Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e20383334.roa
File:                     34352e3134362e3130372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          7+2xnseG6yoYcN7K53VABTuhU/cDBfPklHZ2t1dPchc=
Subject key identifier:   A8:13:12:22:C7:50:DA:3D:78:7F:B4:BA:64:78:96:DD:5B:81:05:B2
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       6FB6AD9E804C21E0B8D0BFEF71E4951AF2894CA3
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e20383334.roa
Signing time:             Wed 29 Apr 2026 14:53:16 +0000
ROA not before:           Wed 29 Apr 2026 14:48:16 +0000
ROA not after:            Wed 28 Apr 2027 14:53:16 +0000
asID:                     834
IP address blocks:        45.146.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:27:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:b6:ad:9e:80:4c:21:e0:b8:d0:bf:ef:71:e4:95:1a:f2:89:4c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Apr 29 14:48:16 2026 GMT
            Not After : Apr 28 14:53:16 2027 GMT
        Subject: CN=A8131222C750DA3D787FB4BA647896DD5B8105B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8b:a7:c2:e0:03:b0:78:8d:c1:7f:30:be:f8:
                    e9:c9:08:51:77:39:44:c8:fb:34:2d:c0:98:34:37:
                    e4:7a:16:41:5c:f0:28:05:22:ed:21:80:7d:f9:ca:
                    5c:56:5b:03:8d:1c:7d:47:1b:fc:25:b2:b2:e0:d8:
                    7d:4b:d9:56:1d:da:8c:09:93:26:75:1b:46:a1:55:
                    07:c6:ca:96:9a:c0:48:8b:b6:0f:c6:d5:92:58:57:
                    6b:8d:3b:a0:c6:ab:d4:a5:10:cb:62:4d:06:ff:09:
                    f1:d8:94:be:ed:6e:e6:f3:ab:ac:ab:69:a6:6a:f4:
                    1a:d4:02:a1:51:46:ab:96:e7:22:46:d4:82:d4:35:
                    dc:95:2b:55:50:51:5b:37:a4:bf:5c:5a:77:ea:9b:
                    cc:c9:45:41:b0:3a:c9:cc:d0:f0:bb:3d:ea:4d:6b:
                    00:4c:3c:1f:eb:81:d4:21:66:81:67:21:d8:f2:19:
                    7d:17:f5:d9:bc:9f:f8:e0:8b:55:d1:dd:f4:40:d4:
                    62:f3:71:f8:f6:c3:04:ea:1d:5e:5c:04:61:b1:dc:
                    8e:cc:2b:2b:00:6c:9d:9e:84:dd:5a:be:c3:dd:4d:
                    80:ef:59:65:ad:40:34:33:50:2b:f3:c0:42:99:5a:
                    8d:75:75:37:44:62:77:3d:8d:4d:77:ff:b2:cd:7b:
                    15:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:13:12:22:C7:50:DA:3D:78:7F:B4:BA:64:78:96:DD:5B:81:05:B2
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:f1:75:3a:d7:03:8f:c4:2a:8e:95:f3:1e:da:25:65:c8:b2:
         d5:93:cc:9a:e3:b7:4b:bf:52:df:7c:e5:0a:45:7c:60:4b:7e:
         36:13:70:95:32:56:9c:63:8d:9e:d3:1b:82:cc:19:95:f8:2a:
         7b:30:9c:43:bb:70:7f:86:5e:1d:69:96:47:d3:2a:3c:33:db:
         d9:74:b8:84:97:8f:25:61:8c:f8:ff:81:c6:52:e9:e0:a2:f1:
         7b:d6:9b:e5:37:62:81:d6:c2:51:72:58:d2:34:cc:14:90:5d:
         53:28:86:48:12:2e:02:2a:a8:b7:fc:38:e8:d1:82:91:02:d2:
         e8:fa:98:86:09:82:86:68:a7:46:16:ce:5d:0a:dd:c5:e3:07:
         2a:37:df:56:e9:05:b3:45:7e:cf:ae:bf:78:66:33:23:bf:75:
         c2:7c:d3:e6:75:18:59:4f:07:a3:30:de:b7:dc:48:27:07:50:
         4d:63:d3:08:a0:0b:19:49:71:10:9b:4c:06:ed:c5:2a:3c:50:
         56:c0:40:4f:49:df:c3:88:c7:29:29:1d:23:e0:92:51:d9:34:
         d6:02:ef:fd:e0:fd:9e:c5:03:5d:67:f9:52:eb:5d:47:90:5d:
         09:43:c0:b9:80:66:88:19:65:08:38:a0:3b:9e:03:92:9c:fb:
         a7:f4:24:59
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUb7atnoBMIeC40L/vceSVGvKJTKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjA0MjkxNDQ4MTZaFw0yNzA0MjgxNDUzMTZaMDMxMTAvBgNV
BAMTKEE4MTMxMjIyQzc1MERBM0Q3ODdGQjRCQTY0Nzg5NkRENUI4MTA1QjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHi6fC4AOweI3BfzC++OnJCFF3
OUTI+zQtwJg0N+R6FkFc8CgFIu0hgH35ylxWWwONHH1HG/wlsrLg2H1L2VYd2owJ
kyZ1G0ahVQfGypaawEiLtg/G1ZJYV2uNO6DGq9SlEMtiTQb/CfHYlL7tbubzq6yr
aaZq9BrUAqFRRquW5yJG1ILUNdyVK1VQUVs3pL9cWnfqm8zJRUGwOsnM0PC7PepN
awBMPB/rgdQhZoFnIdjyGX0X9dm8n/jgi1XR3fRA1GLzcfj2wwTqHV5cBGGx3I7M
KysAbJ2ehN1avsPdTYDvWWWtQDQzUCvzwEKZWo11dTdEYnc9jU13/7LNexV3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqBMSIsdQ2j14f7S6ZHiW3VuBBbIwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzNDM2MmUzMTMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtkmsw
DQYJKoZIhvcNAQELBQADggEBAErxdTrXA4/EKo6V8x7aJWXIstWTzJrjt0u/Ut98
5QpFfGBLfjYTcJUyVpxjjZ7TG4LMGZX4KnswnEO7cH+GXh1plkfTKjwz29l0uISX
jyVhjPj/gcZS6eCi8XvWm+U3YoHWwlFyWNI0zBSQXVMohkgSLgIqqLf8OOjRgpEC
0uj6mIYJgoZop0YWzl0K3cXjByo331bpBbNFfs+uv3hmMyO/dcJ80+Z1GFlPB6Mw
3rfcSCcHUE1j0wigCxlJcRCbTAbtxSo8UFbAQE9J38OIxykpHSPgklHZNNYC7/3g
/Z7FA11n+VLrXUeQXQlDwLmAZogZZQg4oDueA5Kc+6f0JFk=
-----END CERTIFICATE-----