Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e203432383331.roa
File:                     34352e31322e38332e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          jz6gD5pT25yHNwCdJyyQY1VOqH2AD2mPXRWj6vTDjPI=
Subject key identifier:   15:F7:F9:CB:AB:68:B9:F5:97:7D:7C:25:E6:F4:10:2E:6A:71:3B:20
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       6B01F0DA23D879F29303D58DC8103CFF934C3BC2
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e203432383331.roa
Signing time:             Sat 21 Mar 2026 18:46:51 +0000
ROA not before:           Sat 21 Mar 2026 18:41:51 +0000
ROA not after:            Sat 20 Mar 2027 18:46:51 +0000
asID:                     42831
IP address blocks:        45.12.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:01:f0:da:23:d8:79:f2:93:03:d5:8d:c8:10:3c:ff:93:4c:3b:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar 21 18:41:51 2026 GMT
            Not After : Mar 20 18:46:51 2027 GMT
        Subject: CN=15F7F9CBAB68B9F5977D7C25E6F4102E6A713B20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f0:e6:14:72:a4:4d:43:15:0f:b0:31:39:67:
                    cf:f6:8c:03:18:3b:a1:6b:f2:1c:e1:17:61:8c:ed:
                    eb:e6:c4:8a:d6:f0:ad:d1:4d:da:a8:58:2e:e2:ba:
                    b4:d2:af:d4:96:29:db:7d:6f:f2:7e:58:b3:ec:b9:
                    ff:34:80:cc:cd:53:41:bb:80:27:92:78:89:38:e4:
                    0f:bc:de:da:85:65:e0:56:3c:d6:dd:84:1c:ac:7d:
                    8e:11:c0:61:c0:59:d5:46:49:7b:e1:36:19:70:ee:
                    09:15:85:5e:11:fd:df:35:df:fd:e2:36:d4:e7:42:
                    7c:4a:a8:46:3b:dd:3c:dc:9b:c5:ac:cb:b2:f8:61:
                    a4:56:67:d1:cf:d0:40:f0:5d:79:1f:4f:30:c0:85:
                    2e:08:10:0b:d3:f7:6a:46:58:5f:2d:c7:48:4a:57:
                    36:c8:2f:0b:59:66:d9:ec:b1:a3:d4:d3:f0:72:17:
                    e9:13:7f:a0:62:5f:a4:e6:a9:7c:03:96:97:1c:c2:
                    61:d9:e5:ba:9e:c7:08:4d:9f:8b:11:6d:c3:0f:50:
                    11:28:0c:e3:37:22:c8:9d:ef:a8:cd:ca:30:7a:88:
                    27:df:e6:de:df:a6:29:c6:58:c7:63:da:a6:80:f0:
                    52:c5:0f:59:67:7a:d4:76:46:88:98:a8:a0:e6:7f:
                    77:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F7:F9:CB:AB:68:B9:F5:97:7D:7C:25:E6:F4:10:2E:6A:71:3B:20
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e31322e38332e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:df:fa:98:e0:ea:28:9b:eb:18:2f:b4:db:cf:77:3d:83:ae:
         7c:15:16:c4:bd:e1:aa:7b:88:77:21:f9:7e:2e:f5:75:c8:28:
         3a:87:99:7e:ad:ce:e1:48:ff:42:92:b2:bb:78:4c:58:5f:0d:
         8e:bb:cc:5a:7c:b7:57:ff:7c:0d:57:b4:d3:e9:31:bf:79:c7:
         00:81:70:87:99:de:80:ab:6a:4e:d2:0c:87:39:f3:95:9d:fb:
         84:0e:72:7a:cb:77:56:89:c1:d4:8f:9f:cb:f8:f2:ed:2b:d8:
         77:a2:3d:79:4d:6c:0d:a7:86:00:70:c4:d6:e5:6c:da:8f:2f:
         c5:f2:0a:26:23:e4:a9:68:64:ab:98:7c:e9:03:83:9d:64:b4:
         5b:cf:fd:e8:87:42:24:e8:67:ee:de:8e:6f:06:0a:e8:48:f3:
         30:0c:8b:c4:d3:c7:48:f2:f5:ba:37:58:d3:65:0f:65:92:86:
         d4:71:d5:34:af:42:c5:2a:82:d3:e3:dd:50:27:96:54:f6:ab:
         76:e3:62:cb:62:00:72:3e:b7:aa:85:04:eb:0b:e0:1c:69:45:
         de:2c:ec:8c:2d:cd:97:99:71:a8:e8:89:99:46:9e:9d:a3:a4:
         86:ca:9f:3a:b5:f0:87:84:38:aa:9f:72:02:10:f1:b4:a7:a4:
         7e:56:2f:95
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUawHw2iPYefKTA9WNyBA8/5NMO8IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjAzMjExODQxNTFaFw0yNzAzMjAxODQ2NTFaMDMxMTAvBgNV
BAMTKDE1RjdGOUNCQUI2OEI5RjU5NzdEN0MyNUU2RjQxMDJFNkE3MTNCMjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8OYUcqRNQxUPsDE5Z8/2jAMY
O6Fr8hzhF2GM7evmxIrW8K3RTdqoWC7iurTSr9SWKdt9b/J+WLPsuf80gMzNU0G7
gCeSeIk45A+83tqFZeBWPNbdhBysfY4RwGHAWdVGSXvhNhlw7gkVhV4R/d813/3i
NtTnQnxKqEY73Tzcm8Wsy7L4YaRWZ9HP0EDwXXkfTzDAhS4IEAvT92pGWF8tx0hK
VzbILwtZZtnssaPU0/ByF+kTf6BiX6TmqXwDlpccwmHZ5bqexwhNn4sRbcMPUBEo
DOM3Isid76jNyjB6iCff5t7fpinGWMdj2qaA8FLFD1lnetR2RoiYqKDmf3elAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFff5y6toufWXfXwl5vQQLmpxOyAwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzEzMjJlMzgzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzIzODMzMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtDFMw
DQYJKoZIhvcNAQELBQADggEBABHf+pjg6iib6xgvtNvPdz2DrnwVFsS94ap7iHch
+X4u9XXIKDqHmX6tzuFI/0KSsrt4TFhfDY67zFp8t1f/fA1XtNPpMb95xwCBcIeZ
3oCrak7SDIc585Wd+4QOcnrLd1aJwdSPn8v48u0r2HeiPXlNbA2nhgBwxNblbNqP
L8XyCiYj5KloZKuYfOkDg51ktFvP/eiHQiToZ+7ejm8GCuhI8zAMi8TTx0jy9bo3
WNNlD2WShtRx1TSvQsUqgtPj3VAnllT2q3bjYstiAHI+t6qFBOsL4BxpRd4s7Iwt
zZeZcajoiZlGnp2jpIbKnzq18IeEOKqfcgIQ8bSnpH5WL5U=
-----END CERTIFICATE-----