7:66:67:19:39:18:75:7d:d4:6b:26:3a:69:70:27:0b:29:a8:
         45:09:43:68:13:0e:d2:4a:67:cd:e0:f6:2a:40:25:fd:2e:b2:
         d8:9f:c4:2b:62:93:77:46:ff:ba:78:0f:11:bf:a8:da:29:35:
         83:18:2b:58:fe:c3:85:3b:12:c0:31:81:87:87:aa:c9:23:c8:
         a4:fd:33:19:27:58:97:7b:77:66:e2:64:75:ef:eb:32:b4:59:
         11:dd:9f:93
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULaZzomQScXJuZwxPXJtwLqGPuJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMjExOTU4NTdaFw0yNzAzMjAyMDAzNTdaMDMxMTAvBgNV
BAMTKDkzODVENzZCRjI5NTZBNURENEJBN0U1N0Y5N0RDQUVBQzYwODg4QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMsjx+M7gSyVUqS0R4J0vyGoO1
TSyyAKwwiw6Tmy4VNyUtde98SS40SAc1AVnWusPt5t/cVl+Iz4mb9qoC13gHvCjq
/f5m/NR0+Tu7F+dY96HAiNNIfOFXyBj6cGfs3UmRUp3C9U7Bo7OzzW6OVWIP49zI
jTSOu0yjX0jx1/Sl0NDuOCbSeFw7T7gBUFjRnYnG7RCCjXsVOZ3k1Eqm6pMk97Jg
11dUitosExUFmANwkMhpovDDhVR/bhyT36ilRzdlArc93GFCfnlIoJ3/RjP5sxag
s4rcmCE7g7y1t0f8pQpzuFklJH9xAHJc/Ei4eMZdQcK1a4iT6zjoZexzzbbjAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUk4XXa/KVal3Uun5X+X3K6sYIiLAwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzkyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzIzMDM3MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFxwkw
DQYJKoZIhvcNAQELBQADggEBAIwOElJLQMwKL7J99eixkMssVlvomtslTmFQKyvc
IgdzYO+Xwsqn8+XXZmk7DTVd1GhLoJVoIRK7BqkCEV1SipZwf0faGyAgyIHzE1kl
oPN+vA8zzoqSkv1X5RK6alZ4ikFYCuJFUiYQ9FoUdbcgr71ifrO+HEDPMcks/dVK
EsA2d1BC9gcksjNv36I/Cg/5GEts9Wr5aLtmvDROpFQQZFOmgKdmZxk5GHV91Gsm
OmlwJwspqEUJQ2gTDtJKZ83g9ipAJf0ustifxCtik3dG/7p4DxG/qNopNYMYK1j+
w4U7EsAxgYeHqskjyKT9MxknWJd7d2biZHXv6zK0WRHdn5M=
-----END CERTIFICATE-----