Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323032363733.roa
File:                     34352e382e3137332e302f32342d3234203d3e20323032363733.roa (raw, json)
Hash identifier:          d7fBecaPyrVjM4P3S3kg+4o4EIrWILvQcE2M5oWoSkI=
Subject key identifier:   71:F2:D1:39:A1:4D:30:D8:9D:5C:04:25:90:D5:A1:70:AC:DE:66:DA
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       06CF8F57197838F8C8FD8694CB01D3D4F4FA3D23
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323032363733.roa
Signing time:             Thu 12 Mar 2026 12:44:10 +0000
ROA not before:           Thu 12 Mar 2026 12:39:10 +0000
ROA not after:            Thu 11 Mar 2027 12:44:10 +0000
asID:                     202673
IP address blocks:        45.8.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:cf:8f:57:19:78:38:f8:c8:fd:86:94:cb:01:d3:d4:f4:fa:3d:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Mar 12 12:39:10 2026 GMT
            Not After : Mar 11 12:44:10 2027 GMT
        Subject: CN=71F2D139A14D30D89D5C042590D5A170ACDE66DA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:63:cf:9a:11:05:fa:4a:ee:e1:f0:0b:d1:0a:
                    d6:7f:da:4d:72:b9:c1:f1:f5:c2:79:bb:13:ca:a2:
                    9e:d8:67:1a:d6:df:3a:c9:84:2e:42:78:b5:6e:bc:
                    d7:13:2b:2f:0f:e6:ab:3f:b5:7e:f0:bd:c4:3d:fa:
                    07:da:57:52:75:f6:a9:3f:14:6e:7f:c2:95:4e:d5:
                    36:be:01:01:68:82:eb:9f:8d:2c:48:93:ba:25:30:
                    ac:f6:ac:6f:db:03:98:75:73:a7:43:62:8d:07:f3:
                    d1:17:25:9c:88:90:5b:3f:20:79:06:23:be:36:4e:
                    8e:bc:5b:6d:60:8a:ce:e1:22:a1:e1:18:17:62:10:
                    43:ab:ed:9d:af:f4:37:b8:16:d4:0e:6c:81:2d:78:
                    67:60:7e:f6:a1:9a:b5:ec:83:19:4b:9f:39:d7:61:
                    1f:07:d9:d2:d9:24:b4:bb:3b:aa:a9:d5:eb:7f:48:
                    2a:31:47:5a:7b:6c:75:7e:8d:44:91:65:da:a3:94:
                    f5:e8:67:e2:e9:68:34:35:55:c2:75:f1:3d:95:44:
                    10:15:e6:57:f6:88:76:16:f4:80:86:ea:02:57:f0:
                    bb:bf:8d:a0:44:85:5e:40:c2:5f:83:58:44:81:d8:
                    0a:c0:ee:47:77:19:69:cc:6d:f6:98:8e:03:f2:15:
                    f0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F2:D1:39:A1:4D:30:D8:9D:5C:04:25:90:D5:A1:70:AC:DE:66:DA
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137332e302f32342d3234203d3e20323032363733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:d7:09:14:32:8a:3f:b0:c5:73:b2:d5:4b:cd:0f:d3:b4:ac:
         f0:0c:a9:12:e1:86:93:1a:95:3d:c9:d4:52:ee:79:97:47:06:
         98:1a:38:04:6c:2c:07:f5:3f:9d:a6:14:a5:0c:f0:1d:6c:69:
         69:d4:ae:aa:ba:69:51:50:1b:7d:e2:06:92:29:d6:d1:0d:57:
         52:e4:b6:38:a8:26:5f:99:8f:74:d0:9f:84:d6:54:04:09:f3:
         61:e8:ee:ef:e8:66:cd:08:d9:c1:c9:cc:4b:1f:39:77:ac:19:
         f9:41:65:77:27:99:50:d2:6d:e7:db:59:73:f7:88:f8:e5:bc:
         00:67:6d:82:5e:b7:f0:2d:e7:4e:18:29:86:e9:46:4c:5b:b3:
         25:59:b4:72:89:8c:ef:88:75:0c:64:86:3c:62:cf:a6:04:c9:
         65:92:da:26:ee:a8:64:c6:62:27:b7:11:6e:8b:2e:89:99:3d:
         21:26:02:5f:05:57:e5:50:fb:d2:4b:1b:06:cb:21:8e:3f:22:
         01:40:56:15:da:3f:8d:3d:4a:f0:98:a3:ca:49:5e:f5:21:99:
         94:6c:81:92:e6:29:13:f0:a0:39:af:fe:f1:24:4e:99:cb:34:
         2e:14:f6:09:16:b4:62:db:fc:95:34:98:86:a6:c9:cb:da:dd:
         c3:f3:22:0a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBs+PVxl4OPjI/YaUywHT1PT6PSMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjAzMTIxMjM5MTBaFw0yNzAzMTExMjQ0MTBaMDMxMTAvBgNV
BAMTKDcxRjJEMTM5QTE0RDMwRDg5RDVDMDQyNTkwRDVBMTcwQUNERTY2REEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTY8+aEQX6Su7h8AvRCtZ/2k1y
ucHx9cJ5uxPKop7YZxrW3zrJhC5CeLVuvNcTKy8P5qs/tX7wvcQ9+gfaV1J19qk/
FG5/wpVO1Ta+AQFoguufjSxIk7olMKz2rG/bA5h1c6dDYo0H89EXJZyIkFs/IHkG
I742To68W21gis7hIqHhGBdiEEOr7Z2v9De4FtQObIEteGdgfvahmrXsgxlLnznX
YR8H2dLZJLS7O6qp1et/SCoxR1p7bHV+jUSRZdqjlPXoZ+LpaDQ1VcJ18T2VRBAV
5lf2iHYW9ICG6gJX8Lu/jaBEhV5Awl+DWESB2ArA7kd3GWnMbfaYjgPyFfBFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUcfLROaFNMNidXAQlkNWhcKzeZtowHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMjM2MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
rTANBgkqhkiG9w0BAQsFAAOCAQEAQ9cJFDKKP7DFc7LVS80P07Ss8AypEuGGkxqV
PcnUUu55l0cGmBo4BGwsB/U/naYUpQzwHWxpadSuqrppUVAbfeIGkinW0Q1XUuS2
OKgmX5mPdNCfhNZUBAnzYeju7+hmzQjZwcnMSx85d6wZ+UFldyeZUNJt59tZc/eI
+OW8AGdtgl638C3nThgphulGTFuzJVm0comM74h1DGSGPGLPpgTJZZLaJu6oZMZi
J7cRbosuiZk9ISYCXwVX5VD70ksbBsshjj8iAUBWFdo/jT1K8Jijykle9SGZlGyB
kuYpE/CgOa/+8SROmcs0LhT2CRa0Ytv8lTSYhqbJy9rdw/MiCg==
-----END CERTIFICATE-----