Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa
File:                     34352e36352e3131392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          MuqULy/LUx6iOM23AQE0nkt8xfDr+Jfk1CXHQ8bMbnc=
Subject key identifier:   63:72:28:5B:E4:77:CC:E4:66:B0:54:D1:A4:A3:AB:B3:B2:3E:8B:F1
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       60D7DB2BF7B67F2E79F9443BC7CD555685AB3470
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa
Signing time:             Mon 11 May 2026 08:50:28 +0000
ROA not before:           Mon 11 May 2026 08:45:28 +0000
ROA not after:            Mon 10 May 2027 08:50:28 +0000
asID:                     834
IP address blocks:        45.65.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d7:db:2b:f7:b6:7f:2e:79:f9:44:3b:c7:cd:55:56:85:ab:34:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: May 11 08:45:28 2026 GMT
            Not After : May 10 08:50:28 2027 GMT
        Subject: CN=6372285BE477CCE466B054D1A4A3ABB3B23E8BF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b4:ba:7f:2f:a4:a8:eb:3e:67:71:0b:66:24:
                    af:36:54:1a:cf:80:8e:37:86:e7:83:02:d0:90:b4:
                    34:fe:a0:89:12:1d:db:18:df:78:43:9b:11:17:cb:
                    bd:6b:b5:2e:c6:3e:15:7f:bb:b6:11:aa:06:c6:8a:
                    08:25:c4:c0:4e:2e:13:6e:74:90:9c:31:7c:e1:d2:
                    c6:d2:f2:e1:21:1a:4d:87:37:18:f9:37:21:6c:af:
                    b7:f8:0b:29:53:6a:8b:07:e8:3f:f7:b3:9b:57:ea:
                    10:b5:c7:ab:9e:73:0f:af:9a:66:1c:4e:ea:26:36:
                    a1:05:cf:20:70:bc:ee:c6:78:b0:8d:ec:07:68:78:
                    5f:10:95:7a:70:e7:14:98:bd:12:ad:f9:93:01:e4:
                    f9:40:c9:d0:8e:fd:0d:60:36:9a:ef:91:7f:66:64:
                    b6:8c:4a:4d:f7:d6:66:5d:ad:df:8b:17:46:c8:9e:
                    f9:91:5a:f1:49:c9:be:8c:5e:d1:f6:41:80:b1:21:
                    89:15:b9:80:87:43:53:62:a9:a3:e2:b4:9a:13:1b:
                    9c:d8:1c:77:34:f0:0d:4e:98:35:6a:68:5b:54:93:
                    9d:48:12:9d:d5:24:2e:53:1d:7c:eb:5a:ee:46:f4:
                    32:40:1b:ea:78:4c:f0:f3:cb:c1:2a:92:8a:49:33:
                    1b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:72:28:5B:E4:77:CC:E4:66:B0:54:D1:A4:A3:AB:B3:B2:3E:8B:F1
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e36352e3131392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f9:75:8b:3b:a6:f8:68:f7:8f:ff:b2:54:02:a9:4e:67:eb:
         64:49:8b:4b:66:93:84:0e:13:ac:c9:32:d2:92:a7:13:bb:cd:
         77:ec:18:bd:41:4d:45:43:24:a6:4f:8b:90:27:d2:86:53:c3:
         fe:71:ad:bc:e6:40:f0:f5:bf:99:55:e6:f7:b9:fd:c2:15:ee:
         61:4a:af:39:0f:36:bd:03:1f:2b:05:9b:5c:d6:e1:e2:b1:b1:
         39:db:0c:49:41:bb:59:37:f0:e7:62:af:53:d1:11:4a:bc:26:
         1f:ec:f1:16:f7:e2:e8:95:e6:ec:64:f2:39:23:af:4e:62:7f:
         bd:55:87:70:b1:ce:dc:38:0f:04:20:ff:87:08:4a:24:7b:83:
         20:77:4a:7e:12:c9:91:ef:78:99:ed:e4:e7:2f:a7:78:be:44:
         ec:49:ec:8a:05:56:6e:69:46:47:07:3a:f3:ae:ed:eb:c9:b4:
         3e:75:d1:8c:f0:b1:26:91:e4:ce:5f:ce:b0:43:ff:b3:03:e8:
         08:05:81:b9:30:64:72:a0:75:be:b9:c8:09:de:b2:5a:6c:dc:
         49:44:7e:1b:98:c1:10:f5:49:06:06:1e:7c:cc:f7:30:67:23:
         af:e0:01:d6:ff:dd:cd:f0:50:f3:56:45:ef:97:40:18:c3:b8:
         a7:01:da:ad
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUYNfbK/e2fy55+UQ7x81VVoWrNHAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNjA1MTEwODQ1MjhaFw0yNzA1MTAwODUwMjhaMDMxMTAvBgNV
BAMTKDYzNzIyODVCRTQ3N0NDRTQ2NkIwNTREMUE0QTNBQkIzQjIzRThCRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCltLp/L6So6z5ncQtmJK82VBrP
gI43hueDAtCQtDT+oIkSHdsY33hDmxEXy71rtS7GPhV/u7YRqgbGigglxMBOLhNu
dJCcMXzh0sbS8uEhGk2HNxj5NyFsr7f4CylTaosH6D/3s5tX6hC1x6uecw+vmmYc
TuomNqEFzyBwvO7GeLCN7AdoeF8QlXpw5xSYvRKt+ZMB5PlAydCO/Q1gNprvkX9m
ZLaMSk331mZdrd+LF0bInvmRWvFJyb6MXtH2QYCxIYkVuYCHQ1NiqaPitJoTG5zY
HHc08A1OmDVqaFtUk51IEp3VJC5THXzrWu5G9DJAG+p4TPDzy8EqkopJMxs7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUY3IoW+R3zORmsFTRpKOrs7I+i/EwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzYzNTJlMzEzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUF3MA0G
CSqGSIb3DQEBCwUAA4IBAQBx+XWLO6b4aPeP/7JUAqlOZ+tkSYtLZpOEDhOsyTLS
kqcTu8137Bi9QU1FQySmT4uQJ9KGU8P+ca285kDw9b+ZVeb3uf3CFe5hSq85Dza9
Ax8rBZtc1uHisbE52wxJQbtZN/DnYq9T0RFKvCYf7PEW9+LolebsZPI5I69OYn+9
VYdwsc7cOA8EIP+HCEoke4Mgd0p+EsmR73iZ7eTnL6d4vkTsSeyKBVZuaUZHBzrz
ru3rybQ+ddGM8LEmkeTOX86wQ/+zA+gIBYG5MGRyoHW+ucgJ3rJabNxJRH4bmMEQ
9UkGBh58zPcwZyOv4AHW/93N8FDzVkXvl0AYw7inAdqt
-----END CERTIFICATE-----