Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3139302e302f32342d3234203d3e20383334.roa
File:                     34352e31312e3139302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          6wsCfZjp2RWC0nlMsEwUVLoCN0Bv/nZBqG83s8ZVz6A=
Subject key identifier:   53:C9:DF:36:94:4C:C6:7A:15:A1:AF:2F:84:31:32:C1:37:61:00:D4
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       5A29A3EB65944A2477EA54256FCC91C4BE73B363
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3139302e302f32342d3234203d3e20383334.roa
Signing time:             Thu 26 Mar 2026 09:00:54 +0000
ROA not before:           Thu 26 Mar 2026 08:55:54 +0000
ROA not after:            Thu 25 Mar 2027 09:00:54 +0000
asID:                     834
IP address blocks:        45.11.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:29:a3:eb:65:94:4a:24:77:ea:54:25:6f:cc:91:c4:be:73:b3:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Mar 26 08:55:54 2026 GMT
            Not After : Mar 25 09:00:54 2027 GMT
        Subject: CN=53C9DF36944CC67A15A1AF2F843132C1376100D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:54:d9:2f:53:83:3c:df:c2:fc:ed:5c:e5:86:
                    72:e3:27:4a:a0:46:0f:66:4a:d0:45:b1:e6:76:55:
                    9d:17:4e:65:e0:65:68:51:90:07:7d:cd:56:7d:52:
                    ef:a2:15:36:a9:52:5e:4a:51:5e:62:1a:62:af:67:
                    4c:40:58:64:fa:55:70:29:dd:e3:8a:1a:a2:97:2a:
                    8f:a5:1c:f3:b7:cb:0f:94:8b:fe:88:69:0a:e5:e0:
                    7c:ff:78:e3:7d:45:c5:e0:56:ff:0a:8a:7d:20:5c:
                    19:de:7b:91:9e:3a:89:cc:78:d1:99:63:9c:28:d1:
                    66:83:4a:e8:bd:3b:0b:f7:53:54:eb:71:ab:1f:f7:
                    dd:4a:88:3b:b6:55:50:21:fa:6b:2b:c1:7b:0b:0d:
                    7e:fa:8a:d6:3f:b9:34:b4:49:7c:0c:ac:33:4f:e3:
                    9b:17:93:41:91:53:22:26:3a:9f:e7:07:3c:bb:8a:
                    47:51:67:cc:83:1e:ba:9f:b7:da:83:f7:3f:8f:bf:
                    e1:84:74:e8:29:0e:95:a8:1c:62:d6:bb:ef:b4:96:
                    9b:52:28:f4:b2:9a:66:75:9b:0e:e3:8e:ef:40:61:
                    5d:f8:4b:92:05:04:4d:09:8d:c3:f2:b9:e6:4c:69:
                    22:4f:44:ff:ca:99:36:8b:e5:99:51:c1:fc:73:b3:
                    c1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:C9:DF:36:94:4C:C6:7A:15:A1:AF:2F:84:31:32:C1:37:61:00:D4
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3139302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a6:5c:55:fa:67:a3:fe:52:96:a1:72:25:5d:15:1e:00:23:
         d8:8f:cc:d5:6a:ec:6b:a3:a5:52:fc:6f:4e:69:62:8f:8a:8e:
         3d:35:ab:e0:39:74:36:22:2b:66:9b:b9:ad:34:b0:5b:35:f8:
         03:94:c2:72:04:17:ea:38:36:ec:37:74:d0:94:09:46:5a:2b:
         0e:8f:32:7c:ed:98:84:19:a7:99:05:98:57:d2:4f:3e:f4:5e:
         d5:e8:09:83:08:e1:4e:c1:77:58:ee:50:aa:3c:53:38:a2:93:
         67:c7:67:8b:86:c8:96:6d:d1:1d:33:37:09:0b:91:d8:9e:ff:
         b3:5f:54:b4:f6:68:08:81:bb:f0:99:45:5d:a9:45:02:88:a4:
         7c:0f:d8:1c:aa:f7:82:2e:35:bf:d5:bd:5d:0c:b5:41:af:e7:
         47:c9:02:68:d3:b7:ef:06:5a:04:56:ab:45:b2:f5:24:e6:4a:
         3b:d1:0b:c8:e3:de:85:86:dc:80:dd:13:a6:86:d3:67:76:d5:
         8b:9e:56:7e:ca:ba:7a:80:3f:43:da:c4:90:1d:d8:df:2b:e6:
         de:31:26:7a:19:0f:0e:f9:0b:4f:24:38:7c:8a:9c:d6:50:fa:
         64:bf:d5:16:34:94:73:06:8d:e0:56:27:79:2e:61:87:37:91:
         7d:62:11:ee
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUWimj62WUSiR36lQlb8yRxL5zs2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjAzMjYwODU1NTRaFw0yNzAzMjUwOTAwNTRaMDMxMTAvBgNV
BAMTKDUzQzlERjM2OTQ0Q0M2N0ExNUExQUYyRjg0MzEzMkMxMzc2MTAwRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyVNkvU4M838L87VzlhnLjJ0qg
Rg9mStBFseZ2VZ0XTmXgZWhRkAd9zVZ9Uu+iFTapUl5KUV5iGmKvZ0xAWGT6VXAp
3eOKGqKXKo+lHPO3yw+Ui/6IaQrl4Hz/eON9RcXgVv8Kin0gXBnee5GeOonMeNGZ
Y5wo0WaDSui9Owv3U1Trcasf991KiDu2VVAh+msrwXsLDX76itY/uTS0SXwMrDNP
45sXk0GRUyImOp/nBzy7ikdRZ8yDHrqft9qD9z+Pv+GEdOgpDpWoHGLWu++0lptS
KPSymmZ1mw7jju9AYV34S5IFBE0JjcPyueZMaSJPRP/KmTaL5ZlRwfxzs8E7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUU8nfNpRMxnoVoa8vhDEywTdhANQwHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzQzNTJlMzEzMTJlMzEzOTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQu+MA0G
CSqGSIb3DQEBCwUAA4IBAQADplxV+mej/lKWoXIlXRUeACPYj8zVauxro6VS/G9O
aWKPio49NavgOXQ2Iitmm7mtNLBbNfgDlMJyBBfqODbsN3TQlAlGWisOjzJ87ZiE
GaeZBZhX0k8+9F7V6AmDCOFOwXdY7lCqPFM4opNnx2eLhsiWbdEdMzcJC5HYnv+z
X1S09mgIgbvwmUVdqUUCiKR8D9gcqveCLjW/1b1dDLVBr+dHyQJo07fvBloEVqtF
svUk5ko70QvI496FhtyA3ROmhtNndtWLnlZ+yrp6gD9D2sSQHdjfK+beMSZ6GQ8O
+QtPJDh8ipzWUPpkv9UWNJRzBo3gVid5LmGHN5F9YhHu
-----END CERTIFICATE-----