Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e36352e3131352e302f32342d3234203d3e203230343733.roa
File:                     34352e36352e3131352e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          yhvJN/u+/cR9pJcYDxKKd4yUYUnB1Pt1jF5f+nVnA/k=
Subject key identifier:   41:B5:9E:98:42:E7:8E:C7:2A:44:6A:C1:81:CD:6F:E6:D6:37:7D:39
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       3B620F7FA3ACCDC279B5059271335EE709ACA6B0
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e36352e3131352e302f32342d3234203d3e203230343733.roa
Signing time:             Thu 26 Mar 2026 09:00:55 +0000
ROA not before:           Thu 26 Mar 2026 08:55:55 +0000
ROA not after:            Thu 25 Mar 2027 09:00:55 +0000
asID:                     20473
IP address blocks:        45.65.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:62:0f:7f:a3:ac:cd:c2:79:b5:05:92:71:33:5e:e7:09:ac:a6:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Mar 26 08:55:55 2026 GMT
            Not After : Mar 25 09:00:55 2027 GMT
        Subject: CN=41B59E9842E78EC72A446AC181CD6FE6D6377D39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d1:36:a5:90:8f:d0:6f:1c:3e:a2:7d:7b:4c:
                    db:d3:2f:d5:b8:f0:91:9d:61:52:ba:38:4a:f5:bb:
                    6a:36:fa:b4:9d:6e:ae:76:63:80:c1:2b:f5:3a:d6:
                    19:11:0d:b5:fd:0b:be:a7:1f:a6:55:a7:5c:53:3e:
                    4a:0d:ff:2f:f4:a2:9e:4c:02:28:ae:56:81:9e:df:
                    40:a2:f2:86:38:17:98:0f:66:96:ed:29:2e:19:7d:
                    df:76:ff:99:f8:0c:31:f4:34:c9:6c:ed:df:ef:f5:
                    6b:00:d9:23:a2:ce:50:0e:ee:f0:8c:0a:4e:c3:0c:
                    94:f0:79:ab:7b:95:51:67:24:74:17:e9:73:cc:21:
                    d9:90:e1:6a:1b:72:47:8e:f5:78:b2:26:02:ab:ac:
                    d2:ad:9e:3c:66:df:8d:d3:f3:8d:99:7e:51:ac:41:
                    ac:b4:14:70:41:14:4d:01:97:74:93:20:e2:de:81:
                    46:2a:a4:52:cf:d8:6c:11:d6:72:56:e7:cf:8e:5d:
                    d8:5d:2e:cd:11:a5:e0:d6:b8:c4:db:20:17:26:f2:
                    2f:83:1e:56:64:6c:a7:83:35:0d:0b:fa:b0:6f:1a:
                    fa:27:aa:76:f8:b7:d1:d4:b9:5f:e9:f8:d5:10:54:
                    20:da:56:66:cf:b0:01:4b:d1:14:1e:b4:e6:c7:a3:
                    fc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B5:9E:98:42:E7:8E:C7:2A:44:6A:C1:81:CD:6F:E6:D6:37:7D:39
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e36352e3131352e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:43:8d:4a:8f:f5:84:6b:b1:e3:4c:64:da:4c:6d:79:31:ac:
         c9:8d:16:00:de:e2:4d:9c:59:01:34:3c:e5:aa:c0:94:82:b1:
         58:5a:25:e6:b5:5c:2e:d5:17:6e:15:28:33:c3:b6:29:2f:e7:
         ec:93:aa:67:0a:55:1f:b1:57:1b:3a:2a:67:04:03:49:70:2f:
         65:30:f4:e9:8f:ae:21:34:e0:cf:4b:4a:d3:30:96:f3:ec:0c:
         2c:0a:e6:30:a6:65:90:d9:48:18:78:b9:1f:3b:dd:58:0c:b4:
         a4:68:8d:32:69:2c:f0:47:c7:62:f0:ac:0d:c5:2b:84:52:ee:
         42:27:2e:57:e8:b1:ff:24:bd:ca:7d:ad:ba:28:cb:c4:1f:31:
         f8:f3:35:25:4a:48:51:c0:ed:5f:e3:93:61:75:14:1e:45:a6:
         ab:ad:59:31:af:ed:c1:e2:98:41:70:8f:be:6a:08:c1:86:4a:
         55:09:9f:7d:9c:cf:b3:d5:d5:1e:81:e5:ea:45:ff:cb:ac:13:
         3d:7b:30:3b:d6:f7:f5:ca:69:d6:40:58:8b:e0:84:3a:88:5a:
         4c:71:91:75:7a:01:93:25:ba:00:db:b0:87:24:1f:eb:e0:4b:
         f8:02:31:d2:fd:74:96:68:90:ab:f0:8d:36:98:ee:03:97:bd:
         1a:84:b5:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUO2IPf6OszcJ5tQWScTNe5wmsprAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjAzMjYwODU1NTVaFw0yNzAzMjUwOTAwNTVaMDMxMTAvBgNV
BAMTKDQxQjU5RTk4NDJFNzhFQzcyQTQ0NkFDMTgxQ0Q2RkU2RDYzNzdEMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn0TalkI/Qbxw+on17TNvTL9W4
8JGdYVK6OEr1u2o2+rSdbq52Y4DBK/U61hkRDbX9C76nH6ZVp1xTPkoN/y/0op5M
AiiuVoGe30Ci8oY4F5gPZpbtKS4Zfd92/5n4DDH0NMls7d/v9WsA2SOizlAO7vCM
Ck7DDJTweat7lVFnJHQX6XPMIdmQ4WobckeO9XiyJgKrrNKtnjxm343T842ZflGs
Qay0FHBBFE0Bl3STIOLegUYqpFLP2GwR1nJW58+OXdhdLs0RpeDWuMTbIBcm8i+D
HlZkbKeDNQ0L+rBvGvonqnb4t9HUuV/p+NUQVCDaVmbPsAFL0RQetObHo/znAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQbWemELnjscqRGrBgc1v5tY3fTkwHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzQzNTJlMzYzNTJlMzEzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1B
czANBgkqhkiG9w0BAQsFAAOCAQEAB0ONSo/1hGux40xk2kxteTGsyY0WAN7iTZxZ
ATQ85arAlIKxWFol5rVcLtUXbhUoM8O2KS/n7JOqZwpVH7FXGzoqZwQDSXAvZTD0
6Y+uITTgz0tK0zCW8+wMLArmMKZlkNlIGHi5HzvdWAy0pGiNMmks8EfHYvCsDcUr
hFLuQicuV+ix/yS9yn2tuijLxB8x+PM1JUpIUcDtX+OTYXUUHkWmq61ZMa/tweKY
QXCPvmoIwYZKVQmffZzPs9XVHoHl6kX/y6wTPXswO9b39cpp1kBYi+CEOohaTHGR
dXoBkyW6ANuwhyQf6+BL+AIx0v10lmiQq/CNNpjuA5e9GoS1ZA==
-----END CERTIFICATE-----