Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32302e302f32342d3234203d3e203433383437.roa
File:                     34362e3138322e32302e302f32342d3234203d3e203433383437.roa (raw, json)
Hash identifier:          CvE/2nozaB8au2uvpxJMY+EdD8m6tEw4CMkYGuLnkDo=
Subject key identifier:   4B:06:79:B7:48:E4:CD:E9:9A:09:08:D1:A3:44:B8:C0:AC:9B:76:13
Certificate issuer:       /CN=38a93c81ecd308e6a7632717045b3d35150120f8
Certificate serial:       31B370B99C38AC01F0C8B55B1AF774876D602CA9
Authority key identifier: 38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32302e302f32342d3234203d3e203433383437.roa
Signing time:             Wed 11 Mar 2026 03:46:48 +0000
ROA not before:           Wed 11 Mar 2026 03:41:48 +0000
ROA not after:            Wed 10 Mar 2027 03:46:48 +0000
asID:                     43847
IP address blocks:        46.182.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:15:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:b3:70:b9:9c:38:ac:01:f0:c8:b5:5b:1a:f7:74:87:6d:60:2c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a93c81ecd308e6a7632717045b3d35150120f8
        Validity
            Not Before: Mar 11 03:41:48 2026 GMT
            Not After : Mar 10 03:46:48 2027 GMT
        Subject: CN=4B0679B748E4CDE99A0908D1A344B8C0AC9B7613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1d:c3:a5:9f:60:ab:cb:2d:bf:a0:78:bb:f5:
                    f0:1f:04:83:82:14:41:bb:06:37:03:55:4a:21:7f:
                    d8:21:ba:fb:38:f7:70:df:cd:91:c1:0a:3d:0c:6f:
                    c9:70:3d:2c:7a:b8:e3:09:9a:84:09:1e:ee:13:a7:
                    19:7f:fb:5b:ed:ae:5c:ea:01:20:00:d9:88:87:cc:
                    f6:67:5e:0d:d6:fe:3d:70:49:15:47:38:e5:e1:47:
                    07:dc:0d:dc:37:cf:83:ef:0e:d4:73:48:37:28:b3:
                    47:af:ad:5f:21:47:61:0d:b6:91:c8:d7:dc:85:9d:
                    a6:e3:bb:f2:8d:b0:6e:19:0b:e7:84:8f:15:33:32:
                    9c:39:20:3a:be:63:f9:72:85:fb:0d:c7:e7:ae:5c:
                    cf:44:66:9b:98:24:7e:36:a3:12:07:d0:c4:36:d1:
                    85:95:4c:9c:28:6a:36:ce:c4:8d:72:c3:37:1f:04:
                    d6:ce:10:c9:2e:39:6f:c9:83:90:36:c9:23:91:15:
                    85:2c:21:28:14:04:a8:d7:0d:ea:a9:b3:04:9e:12:
                    52:c0:14:bf:5f:b5:8c:dc:c0:24:d3:47:70:31:13:
                    c1:eb:3d:f7:1e:38:70:57:04:5a:2b:59:0a:de:5f:
                    f5:86:37:38:77:d6:14:f1:e2:71:5e:6a:f7:e6:1a:
                    16:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:06:79:B7:48:E4:CD:E9:9A:09:08:D1:A3:44:B8:C0:AC:9B:76:13
            X509v3 Authority Key Identifier:
                keyid:38:A9:3C:81:EC:D3:08:E6:A7:63:27:17:04:5B:3D:35:15:01:20:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/38A93C81ECD308E6A7632717045B3D35150120F8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKk8gezTCOanYycXBFs9NRUBIPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/982c65b9-725d-4bb0-a216-8e77191ff9b8/0/34362e3138322e32302e302f32342d3234203d3e203433383437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:64:41:81:d6:fe:90:4e:55:79:e8:bd:1f:3c:1e:41:44:92:
         f2:80:83:08:14:8a:48:b6:54:a2:bd:b5:b6:de:00:10:05:1a:
         bd:06:f1:c0:ed:48:c6:2a:b8:22:65:51:7f:0d:f2:4c:35:69:
         f6:30:61:f7:59:e2:6c:bc:70:8d:15:b5:01:a1:1c:9c:3a:6e:
         7a:3d:14:c8:e3:1c:9e:7c:09:55:73:d5:32:4b:da:f1:02:b6:
         5f:82:1f:c7:ef:45:4b:d0:6e:79:03:e8:50:6f:82:e3:28:59:
         a3:b6:7b:a2:0d:7c:d7:88:c5:b8:76:16:f4:73:f1:ae:e4:a3:
         11:77:0d:66:da:ca:9a:67:61:97:91:a6:43:fa:d8:2a:e5:2e:
         70:12:97:d6:85:d1:d4:5c:0b:60:90:b3:a9:3e:99:88:d9:cc:
         d3:62:79:d5:9c:5a:4c:4f:d6:88:10:1d:3c:43:94:56:37:08:
         94:00:38:82:98:d9:74:dc:3b:84:58:13:59:98:d4:d6:63:73:
         4d:d5:ae:30:1a:7d:01:03:f0:12:b2:cd:3f:92:6e:5f:32:ac:
         3f:5d:6e:fb:d3:4e:59:80:48:ee:cd:e5:de:6f:2a:83:99:b3:
         39:21:0e:4b:c7:15:12:d1:38:3c:86:5f:4d:80:d4:84:66:a2:
         72:92:2a:bf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMbNwuZw4rAHwyLVbGvd0h21gLKkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzhhOTNjODFlY2QzMDhlNmE3NjMyNzE3MDQ1YjNkMzUx
NTAxMjBmODAeFw0yNjAzMTEwMzQxNDhaFw0yNzAzMTAwMzQ2NDhaMDMxMTAvBgNV
BAMTKDRCMDY3OUI3NDhFNENERTk5QTA5MDhEMUEzNDRCOEMwQUM5Qjc2MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoHcOln2Cryy2/oHi79fAfBIOC
FEG7BjcDVUohf9ghuvs493DfzZHBCj0Mb8lwPSx6uOMJmoQJHu4Tpxl/+1vtrlzq
ASAA2YiHzPZnXg3W/j1wSRVHOOXhRwfcDdw3z4PvDtRzSDcos0evrV8hR2ENtpHI
19yFnabju/KNsG4ZC+eEjxUzMpw5IDq+Y/lyhfsNx+euXM9EZpuYJH42oxIH0MQ2
0YWVTJwoajbOxI1ywzcfBNbOEMkuOW/Jg5A2ySORFYUsISgUBKjXDeqpswSeElLA
FL9ftYzcwCTTR3AxE8HrPfceOHBXBForWQreX/WGNzh31hTx4nFeavfmGhatAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSwZ5t0jkzemaCQjRo0S4wKybdhMwHwYDVR0j
BBgwFoAUOKk8gezTCOanYycXBFs9NRUBIPgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTgyYzY1YjktNzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZm
OWI4LzAvMzhBOTNDODFFQ0QzMDhFNkE3NjMyNzE3MDQ1QjNEMzUxNTAxMjBGOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL09LazhnZXpUQ09hbll5Y1hCRnM5TlJV
QklQZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTgyYzY1Yjkt
NzI1ZC00YmIwLWEyMTYtOGU3NzE5MWZmOWI4LzAvMzQzNjJlMzEzODMyMmUzMjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMzM4MzQzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC62
FDANBgkqhkiG9w0BAQsFAAOCAQEAB2RBgdb+kE5Veei9HzweQUSS8oCDCBSKSLZU
or21tt4AEAUavQbxwO1Ixiq4ImVRfw3yTDVp9jBh91nibLxwjRW1AaEcnDpuej0U
yOMcnnwJVXPVMkva8QK2X4Ifx+9FS9BueQPoUG+C4yhZo7Z7og1814jFuHYW9HPx
ruSjEXcNZtrKmmdhl5GmQ/rYKuUucBKX1oXR1FwLYJCzqT6ZiNnM02J51ZxaTE/W
iBAdPEOUVjcIlAA4gpjZdNw7hFgTWZjU1mNzTdWuMBp9AQPwErLNP5JuXzKsP11u
+9NOWYBI7s3l3m8qg5mzOSEOS8cVEtE4PIZfTYDUhGaicpIqvw==
-----END CERTIFICATE-----