Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/34352e36362e36332e302f32342d3234203d3e20383334.roa
File:                     34352e36362e36332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          IW8FjUpVS0iI6RC9RIFr2AEmaBZjVvIqMqCaCd1GGZ8=
Subject key identifier:   BB:9A:E6:42:A9:F7:7E:91:53:BA:19:31:E6:EB:85:E5:29:8B:DA:DF
Certificate issuer:       /CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
Certificate serial:       589D4564F7DB452C0D508179186DE915C7FC8F02
Authority key identifier: 7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/34352e36362e36332e302f32342d3234203d3e20383334.roa
Signing time:             Sun 19 Apr 2026 08:28:05 +0000
ROA not before:           Sun 19 Apr 2026 08:23:05 +0000
ROA not after:            Sun 18 Apr 2027 08:28:05 +0000
asID:                     834
IP address blocks:        45.66.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:04:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:9d:45:64:f7:db:45:2c:0d:50:81:79:18:6d:e9:15:c7:fc:8f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
        Validity
            Not Before: Apr 19 08:23:05 2026 GMT
            Not After : Apr 18 08:28:05 2027 GMT
        Subject: CN=BB9AE642A9F77E9153BA1931E6EB85E5298BDADF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2d:c4:ab:d7:cc:a5:89:f6:28:56:a4:41:0f:
                    c0:4b:f6:99:33:22:ad:4e:00:95:56:86:eb:16:76:
                    89:da:31:78:3c:83:eb:33:7a:ef:00:b7:b2:f9:cf:
                    dd:0e:c2:74:b3:a3:c3:9e:7a:86:7c:0f:e1:38:30:
                    f6:ff:de:81:28:94:ce:43:c9:2d:ad:18:2c:ae:a5:
                    44:b9:23:64:60:1b:ad:0c:e7:d0:2f:75:5e:f3:3f:
                    c6:25:84:3f:60:53:3a:91:3a:a9:bf:1c:f6:31:d2:
                    54:51:f0:36:4c:2e:9b:89:6e:00:bf:fe:42:ac:5c:
                    6d:fb:92:3e:d9:eb:a0:c4:19:e2:ac:44:56:db:86:
                    dd:d5:e4:6a:24:41:6f:01:55:82:32:d9:ca:b3:0c:
                    9f:c3:42:03:60:d4:19:4c:eb:f7:67:e4:35:44:f6:
                    8a:2a:eb:02:46:5d:6d:76:2a:7b:b1:f5:44:42:69:
                    99:11:af:0f:fc:9a:31:34:53:49:58:20:10:e0:c5:
                    28:30:53:3b:7f:3d:1b:28:ac:46:5a:70:28:42:9f:
                    24:17:c2:8e:85:92:c9:f4:ae:59:38:e1:61:63:35:
                    65:cf:f6:7f:49:99:03:1d:1d:c1:99:d8:ef:36:9d:
                    14:f4:c4:98:00:7b:d0:83:13:90:da:22:a1:3d:59:
                    f1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:9A:E6:42:A9:F7:7E:91:53:BA:19:31:E6:EB:85:E5:29:8B:DA:DF
            X509v3 Authority Key Identifier:
                keyid:7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/34352e36362e36332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:f2:08:f3:f8:2a:0a:03:01:bc:67:ed:2b:91:90:b4:e5:
         2b:c3:52:ea:61:3e:d5:ce:85:28:36:c0:eb:c9:9b:ca:8e:83:
         10:84:62:8c:d8:80:1f:3f:a9:5a:7f:5b:55:eb:32:d0:1d:1c:
         d6:15:dc:1c:7f:7e:93:5d:0e:37:74:29:03:d4:7d:30:16:07:
         b4:dc:95:68:2f:a3:d5:fa:e8:d8:8f:85:40:72:f4:71:af:ae:
         30:bd:6c:82:00:9a:dc:5e:91:1a:b9:b4:d7:39:de:a7:ba:ad:
         96:95:f3:15:a5:a5:a0:a5:27:56:48:2a:86:41:5f:31:16:7e:
         49:14:af:fc:8f:bb:14:b9:e1:c2:9c:6e:f9:87:66:fa:fe:de:
         10:47:a3:c6:d4:0d:52:ed:38:39:01:53:74:04:45:10:fa:00:
         84:92:e7:df:db:45:0c:23:f9:7e:6f:03:e8:90:5b:98:c0:82:
         c3:d7:88:e5:82:56:5c:b2:4e:e4:ff:25:f1:68:b2:9f:2a:0f:
         cd:cb:cb:06:5f:49:ad:85:fb:9c:1c:b2:6e:35:25:f4:61:ad:
         03:b5:e0:ac:44:95:69:50:ca:77:33:e1:70:8c:45:4b:55:00:
         5f:22:33:c6:8b:1e:62:17:94:b0:29:80:31:19:7b:25:94:81:
         a4:92:42:90
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUWJ1FZPfbRSwNUIF5GG3pFcf8jwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2U1MWNhYzFjZTJhZmUxOTU4YjFmYjZhNjIzNzcxN2Iw
YjVkNDgxMDAeFw0yNjA0MTkwODIzMDVaFw0yNzA0MTgwODI4MDVaMDMxMTAvBgNV
BAMTKEJCOUFFNjQyQTlGNzdFOTE1M0JBMTkzMUU2RUI4NUU1Mjk4QkRBREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLLcSr18ylifYoVqRBD8BL9pkz
Iq1OAJVWhusWdonaMXg8g+szeu8At7L5z90OwnSzo8OeeoZ8D+E4MPb/3oEolM5D
yS2tGCyupUS5I2RgG60M59AvdV7zP8YlhD9gUzqROqm/HPYx0lRR8DZMLpuJbgC/
/kKsXG37kj7Z66DEGeKsRFbbht3V5GokQW8BVYIy2cqzDJ/DQgNg1BlM6/dn5DVE
9ooq6wJGXW12Knux9URCaZkRrw/8mjE0U0lYIBDgxSgwUzt/PRsorEZacChCnyQX
wo6Fksn0rlk44WFjNWXP9n9JmQMdHcGZ2O82nRT0xJgAe9CDE5DaIqE9WfH7AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUu5rmQqn3fpFTuhkx5uuF5SmL2t8wHwYDVR0j
BBgwFoAUflHKwc4q/hlYsftqYjdxewtdSBAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODgxYjdmMDgtZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJi
ZDMyLzAvN0U1MUNBQzFDRTJBRkUxOTU4QjFGQjZBNjIzNzcxN0IwQjVENDgxMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZsSEt3YzRxX2hsWXNmdHFZamR4ZXd0
ZFNCQS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODgxYjdmMDgt
ZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJiZDMyLzAvMzQzNTJlMzYzNjJlMzYzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1CPzANBgkq
hkiG9w0BAQsFAAOCAQEAGMPyCPP4KgoDAbxn7SuRkLTlK8NS6mE+1c6FKDbA68mb
yo6DEIRijNiAHz+pWn9bVesy0B0c1hXcHH9+k10ON3QpA9R9MBYHtNyVaC+j1fro
2I+FQHL0ca+uML1sggCa3F6RGrm01znep7qtlpXzFaWloKUnVkgqhkFfMRZ+SRSv
/I+7FLnhwpxu+Ydm+v7eEEejxtQNUu04OQFTdARFEPoAhJLn39tFDCP5fm8D6JBb
mMCCw9eI5YJWXLJO5P8l8WiynyoPzcvLBl9JrYX7nByybjUl9GGtA7XgrESVaVDK
dzPhcIxFS1UAXyIzxoseYheUsCmAMRl7JZSBpJJCkA==
-----END CERTIFICATE-----