Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3138382e302f32342d3234203d3e203239383032.roa
File:                     34352e31312e3138382e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          Lkhf2DP0KzmwZlexS6drmdGUYUB4E7guXRSVyb0AOxE=
Subject key identifier:   BA:80:56:36:8B:7F:DB:99:D0:58:2E:BA:26:17:6B:7D:2C:97:00:EA
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       7317A4292E0AB21C38337FA6C7B403D772EC6543
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3138382e302f32342d3234203d3e203239383032.roa
Signing time:             Thu 26 Mar 2026 09:00:56 +0000
ROA not before:           Thu 26 Mar 2026 08:55:56 +0000
ROA not after:            Thu 25 Mar 2027 09:00:56 +0000
asID:                     29802
IP address blocks:        45.11.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:17:a4:29:2e:0a:b2:1c:38:33:7f:a6:c7:b4:03:d7:72:ec:65:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Mar 26 08:55:56 2026 GMT
            Not After : Mar 25 09:00:56 2027 GMT
        Subject: CN=BA8056368B7FDB99D0582EBA26176B7D2C9700EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:9f:8d:0b:3f:7a:c7:a3:fb:cd:4e:52:c1:a0:
                    b9:0a:88:0e:02:20:09:11:01:21:a8:69:24:b0:ed:
                    80:40:32:38:88:31:0b:c5:82:26:39:f7:bd:95:01:
                    a6:c7:d5:a4:b3:16:82:29:3c:37:5e:3d:75:f6:82:
                    45:f3:5f:6b:e1:d5:72:20:80:ed:cf:39:75:2b:d5:
                    e1:2c:24:9f:34:65:83:da:95:1c:4e:dd:0f:72:b7:
                    30:df:af:4d:8a:c1:42:20:58:74:e0:87:9d:10:4f:
                    8e:8d:3f:88:56:72:d7:13:2a:26:ca:43:c2:95:61:
                    51:a9:cb:88:ea:c1:ef:05:0a:37:34:46:bc:4b:87:
                    47:14:4a:9b:16:e3:b2:60:55:b2:64:2f:ae:27:9a:
                    0c:a1:02:58:eb:9c:57:e9:37:b9:35:61:60:74:a0:
                    31:e6:2d:dc:07:6e:74:5a:48:1f:7e:3e:93:83:19:
                    11:0b:73:24:10:b3:f3:34:b1:2a:1a:39:b0:c9:c3:
                    45:00:5c:9c:46:64:18:ab:8b:86:86:c8:17:3d:8a:
                    0b:7d:33:4a:b9:51:a4:43:51:fd:0a:98:98:ae:49:
                    60:be:09:b7:15:96:be:3d:39:91:c4:f2:cb:52:5e:
                    b4:0e:40:c8:32:6a:18:5d:82:f4:44:3f:63:ce:68:
                    2a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:80:56:36:8B:7F:DB:99:D0:58:2E:BA:26:17:6B:7D:2C:97:00:EA
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3138382e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:8b:10:c4:41:76:e6:24:1a:1b:7e:35:b4:b8:ac:21:3e:1a:
         2e:2d:6d:3c:46:86:eb:ef:67:1a:2e:3e:27:96:40:95:d8:e5:
         3f:29:74:3c:05:8c:69:a1:45:5c:65:b4:fa:4a:f4:46:6f:48:
         b7:a3:db:b0:36:47:29:21:19:15:d1:42:46:1d:0c:d7:57:af:
         08:b9:b5:cd:fc:97:3f:59:d0:ac:f5:64:31:93:2f:c4:32:8d:
         da:b5:d6:f9:7f:ee:4e:b9:23:fc:90:c0:fd:58:e1:a2:92:41:
         16:c9:94:07:e8:4b:72:be:be:6a:ab:4a:38:3f:ce:04:6a:47:
         54:83:0f:2e:8e:3d:c7:e3:72:00:f3:0c:49:a6:17:28:f0:af:
         87:fc:84:fd:83:88:4c:3b:23:b7:86:4b:d2:b8:56:65:66:8c:
         6e:ed:2f:a0:76:66:4a:58:ff:15:70:8b:07:b6:b2:b8:33:37:
         01:79:9a:3b:4a:ba:01:7c:32:1d:38:8f:87:fe:36:a5:82:35:
         16:30:35:df:dc:8f:67:8b:80:2b:24:91:ea:6a:d4:ae:fa:b4:
         12:d2:65:f0:99:96:9d:50:21:c1:55:9e:54:eb:e3:f3:63:d0:
         7c:59:5b:92:0b:32:d6:66:c4:4d:2a:0e:a4:e7:cf:8e:87:dc:
         14:57:cb:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUcxekKS4Kshw4M3+mx7QD13LsZUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjAzMjYwODU1NTZaFw0yNzAzMjUwOTAwNTZaMDMxMTAvBgNV
BAMTKEJBODA1NjM2OEI3RkRCOTlEMDU4MkVCQTI2MTc2QjdEMkM5NzAwRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRn40LP3rHo/vNTlLBoLkKiA4C
IAkRASGoaSSw7YBAMjiIMQvFgiY5972VAabH1aSzFoIpPDdePXX2gkXzX2vh1XIg
gO3POXUr1eEsJJ80ZYPalRxO3Q9ytzDfr02KwUIgWHTgh50QT46NP4hWctcTKibK
Q8KVYVGpy4jqwe8FCjc0RrxLh0cUSpsW47JgVbJkL64nmgyhAljrnFfpN7k1YWB0
oDHmLdwHbnRaSB9+PpODGRELcyQQs/M0sSoaObDJw0UAXJxGZBiri4aGyBc9igt9
M0q5UaRDUf0KmJiuSWC+CbcVlr49OZHE8stSXrQOQMgyahhdgvREP2POaCr1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuoBWNot/25nQWC66JhdrfSyXAOowHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzQzNTJlMzEzMTJlMzEzODM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
vDANBgkqhkiG9w0BAQsFAAOCAQEAm4sQxEF25iQaG341tLisIT4aLi1tPEaG6+9n
Gi4+J5ZAldjlPyl0PAWMaaFFXGW0+kr0Rm9It6PbsDZHKSEZFdFCRh0M11evCLm1
zfyXP1nQrPVkMZMvxDKN2rXW+X/uTrkj/JDA/VjhopJBFsmUB+hLcr6+aqtKOD/O
BGpHVIMPLo49x+NyAPMMSaYXKPCvh/yE/YOITDsjt4ZL0rhWZWaMbu0voHZmSlj/
FXCLB7ayuDM3AXmaO0q6AXwyHTiPh/42pYI1FjA139yPZ4uAKySR6mrUrvq0EtJl
8JmWnVAhwVWeVOvj82PQfFlbkgsy1mbETSoOpOfPjofcFFfLbQ==
-----END CERTIFICATE-----