Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/34352e3134362e352e302f32342d3234203d3e203431373230.roa
File:                     34352e3134362e352e302f32342d3234203d3e203431373230.roa (raw, json)
Hash identifier:          /A+vKWQmGHFkxgp4vYuvNcELZtcoJ1pL9jVDE0PN8VU=
Subject key identifier:   AE:1B:6D:30:C9:98:AE:11:B9:73:C2:AE:93:AD:AD:CB:FD:98:83:F0
Certificate issuer:       /CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
Certificate serial:       3207D82C74233146875A792D756CBDC42BB2F7A3
Authority key identifier: 88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/34352e3134362e352e302f32342d3234203d3e203431373230.roa
Signing time:             Sat 02 May 2026 07:22:25 +0000
ROA not before:           Sat 02 May 2026 07:17:25 +0000
ROA not after:            Sat 01 May 2027 07:22:25 +0000
asID:                     41720
IP address blocks:        45.146.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:22:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:07:d8:2c:74:23:31:46:87:5a:79:2d:75:6c:bd:c4:2b:b2:f7:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88cdd9c193da9185a4ac15b2ade875fe97b6f491
        Validity
            Not Before: May  2 07:17:25 2026 GMT
            Not After : May  1 07:22:25 2027 GMT
        Subject: CN=AE1B6D30C998AE11B973C2AE93ADADCBFD9883F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:db:46:75:de:d2:fc:5c:9c:fb:b4:70:89:b1:
                    af:41:9b:37:7e:b9:1f:ea:25:b7:e4:5c:0e:c0:52:
                    08:e3:3f:02:5a:b1:03:c0:3c:62:a5:65:a6:54:e0:
                    41:eb:61:a3:f0:69:a9:1b:7b:69:95:bd:19:b6:3f:
                    29:b5:ee:cc:85:d9:6a:a4:f0:61:6c:01:f3:9c:a3:
                    e7:b3:d1:ad:96:fb:ff:f0:51:1a:0c:32:b5:f1:c7:
                    a7:3f:c1:0f:94:c9:17:63:07:88:c6:7d:51:77:e9:
                    53:c0:f7:54:2e:78:9b:55:62:eb:73:ea:f8:fd:c3:
                    61:b5:50:3f:25:b1:ae:97:4c:99:cb:01:7f:f2:85:
                    14:c0:6e:33:df:54:1e:89:df:9e:24:ec:75:e9:b7:
                    22:78:36:08:fd:c6:66:df:b0:36:44:e5:59:de:cf:
                    49:55:45:eb:23:5d:e5:f2:92:39:1f:88:be:f2:46:
                    c9:4d:00:bc:c3:79:d1:53:8f:0d:65:06:f8:86:96:
                    d9:1d:2a:c4:38:12:d4:70:5e:3a:f6:da:9c:4c:13:
                    97:7e:2b:a2:4f:21:bf:15:95:01:ba:87:dd:87:a3:
                    f1:6b:22:13:08:15:b1:be:e9:93:65:c7:86:68:96:
                    fd:d0:d4:51:01:7f:06:7f:3d:ef:cb:34:b1:2d:e7:
                    bb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1B:6D:30:C9:98:AE:11:B9:73:C2:AE:93:AD:AD:CB:FD:98:83:F0
            X509v3 Authority Key Identifier:
                keyid:88:CD:D9:C1:93:DA:91:85:A4:AC:15:B2:AD:E8:75:FE:97:B6:F4:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/88CDD9C193DA9185A4AC15B2ADE875FE97B6F491.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iM3ZwZPakYWkrBWyreh1_pe29JE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e6aff234-61c5-4290-8a6d-5f2b9027322f/0/34352e3134362e352e302f32342d3234203d3e203431373230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:be:f3:bb:14:bc:f7:f7:44:f5:b6:f8:4b:ae:4e:9a:d6:bb:
         ec:5a:ee:3c:28:f8:1d:9b:27:2d:1f:0e:5c:ee:81:48:f0:66:
         07:15:59:f6:88:bb:28:b3:64:70:1f:d6:be:63:89:80:ea:fe:
         b1:75:ca:0a:48:9f:4a:c0:3a:88:d2:4a:06:9e:b4:d1:43:42:
         10:fc:d9:94:c1:b0:7d:0f:05:5c:5e:df:1e:c0:b9:d3:eb:f5:
         77:32:bb:e4:91:04:94:c8:0e:07:e1:f8:a6:27:e9:df:2b:99:
         a7:33:f8:26:94:d9:0e:f5:9d:d7:bc:a6:a7:4c:23:2d:05:8c:
         d5:ad:f0:49:d3:c5:be:ae:24:0a:f8:67:b2:69:02:64:4d:50:
         af:91:00:eb:5f:3b:b6:e5:3f:63:d6:2a:a1:37:54:d4:80:8c:
         e3:a2:72:ea:36:18:11:1f:61:e6:1a:d9:04:ee:c3:14:c1:2b:
         8f:4e:72:f9:0a:cb:7a:8d:70:24:2d:bc:40:57:e4:74:b1:97:
         0b:04:39:c4:5d:27:0d:99:d9:25:e1:01:2e:48:fd:99:7f:5d:
         a9:1a:e8:52:44:cc:6a:e8:79:91:04:e9:1a:ef:66:61:28:13:
         90:e8:e1:72:e9:da:2b:d3:ca:8e:ca:2f:5a:1c:e0:2f:a3:a8:
         57:19:f5:9f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMgfYLHQjMUaHWnktdWy9xCuy96MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjZGQ5YzE5M2RhOTE4NWE0YWMxNWIyYWRlODc1ZmU5
N2I2ZjQ5MTAeFw0yNjA1MDIwNzE3MjVaFw0yNzA1MDEwNzIyMjVaMDMxMTAvBgNV
BAMTKEFFMUI2RDMwQzk5OEFFMTFCOTczQzJBRTkzQURBRENCRkQ5ODgzRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCE20Z13tL8XJz7tHCJsa9Bmzd+
uR/qJbfkXA7AUgjjPwJasQPAPGKlZaZU4EHrYaPwaakbe2mVvRm2Pym17syF2Wqk
8GFsAfOco+ez0a2W+//wURoMMrXxx6c/wQ+UyRdjB4jGfVF36VPA91QueJtVYutz
6vj9w2G1UD8lsa6XTJnLAX/yhRTAbjPfVB6J354k7HXptyJ4Ngj9xmbfsDZE5Vne
z0lVResjXeXykjkfiL7yRslNALzDedFTjw1lBviGltkdKsQ4EtRwXjr22pxME5d+
K6JPIb8VlQG6h92Ho/FrIhMIFbG+6ZNlx4Zolv3Q1FEBfwZ/Pe/LNLEt57vDAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUrhttMMmYrhG5c8Kuk62ty/2Yg/AwHwYDVR0j
BBgwFoAUiM3ZwZPakYWkrBWyreh1/pe29JEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTZhZmYyMzQtNjFjNS00MjkwLThhNmQtNWYyYjkwMjcz
MjJmLzAvODhDREQ5QzE5M0RBOTE4NUE0QUMxNUIyQURFODc1RkU5N0I2RjQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNM1p3WlBha1lXa3JCV3lyZWgxX3Bl
MjlKRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTZhZmYyMzQt
NjFjNS00MjkwLThhNmQtNWYyYjkwMjczMjJmLzAvMzQzNTJlMzEzNDM2MmUzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzEzNzMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtkgUw
DQYJKoZIhvcNAQELBQADggEBACO+87sUvPf3RPW2+EuuTprWu+xa7jwo+B2bJy0f
DlzugUjwZgcVWfaIuyizZHAf1r5jiYDq/rF1ygpIn0rAOojSSgaetNFDQhD82ZTB
sH0PBVxe3x7AudPr9Xcyu+SRBJTIDgfh+KYn6d8rmacz+CaU2Q71nde8pqdMIy0F
jNWt8EnTxb6uJAr4Z7JpAmRNUK+RAOtfO7blP2PWKqE3VNSAjOOicuo2GBEfYeYa
2QTuwxTBK49OcvkKy3qNcCQtvEBX5HSxlwsEOcRdJw2Z2SXhAS5I/Zl/Xaka6FJE
zGroeZEE6RrvZmEoE5Do4XLp2ivTyo7KL1oc4C+jqFcZ9Z8=
-----END CERTIFICATE-----