Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e20383334.roa
File:                     34352e3134302e33362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          E26KncRSdogUnZcFsEbrJHun85gzi+RuPAbBa89CNDs=
Subject key identifier:   87:A3:7C:2D:DD:DD:AB:AA:4A:EE:32:0D:28:AB:6D:FA:1B:0C:8A:58
Certificate issuer:       /CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
Certificate serial:       2692A25C6A37D296B0F6ECBB23701AD9F8679266
Authority key identifier: 83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Mar 2026 00:29:40 +0000
ROA not before:           Tue 17 Mar 2026 00:24:40 +0000
ROA not after:            Tue 16 Mar 2027 00:29:40 +0000
asID:                     834
IP address blocks:        45.140.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 21:26:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:92:a2:5c:6a:37:d2:96:b0:f6:ec:bb:23:70:1a:d9:f8:67:92:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=830e06419fc46a2802f6f03b71368ac7baaf64ce
        Validity
            Not Before: Mar 17 00:24:40 2026 GMT
            Not After : Mar 16 00:29:40 2027 GMT
        Subject: CN=87A37C2DDDDDABAA4AEE320D28AB6DFA1B0C8A58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3b:81:2e:42:bd:19:75:be:32:20:78:4b:46:
                    0d:32:1c:d1:12:41:34:d7:77:d9:fc:e3:ee:8d:98:
                    93:15:c0:9f:eb:73:d3:0d:5d:eb:95:31:6a:b0:cc:
                    37:6d:db:f0:2a:25:91:ad:21:45:23:09:ef:2a:5a:
                    f7:72:35:ea:fb:73:ef:99:35:9d:52:2a:71:91:ea:
                    7b:2c:ec:25:96:3f:64:c9:f2:32:2e:13:c5:77:97:
                    75:56:11:e4:82:ba:35:ad:20:e9:59:24:a3:0c:4f:
                    a8:e3:3a:23:a7:08:bc:70:d2:28:99:fb:f6:a1:12:
                    94:51:45:7a:d5:71:89:0f:b3:bb:25:7b:0d:62:f2:
                    f3:ff:db:f9:c8:1d:da:f0:d3:09:3c:c4:6f:5c:ad:
                    9b:5f:dc:5e:d7:c7:06:4d:0e:13:e7:d2:bd:a2:72:
                    2f:b4:91:9a:9d:69:e3:8d:e8:c5:cb:4f:20:5f:32:
                    3c:1f:57:7f:9c:2c:36:b6:bf:21:82:da:45:c2:c5:
                    d7:2f:f4:f8:4c:6d:a7:60:b3:20:71:dc:f0:1d:a3:
                    7f:44:fc:39:92:85:df:21:78:2a:af:a1:c2:e2:54:
                    2d:36:59:d2:48:90:6f:4b:34:bc:d9:da:92:c8:08:
                    b9:50:9c:ea:0b:27:c5:32:ca:aa:ec:71:d5:b4:41:
                    61:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A3:7C:2D:DD:DD:AB:AA:4A:EE:32:0D:28:AB:6D:FA:1B:0C:8A:58
            X509v3 Authority Key Identifier:
                keyid:83:0E:06:41:9F:C4:6A:28:02:F6:F0:3B:71:36:8A:C7:BA:AF:64:CE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/830E06419FC46A2802F6F03B71368AC7BAAF64CE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gw4GQZ_EaigC9vA7cTaKx7qvZM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8e0d6a4d-ba67-4979-8d12-0ed4748fc86e/0/34352e3134302e33362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:21:1e:e8:ec:61:32:44:0b:83:75:fe:3a:62:48:97:b2:4d:
         ee:9f:20:be:e2:3b:a9:ac:8a:ae:d5:51:f5:26:25:81:5c:5f:
         83:59:36:b5:09:ed:bf:dd:02:bf:1e:f3:ed:44:ce:d2:fc:fa:
         75:80:d2:7e:d4:67:78:93:d8:0e:ad:14:fd:57:6e:17:cc:1f:
         25:aa:94:a6:00:c3:b4:56:17:16:be:56:a0:f7:e0:e2:56:ae:
         14:72:e1:d4:1e:79:b1:29:54:92:00:43:1e:82:bf:10:5b:16:
         1c:b3:9b:50:fb:af:3f:96:6d:b4:30:44:28:80:f3:ba:9f:ed:
         c0:55:0e:0e:c4:2d:d9:57:18:c2:db:d9:41:87:b6:54:6f:d4:
         a1:08:b6:68:46:6c:b8:db:d6:61:ab:36:a7:25:1c:de:d0:8e:
         1d:03:fe:63:10:37:06:03:60:ee:e1:7b:05:c4:d5:02:e9:0e:
         2d:c3:12:a4:ad:19:5e:2e:66:dd:47:12:07:8a:6f:64:f5:2b:
         11:20:89:06:da:83:4e:46:a2:a9:81:0e:b7:85:d8:24:9d:87:
         45:0e:6b:68:03:34:fb:7c:4b:d2:06:b7:de:f7:61:f1:20:86:
         9c:c4:8c:0f:13:1f:9a:a7:6a:6c:a8:8f:81:7a:46:d0:f0:bc:
         b3:a0:a9:0e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJpKiXGo30paw9uy7I3Aa2fhnkmYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODMwZTA2NDE5ZmM0NmEyODAyZjZmMDNiNzEzNjhhYzdi
YWFmNjRjZTAeFw0yNjAzMTcwMDI0NDBaFw0yNzAzMTYwMDI5NDBaMDMxMTAvBgNV
BAMTKDg3QTM3QzJEREREREFCQUE0QUVFMzIwRDI4QUI2REZBMUIwQzhBNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3O4EuQr0Zdb4yIHhLRg0yHNES
QTTXd9n84+6NmJMVwJ/rc9MNXeuVMWqwzDdt2/AqJZGtIUUjCe8qWvdyNer7c++Z
NZ1SKnGR6nss7CWWP2TJ8jIuE8V3l3VWEeSCujWtIOlZJKMMT6jjOiOnCLxw0iiZ
+/ahEpRRRXrVcYkPs7slew1i8vP/2/nIHdrw0wk8xG9crZtf3F7XxwZNDhPn0r2i
ci+0kZqdaeON6MXLTyBfMjwfV3+cLDa2vyGC2kXCxdcv9PhMbadgsyBx3PAdo39E
/DmShd8heCqvocLiVC02WdJIkG9LNLzZ2pLICLlQnOoLJ8UyyqrscdW0QWG3AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUh6N8Ld3dq6pK7jINKKtt+hsMilgwHwYDVR0j
BBgwFoAUgw4GQZ/EaigC9vA7cTaKx7qvZM4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQtYmE2Ny00OTc5LThkMTItMGVkNDc0OGZj
ODZlLzAvODMwRTA2NDE5RkM0NkEyODAyRjZGMDNCNzEzNjhBQzdCQUFGNjRDRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2d3NEdRWl9FYWlnQzl2QTdjVGFLeDdx
dlpNNC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGUwZDZhNGQt
YmE2Ny00OTc5LThkMTItMGVkNDc0OGZjODZlLzAvMzQzNTJlMzEzNDMwMmUzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYwkMA0G
CSqGSIb3DQEBCwUAA4IBAQAPIR7o7GEyRAuDdf46YkiXsk3unyC+4juprIqu1VH1
JiWBXF+DWTa1Ce2/3QK/HvPtRM7S/Pp1gNJ+1Gd4k9gOrRT9V24XzB8lqpSmAMO0
VhcWvlag9+DiVq4UcuHUHnmxKVSSAEMegr8QWxYcs5tQ+68/lm20MEQogPO6n+3A
VQ4OxC3ZVxjC29lBh7ZUb9ShCLZoRmy429ZhqzanJRze0I4dA/5jEDcGA2Du4XsF
xNUC6Q4twxKkrRleLmbdRxIHim9k9SsRIIkG2oNORqKpgQ63hdgknYdFDmtoAzT7
fEvSBrfe92HxIIacxIwPEx+ap2psqI+BekbQ8LyzoKkO
-----END CERTIFICATE-----