Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3170.roa
File:                     AS3170.roa (raw, json)
Hash identifier:          7rmVYc81dSOju5fpAle8MtbqMCzQ9Uu6cWXGVN/p5I8=
Subject key identifier:   F6:34:A2:15:57:46:67:6F:2A:0A:00:5F:4D:81:B1:E2:80:AA:D4:86
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7B4E205E9431EA4249F0EF205BB25B9E962C6112
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3170.roa
Signing time:             Sun 15 Mar 2026 00:46:48 +0000
ROA not before:           Sun 15 Mar 2026 00:41:48 +0000
ROA not after:            Sun 14 Mar 2027 00:46:48 +0000
asID:                     3170
IP address blocks:        45.149.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:4e:20:5e:94:31:ea:42:49:f0:ef:20:5b:b2:5b:9e:96:2c:61:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 15 00:41:48 2026 GMT
            Not After : Mar 14 00:46:48 2027 GMT
        Subject: CN=F634A2155746676F2A0A005F4D81B1E280AAD486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:da:93:85:31:c5:a9:15:f0:da:47:fb:b0:d8:
                    49:d3:51:af:53:4d:f0:f9:5e:e6:a6:5d:70:0e:57:
                    01:e9:c8:36:da:29:80:d7:ef:a2:c9:3f:e7:43:5c:
                    ac:d1:25:0b:a0:d5:59:ac:c6:28:86:2f:ae:90:b6:
                    59:28:05:73:72:cd:0f:82:c3:0e:24:35:49:63:6d:
                    fa:69:fd:1c:73:a0:06:00:dc:b7:1f:54:7a:54:0e:
                    db:c7:99:c7:fa:70:3b:6d:e8:b2:c2:94:98:b0:d1:
                    5f:e5:16:2c:d5:b7:47:03:de:2d:4c:ad:39:fe:5f:
                    03:35:62:49:55:a0:a6:25:d1:bb:91:63:58:39:32:
                    6e:d9:35:dc:27:99:d3:49:26:42:4f:13:02:3c:c5:
                    85:69:17:c3:34:fd:56:ba:4d:dc:70:98:19:9d:ed:
                    1a:60:d5:7b:b5:a3:4e:00:77:0d:a2:bd:dd:78:63:
                    fb:aa:f6:86:36:39:6d:f4:30:5a:50:e4:8b:55:8d:
                    5d:16:0a:b2:76:d3:22:0f:d2:c3:4c:cc:6a:14:e7:
                    9c:98:2b:03:80:df:b1:a1:2a:17:a5:b8:95:99:a5:
                    ff:7c:66:09:ff:a2:e3:b9:10:cd:ce:f3:80:91:bd:
                    48:90:28:d4:37:9f:65:a4:40:24:b0:75:0f:cb:71:
                    8c:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:34:A2:15:57:46:67:6F:2A:0A:00:5F:4D:81:B1:E2:80:AA:D4:86
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS3170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:3b:8a:90:05:1c:5c:48:e6:95:e3:0a:6c:21:b9:49:5d:a6:
         a0:21:4c:7b:56:36:cf:0d:10:cc:6e:7f:1f:d7:54:42:bf:d6:
         5e:74:7e:34:6c:ef:46:4c:5b:0d:3b:62:d1:5c:9c:25:43:1c:
         35:a3:dd:f4:8e:64:e3:d3:18:a9:83:54:5b:8d:9a:e2:b5:5a:
         ce:31:0b:c9:02:a3:bf:fc:ec:79:22:6a:fc:39:6c:9e:fd:28:
         20:4c:34:b7:6a:83:55:6a:8a:5e:fc:de:c8:90:0b:f3:3c:c5:
         05:bc:b7:05:6f:93:93:f3:a1:30:da:70:c2:e9:1d:17:09:88:
         f0:b6:be:e8:a1:b6:a5:e6:7d:9e:85:19:9a:91:6c:12:7c:ab:
         3b:fb:c4:f6:f1:d1:dd:85:73:90:6d:ef:fa:c9:2e:57:05:e4:
         a9:97:9e:d0:24:62:a3:a2:5a:06:5c:e6:36:9e:41:07:b5:d7:
         86:fe:2e:ed:64:8c:52:54:98:59:ec:6d:ce:85:7a:60:ea:1e:
         c8:a4:07:df:82:8a:ab:c4:db:ad:57:94:38:b2:dd:cb:dd:dc:
         8e:f0:eb:1a:27:61:32:54:63:04:58:4f:2a:d2:ba:ae:a8:67:
         e5:20:35:ff:48:fc:a1:72:29:9d:02:33:26:89:cd:ed:c3:14:
         59:89:ca:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUe04gXpQx6kJJ8O8gW7JbnpYsYRIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTUwMDQxNDhaFw0yNzAzMTQwMDQ2NDhaMDMxMTAvBgNV
BAMTKEY2MzRBMjE1NTc0NjY3NkYyQTBBMDA1RjREODFCMUUyODBBQUQ0ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb2pOFMcWpFfDaR/uw2EnTUa9T
TfD5XuamXXAOVwHpyDbaKYDX76LJP+dDXKzRJQug1VmsxiiGL66QtlkoBXNyzQ+C
ww4kNUljbfpp/RxzoAYA3LcfVHpUDtvHmcf6cDtt6LLClJiw0V/lFizVt0cD3i1M
rTn+XwM1YklVoKYl0buRY1g5Mm7ZNdwnmdNJJkJPEwI8xYVpF8M0/Va6TdxwmBmd
7Rpg1Xu1o04Adw2ivd14Y/uq9oY2OW30MFpQ5ItVjV0WCrJ20yIP0sNMzGoU55yY
KwOA37GhKheluJWZpf98Zgn/ouO5EM3O84CRvUiQKNQ3n2WkQCSwdQ/LcYyZAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU9jSiFVdGZ28qCgBfTYGx4oCq1IYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzE3MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2VuDAN
BgkqhkiG9w0BAQsFAAOCAQEAyTuKkAUcXEjmleMKbCG5SV2moCFMe1Y2zw0QzG5/
H9dUQr/WXnR+NGzvRkxbDTti0VycJUMcNaPd9I5k49MYqYNUW42a4rVazjELyQKj
v/zseSJq/Dlsnv0oIEw0t2qDVWqKXvzeyJAL8zzFBby3BW+Tk/OhMNpwwukdFwmI
8La+6KG2peZ9noUZmpFsEnyrO/vE9vHR3YVzkG3v+skuVwXkqZee0CRio6JaBlzm
Np5BB7XXhv4u7WSMUlSYWextzoV6YOoeyKQH34KKq8TbrVeUOLLdy93cjvDrGidh
MlRjBFhPKtK6rqhn5SA1/0j8oXIpnQIzJonN7cMUWYnKpg==
-----END CERTIFICATE-----