Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e36352e3131352e302f32342d3234203d3e203236373337.roa
File:                     34352e36352e3131352e302f32342d3234203d3e203236373337.roa (raw, json)
Hash identifier:          smsQHgod/KKyfvyXZ1C+HF5/sRFrnywLaSTdtay9V2M=
Subject key identifier:   50:6E:3F:59:D0:31:5C:FA:D3:AC:BF:89:D8:62:89:76:03:92:9A:45
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       351C44C61CE4A3DB3A489ED5A89776424D5E6703
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e36352e3131352e302f32342d3234203d3e203236373337.roa
Signing time:             Thu 26 Mar 2026 09:00:56 +0000
ROA not before:           Thu 26 Mar 2026 08:55:56 +0000
ROA not after:            Thu 25 Mar 2027 09:00:56 +0000
asID:                     26737
IP address blocks:        45.65.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:1c:44:c6:1c:e4:a3:db:3a:48:9e:d5:a8:97:76:42:4d:5e:67:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Mar 26 08:55:56 2026 GMT
            Not After : Mar 25 09:00:56 2027 GMT
        Subject: CN=506E3F59D0315CFAD3ACBF89D862897603929A45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:11:1f:cd:48:db:b2:06:bf:16:34:af:85:df:
                    52:6b:c1:50:83:3a:0a:04:df:0b:77:fc:7f:34:5e:
                    ac:e2:6e:5f:a4:f6:f8:88:90:89:44:ed:45:c0:34:
                    d2:d2:fc:94:5b:02:1b:d1:9c:a8:52:f6:19:29:d7:
                    af:14:c0:d6:c7:95:ba:bd:0a:87:7d:59:67:c0:30:
                    3a:da:60:ac:fc:51:da:cb:26:f3:57:83:6f:1e:2f:
                    d4:3c:49:22:5b:86:b2:89:6c:ee:b9:0b:43:9b:9a:
                    60:8f:f4:58:f1:d6:fe:66:5a:46:82:ce:8f:8b:a1:
                    dd:b0:9c:74:9a:04:a2:d5:4a:73:f6:06:89:65:4b:
                    dc:1b:c1:ef:2d:78:f5:b7:fd:37:79:e6:65:4c:f7:
                    bd:1d:11:24:8a:a0:9f:74:6d:21:bb:c5:ee:48:6e:
                    47:87:3b:e3:ef:50:19:60:84:b3:ab:6f:d3:62:08:
                    ad:2c:09:aa:03:18:a9:3a:42:b2:01:38:e8:78:28:
                    64:1a:ac:c0:15:81:15:5f:54:de:42:36:bf:22:88:
                    f5:63:62:a5:69:7e:ea:0b:87:66:52:6b:33:f3:e7:
                    c3:87:0a:67:57:cd:b4:99:d0:00:56:bf:3d:99:d1:
                    f4:82:eb:bb:9e:ba:81:c8:dc:55:84:dc:21:e6:eb:
                    1b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:6E:3F:59:D0:31:5C:FA:D3:AC:BF:89:D8:62:89:76:03:92:9A:45
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e36352e3131352e302f32342d3234203d3e203236373337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:7d:5e:9e:90:7b:2d:f8:37:6c:27:3e:5e:a7:de:a0:ae:c3:
         b6:dc:f8:f1:66:61:33:ca:5c:f5:85:44:10:ea:4a:91:9b:f8:
         09:69:07:a7:78:b5:dd:28:fa:0c:dd:65:3d:78:c6:31:46:7d:
         e7:87:fe:46:eb:15:5e:10:f2:68:db:1e:5f:8c:b5:0e:51:c7:
         94:95:0b:3c:2c:73:ec:38:f1:5d:d5:6f:02:2e:7b:fe:bd:4f:
         a7:04:f0:72:ad:dc:9a:c0:5e:2f:e5:cd:c3:06:7e:41:5e:65:
         aa:3b:34:b9:8c:e7:14:80:d0:18:b5:51:dd:0a:10:29:b2:10:
         cb:fe:ce:dc:21:59:42:4d:d0:88:8b:be:35:86:1f:32:8c:24:
         c2:c4:22:bf:83:f4:2d:97:49:35:60:fe:51:86:94:f2:67:00:
         8d:f4:47:fd:f5:42:37:0f:c3:9a:8e:fb:68:62:c0:f3:45:f2:
         d3:bb:33:0c:d4:3a:14:4b:bc:9c:32:ee:db:51:a3:53:d1:39:
         70:4b:35:8a:ff:c7:32:89:f7:3c:d5:f8:b0:13:1c:7e:2d:58:
         b5:e4:4e:17:f0:95:45:3f:f5:9c:90:9f:ce:ec:58:56:46:a4:
         66:5b:7f:76:86:43:82:30:5d:f7:e1:b8:b3:05:8f:27:2b:87:
         8b:fb:42:71
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNRxExhzko9s6SJ7VqJd2Qk1eZwMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjAzMjYwODU1NTZaFw0yNzAzMjUwOTAwNTZaMDMxMTAvBgNV
BAMTKDUwNkUzRjU5RDAzMTVDRkFEM0FDQkY4OUQ4NjI4OTc2MDM5MjlBNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvER/NSNuyBr8WNK+F31JrwVCD
OgoE3wt3/H80Xqzibl+k9viIkIlE7UXANNLS/JRbAhvRnKhS9hkp168UwNbHlbq9
Cod9WWfAMDraYKz8UdrLJvNXg28eL9Q8SSJbhrKJbO65C0ObmmCP9Fjx1v5mWkaC
zo+Lod2wnHSaBKLVSnP2BollS9wbwe8tePW3/Td55mVM970dESSKoJ90bSG7xe5I
bkeHO+PvUBlghLOrb9NiCK0sCaoDGKk6QrIBOOh4KGQarMAVgRVfVN5CNr8iiPVj
YqVpfuoLh2ZSazPz58OHCmdXzbSZ0ABWvz2Z0fSC67ueuoHI3FWE3CHm6xsXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUG4/WdAxXPrTrL+J2GKJdgOSmkUwHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzQzNTJlMzYzNTJlMzEzMTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjM3MzMzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1B
czANBgkqhkiG9w0BAQsFAAOCAQEAO31enpB7Lfg3bCc+XqfeoK7Dttz48WZhM8pc
9YVEEOpKkZv4CWkHp3i13Sj6DN1lPXjGMUZ954f+RusVXhDyaNseX4y1DlHHlJUL
PCxz7DjxXdVvAi57/r1PpwTwcq3cmsBeL+XNwwZ+QV5lqjs0uYznFIDQGLVR3QoQ
KbIQy/7O3CFZQk3QiIu+NYYfMowkwsQiv4P0LZdJNWD+UYaU8mcAjfRH/fVCNw/D
mo77aGLA80Xy07szDNQ6FEu8nDLu21GjU9E5cEs1iv/HMon3PNX4sBMcfi1YteRO
F/CVRT/1nJCfzuxYVkakZlt/doZDgjBd9+G4swWPJyuHi/tCcQ==
-----END CERTIFICATE-----