Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20323133333138.roa
File:                     34352e31322e38312e302f32342d3234203d3e20323133333138.roa (raw, json)
Hash identifier:          LRmgMpqeNpdNFpRZE8sU/p32Y81wYvFtwTCtXhAImQ0=
Subject key identifier:   26:8C:A7:88:57:A3:B1:E0:76:A4:70:51:B6:68:04:A8:EB:7C:D3:CC
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       718AEE268EC6AC9F6687455BA7125D9FE8A8664E
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20323133333138.roa
Signing time:             Wed 11 Mar 2026 09:49:56 +0000
ROA not before:           Wed 11 Mar 2026 09:44:56 +0000
ROA not after:            Wed 10 Mar 2027 09:49:56 +0000
asID:                     213318
IP address blocks:        45.12.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:8a:ee:26:8e:c6:ac:9f:66:87:45:5b:a7:12:5d:9f:e8:a8:66:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar 11 09:44:56 2026 GMT
            Not After : Mar 10 09:49:56 2027 GMT
        Subject: CN=268CA78857A3B1E076A47051B66804A8EB7CD3CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9c:a7:15:a2:47:e7:b4:f7:96:fe:a5:00:b5:
                    1e:4a:97:4a:a1:ec:ab:ef:69:99:b4:8f:d0:6c:00:
                    48:d8:ac:a7:49:88:30:77:79:43:f6:a0:21:08:d9:
                    49:ef:3d:ba:41:2b:75:cc:d0:6a:3e:82:31:25:fd:
                    f6:ac:08:70:f2:6f:99:ee:d5:c5:9a:c4:b9:b4:5f:
                    68:62:ef:c7:ef:34:d5:ef:a9:13:83:b5:3d:21:3c:
                    cd:48:f4:6b:bb:a9:0f:2f:59:0f:ef:5c:59:30:ce:
                    52:68:33:4d:45:63:9a:70:a8:d1:14:63:25:3d:84:
                    07:8d:7d:7e:b2:2b:ed:54:93:5b:ab:ea:a6:58:cc:
                    ae:8d:74:85:9e:47:30:c5:36:03:46:5d:15:2a:0e:
                    43:9a:41:0e:e0:81:7f:eb:bc:e3:3b:d1:4a:f7:cb:
                    c5:de:de:7f:3d:29:ae:b6:32:07:15:6e:f6:88:13:
                    3f:20:45:56:44:b0:a6:1c:12:c7:ee:cf:27:a2:f0:
                    22:4e:06:a2:39:c2:74:9c:96:15:69:8d:e6:65:b5:
                    0c:66:48:71:1a:ce:8f:34:25:a1:35:c2:05:7f:84:
                    ae:00:5a:e0:06:ad:c0:5a:ba:e4:f0:f0:f0:bf:d3:
                    99:47:48:87:a4:40:1c:63:03:7a:2d:21:d3:f6:3d:
                    da:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:8C:A7:88:57:A3:B1:E0:76:A4:70:51:B6:68:04:A8:EB:7C:D3:CC
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38312e302f32342d3234203d3e20323133333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:1a:54:08:74:c6:27:3b:52:9b:73:67:78:8d:c3:08:38:f2:
         37:a1:6b:3e:19:8d:51:84:ce:78:0a:0c:1f:93:f5:13:97:8a:
         b8:23:08:bb:39:0d:02:6b:f4:7a:6f:eb:65:67:a1:36:5c:3f:
         6f:6d:6c:91:af:d9:a4:27:5b:9e:f4:3d:dc:b3:37:62:28:73:
         9e:56:ce:e2:cb:fb:90:52:5b:d6:74:89:0c:94:36:bc:cf:56:
         69:73:f5:01:7c:07:2b:1e:8c:4f:47:11:38:b6:7d:41:d1:a4:
         c5:b5:88:63:20:83:8c:37:ad:81:db:a6:44:a3:65:0d:7c:78:
         2e:79:6f:77:cb:14:fb:3d:dd:f4:f1:13:fc:c2:a2:e2:c3:0e:
         56:93:3d:56:44:93:ec:5b:b3:f0:53:a3:f7:1a:dc:60:e8:b9:
         97:23:ab:0c:e9:b6:ca:37:7f:76:1e:71:00:fd:b1:ca:c6:0a:
         20:31:d4:fc:83:b7:0e:fe:d7:30:88:5e:8a:11:76:a0:59:17:
         78:bc:e1:8e:9b:8c:e0:48:09:3b:62:84:8c:37:09:3f:57:ad:
         61:c8:70:71:2a:e4:5e:bf:50:e8:f5:1d:0a:5b:ac:ec:eb:97:
         06:62:8c:16:fd:28:dd:ce:92:6d:74:06:f7:22:b3:9d:23:b5:
         95:04:3f:e2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcYruJo7GrJ9mh0VbpxJdn+ioZk4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjAzMTEwOTQ0NTZaFw0yNzAzMTAwOTQ5NTZaMDMxMTAvBgNV
BAMTKDI2OENBNzg4NTdBM0IxRTA3NkE0NzA1MUI2NjgwNEE4RUI3Q0QzQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDInKcVokfntPeW/qUAtR5Kl0qh
7KvvaZm0j9BsAEjYrKdJiDB3eUP2oCEI2UnvPbpBK3XM0Go+gjEl/fasCHDyb5nu
1cWaxLm0X2hi78fvNNXvqRODtT0hPM1I9Gu7qQ8vWQ/vXFkwzlJoM01FY5pwqNEU
YyU9hAeNfX6yK+1Uk1ur6qZYzK6NdIWeRzDFNgNGXRUqDkOaQQ7ggX/rvOM70Ur3
y8Xe3n89Ka62MgcVbvaIEz8gRVZEsKYcEsfuzyei8CJOBqI5wnSclhVpjeZltQxm
SHEazo80JaE1wgV/hK4AWuAGrcBauuTw8PC/05lHSIekQBxjA3otIdP2PdrdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJoyniFejseB2pHBRtmgEqOt808wwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMzMzMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0M
UTANBgkqhkiG9w0BAQsFAAOCAQEAERpUCHTGJztSm3NneI3DCDjyN6FrPhmNUYTO
eAoMH5P1E5eKuCMIuzkNAmv0em/rZWehNlw/b21ska/ZpCdbnvQ93LM3YihznlbO
4sv7kFJb1nSJDJQ2vM9WaXP1AXwHKx6MT0cROLZ9QdGkxbWIYyCDjDetgdumRKNl
DXx4Lnlvd8sU+z3d9PET/MKi4sMOVpM9VkST7Fuz8FOj9xrcYOi5lyOrDOm2yjd/
dh5xAP2xysYKIDHU/IO3Dv7XMIheihF2oFkXeLzhjpuM4EgJO2KEjDcJP1etYchw
cSrkXr9Q6PUdClus7OuXBmKMFv0o3c6SbXQG9yKznSO1lQQ/4g==
-----END CERTIFICATE-----