Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e203137343937.roa
File:                     34352e3133322e39382e302f32342d3234203d3e203137343937.roa (raw, json)
Hash identifier:          IUP3XlWIZyG1H0S4Enjx7/28GyminuOHnPP/iqw0LYA=
Subject key identifier:   EF:23:67:E7:F0:66:83:C4:5D:50:2C:43:74:C3:B3:20:C5:3E:C4:96
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       3B1FF6C11AFF29FE2454934B079B8B5BF6E8DF19
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e203137343937.roa
Signing time:             Tue 17 Mar 2026 09:01:10 +0000
ROA not before:           Tue 17 Mar 2026 08:56:10 +0000
ROA not after:            Tue 16 Mar 2027 09:01:10 +0000
asID:                     17497
IP address blocks:        45.132.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:1f:f6:c1:1a:ff:29:fe:24:54:93:4b:07:9b:8b:5b:f6:e8:df:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar 17 08:56:10 2026 GMT
            Not After : Mar 16 09:01:10 2027 GMT
        Subject: CN=EF2367E7F06683C45D502C4374C3B320C53EC496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:25:23:4b:9e:e8:e3:e2:40:36:dd:bb:d4:b7:
                    27:a8:1d:3c:3d:e9:c3:22:8b:d4:19:8a:6d:97:12:
                    a6:35:fe:65:b6:4a:09:7b:44:af:d1:aa:60:cc:27:
                    05:95:08:d8:f2:23:25:2d:94:aa:6b:4e:28:fc:59:
                    ec:9a:ee:2f:fa:20:b9:a4:d7:7c:f3:18:6b:90:8d:
                    fe:14:48:1a:cb:e5:7f:5b:e9:c6:81:26:9c:5d:22:
                    dd:c4:d2:31:ce:fc:92:48:20:13:f6:c2:e7:32:18:
                    11:54:f5:89:2f:1b:01:63:f6:c1:f7:b1:31:86:a0:
                    18:fb:f6:02:51:93:da:2c:4e:3f:db:67:91:f6:aa:
                    f4:75:04:72:f7:6d:4f:1a:c7:af:ef:9e:34:12:bf:
                    70:36:7a:d0:a5:89:fe:72:85:0a:64:05:a0:b5:1a:
                    7c:a8:5f:b8:30:d7:7a:4c:24:82:c8:ca:31:8b:51:
                    1f:b3:c4:e6:05:29:35:17:5c:7d:2f:32:ae:13:b6:
                    87:31:97:92:b3:18:5e:88:62:c6:8e:55:ef:e9:84:
                    cf:28:73:85:68:97:d4:bf:2b:7d:85:9c:90:94:6d:
                    b4:1b:1d:55:e5:9e:ad:0a:2e:de:42:aa:f8:04:f5:
                    74:ce:60:c8:c0:d0:20:2d:f9:48:41:f7:55:7d:53:
                    c6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:23:67:E7:F0:66:83:C4:5D:50:2C:43:74:C3:B3:20:C5:3E:C4:96
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3133322e39382e302f32342d3234203d3e203137343937.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e4:ed:92:6b:65:fc:5f:6e:c7:b3:f5:33:30:2f:a2:0f:1d:
         0a:29:e7:d3:82:03:e7:2b:03:42:bc:0e:33:43:94:b3:ba:9f:
         12:fd:f8:50:bf:bc:f3:23:08:52:30:c4:d3:81:4d:1d:8c:d4:
         1b:c8:29:be:c5:70:78:4d:31:f7:45:5d:8e:0c:d0:83:10:73:
         7b:98:f2:8a:6c:d5:44:48:8e:60:35:62:23:fc:46:bf:79:c1:
         60:48:87:75:07:16:16:5e:8b:b9:14:04:12:19:8d:bb:0e:a9:
         a0:99:42:e9:49:6d:6c:0d:26:46:e4:92:78:c6:cc:44:fa:b2:
         19:6a:1d:cc:cf:62:8a:b0:b1:1b:31:73:a0:e5:14:f3:c1:db:
         54:e6:61:fa:47:b2:46:44:4a:3c:d3:e2:5e:f7:f2:53:44:20:
         8a:20:fe:3e:bc:66:19:5c:c8:29:aa:69:25:2c:33:cd:96:04:
         2c:5c:4b:93:bd:ba:14:de:9d:bb:6c:7c:3f:4e:84:0a:12:e1:
         05:81:20:75:1c:5a:19:54:fa:fd:6e:53:86:83:f7:19:de:2d:
         e4:a9:f7:6b:d3:c3:2f:47:75:b2:63:22:fa:7f:5b:28:03:5e:
         98:7f:50:39:84:8d:22:48:8f:67:de:86:b9:1a:cb:04:1b:83:
         65:22:8f:5a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOx/2wRr/Kf4kVJNLB5uLW/bo3xkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAzMTcwODU2MTBaFw0yNzAzMTYwOTAxMTBaMDMxMTAvBgNV
BAMTKEVGMjM2N0U3RjA2NjgzQzQ1RDUwMkM0Mzc0QzNCMzIwQzUzRUM0OTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIJSNLnujj4kA23bvUtyeoHTw9
6cMii9QZim2XEqY1/mW2Sgl7RK/RqmDMJwWVCNjyIyUtlKprTij8Weya7i/6ILmk
13zzGGuQjf4USBrL5X9b6caBJpxdIt3E0jHO/JJIIBP2wucyGBFU9YkvGwFj9sH3
sTGGoBj79gJRk9osTj/bZ5H2qvR1BHL3bU8ax6/vnjQSv3A2etClif5yhQpkBaC1
GnyoX7gw13pMJILIyjGLUR+zxOYFKTUXXH0vMq4Ttocxl5KzGF6IYsaOVe/phM8o
c4Vol9S/K32FnJCUbbQbHVXlnq0KLt5CqvgE9XTOYMjA0CAt+UhB91V9U8YDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU7yNn5/Bmg8RdUCxDdMOzIMU+xJYwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzMzMyMmUzOTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNzM0MzkzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2E
YjANBgkqhkiG9w0BAQsFAAOCAQEAUeTtkmtl/F9ux7P1MzAvog8dCinn04ID5ysD
QrwOM0OUs7qfEv34UL+88yMIUjDE04FNHYzUG8gpvsVweE0x90VdjgzQgxBze5jy
imzVREiOYDViI/xGv3nBYEiHdQcWFl6LuRQEEhmNuw6poJlC6UltbA0mRuSSeMbM
RPqyGWodzM9iirCxGzFzoOUU88HbVOZh+keyRkRKPNPiXvfyU0QgiiD+PrxmGVzI
KappJSwzzZYELFxLk726FN6du2x8P06EChLhBYEgdRxaGVT6/W5ThoP3Gd4t5Kn3
a9PDL0d1smMi+n9bKANemH9QOYSNIkiPZ96GuRrLBBuDZSKPWg==
-----END CERTIFICATE-----