Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20383334.roa
File:                     34352e38372e3137322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          AtdTvnjZwDtCshNY609maAxulWKgkXWVPoDtp4xeBEI=
Subject key identifier:   DB:5D:FF:66:40:46:61:35:57:D4:15:EF:32:EE:DC:A1:E7:53:6D:E9
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       7D1A67A6C5EE3385E9AD2B8E1CF56E0AEAC5F691
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20383334.roa
Signing time:             Fri 13 Mar 2026 00:01:53 +0000
ROA not before:           Thu 12 Mar 2026 23:56:53 +0000
ROA not after:            Fri 12 Mar 2027 00:01:53 +0000
asID:                     834
IP address blocks:        45.87.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:1a:67:a6:c5:ee:33:85:e9:ad:2b:8e:1c:f5:6e:0a:ea:c5:f6:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar 12 23:56:53 2026 GMT
            Not After : Mar 12 00:01:53 2027 GMT
        Subject: CN=DB5DFF664046613557D415EF32EEDCA1E7536DE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:78:b9:6e:52:c1:96:a3:8e:66:de:d4:bd:7d:
                    43:f6:20:4b:03:b1:c4:ef:33:d6:61:0b:aa:a3:d4:
                    38:8b:d6:d9:a9:bf:a4:06:09:00:21:1d:da:56:0f:
                    ba:3f:64:3b:4c:3e:95:dd:79:cf:fa:00:75:13:f0:
                    5f:6b:85:60:b5:b6:db:b3:df:04:27:b6:0c:90:9c:
                    3f:cf:b7:bd:51:61:26:b6:a5:b0:98:1f:c6:3a:9a:
                    1b:f4:6d:b6:6e:b4:44:d8:95:18:84:7d:ca:ee:d3:
                    e1:ba:95:ad:8a:28:8c:1a:62:f6:63:57:f3:0e:5e:
                    cd:98:cd:06:34:77:19:16:4f:f5:53:ef:2c:a0:90:
                    86:c3:ca:87:06:10:b8:af:1a:3a:a5:38:f3:2d:4f:
                    fb:57:67:3a:19:b0:98:6d:65:e3:25:36:89:d5:b4:
                    06:4b:74:b4:36:b3:bb:28:48:69:7b:a5:1b:b1:73:
                    7b:79:b3:60:a1:7d:23:6d:3a:ed:3e:a2:18:fe:34:
                    d8:70:b7:3c:c1:5f:0c:32:00:db:4b:71:12:11:71:
                    50:ae:bd:23:e7:8e:a8:4b:26:51:f2:75:27:da:01:
                    4a:b3:c0:f6:70:40:46:21:1b:0d:6a:b2:7b:6e:a3:
                    75:43:62:4e:f9:86:82:15:12:16:60:e4:c8:d5:75:
                    df:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5D:FF:66:40:46:61:35:57:D4:15:EF:32:EE:DC:A1:E7:53:6D:E9
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/34352e38372e3137322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:a8:6e:9f:18:fa:14:b5:da:0a:54:33:ba:dc:50:18:85:bf:
         20:c6:04:a2:11:ba:43:fb:39:c8:4c:d8:db:ab:25:c8:8f:3e:
         14:4f:54:8b:c0:78:d9:19:35:78:a4:02:47:34:f9:96:cf:2e:
         de:d9:36:b6:4d:ab:7a:8c:a5:1c:7a:2d:e4:00:64:23:d4:0f:
         62:7c:b7:2b:13:5f:ad:af:8b:6a:73:36:2f:51:90:6b:12:c7:
         ab:1c:7e:4c:24:45:dc:f7:1d:85:8a:7d:bc:b9:10:99:20:54:
         3e:c8:90:13:cd:db:cc:4c:a0:e1:13:ee:7d:eb:6d:b7:00:d5:
         65:f1:60:f8:74:82:14:f4:e9:f2:c4:bb:a8:a1:b2:9b:db:e5:
         c6:16:6c:27:92:05:9e:db:ab:e3:5a:e4:42:5d:61:ca:9b:10:
         22:80:a0:93:75:c2:64:f5:8c:17:27:aa:74:c0:b5:22:44:96:
         24:da:fc:00:70:e5:52:a0:ee:67:52:7c:bc:67:06:73:6e:f8:
         2a:cb:fe:e1:30:a9:f4:8a:72:af:e4:df:b7:00:e8:6e:ba:ac:
         68:0f:f2:ac:9e:ab:8e:06:c3:0d:da:8c:cd:d8:78:c7:25:1a:
         4f:5a:00:b9:95:de:f3:a1:64:4b:4d:05:c2:a1:b7:51:f5:a5:
         17:18:be:ae
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUfRpnpsXuM4XprSuOHPVuCurF9pEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjAzMTIyMzU2NTNaFw0yNzAzMTIwMDAxNTNaMDMxMTAvBgNV
BAMTKERCNURGRjY2NDA0NjYxMzU1N0Q0MTVFRjMyRUVEQ0ExRTc1MzZERTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJeLluUsGWo45m3tS9fUP2IEsD
scTvM9ZhC6qj1DiL1tmpv6QGCQAhHdpWD7o/ZDtMPpXdec/6AHUT8F9rhWC1ttuz
3wQntgyQnD/Pt71RYSa2pbCYH8Y6mhv0bbZutETYlRiEfcru0+G6la2KKIwaYvZj
V/MOXs2YzQY0dxkWT/VT7yygkIbDyocGELivGjqlOPMtT/tXZzoZsJhtZeMlNonV
tAZLdLQ2s7soSGl7pRuxc3t5s2ChfSNtOu0+ohj+NNhwtzzBXwwyANtLcRIRcVCu
vSPnjqhLJlHydSfaAUqzwPZwQEYhGw1qsntuo3VDYk75hoIVEhZg5MjVdd/NAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU213/ZkBGYTVX1BXvMu7coedTbekwHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzQzNTJlMzgzNzJlMzEzNzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVesMA0G
CSqGSIb3DQEBCwUAA4IBAQBRqG6fGPoUtdoKVDO63FAYhb8gxgSiEbpD+znITNjb
qyXIjz4UT1SLwHjZGTV4pAJHNPmWzy7e2Ta2Tat6jKUcei3kAGQj1A9ifLcrE1+t
r4tqczYvUZBrEserHH5MJEXc9x2Fin28uRCZIFQ+yJATzdvMTKDhE+596223ANVl
8WD4dIIU9OnyxLuoobKb2+XGFmwnkgWe26vjWuRCXWHKmxAigKCTdcJk9YwXJ6p0
wLUiRJYk2vwAcOVSoO5nUny8ZwZzbvgqy/7hMKn0inKv5N+3AOhuuqxoD/KsnquO
BsMN2ozN2HjHJRpPWgC5ld7zoWRLTQXCobdR9aUXGL6u
-----END CERTIFICATE-----