Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e20383334.roa
File:                     34352e3134362e3130372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          LDmyleCyxnH/eZIamhqz2TqIjAFvnBVzunzHiGQHRm8=
Subject key identifier:   0F:CB:1C:90:C5:62:84:52:94:25:DD:2E:18:18:92:92:3F:E7:2D:A5
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       37ACD14EF1CBC0A5FAAECF4BBA51192BE163E173
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Mar 2026 00:29:41 +0000
ROA not before:           Tue 17 Mar 2026 00:24:41 +0000
ROA not after:            Tue 16 Mar 2027 00:29:41 +0000
asID:                     834
IP address blocks:        45.146.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:ac:d1:4e:f1:cb:c0:a5:fa:ae:cf:4b:ba:51:19:2b:e1:63:e1:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar 17 00:24:41 2026 GMT
            Not After : Mar 16 00:29:41 2027 GMT
        Subject: CN=0FCB1C90C56284529425DD2E181892923FE72DA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ae:3a:91:d9:6a:c4:9b:9f:98:89:49:d6:55:
                    a8:f6:d7:d7:1f:3c:d1:54:b8:51:cb:e7:f9:1b:86:
                    30:b0:2a:21:f9:da:ec:4b:75:0d:d4:f5:46:88:15:
                    b9:55:c3:9b:1c:e4:f0:7d:85:b0:f8:2d:07:b5:00:
                    0f:84:54:bf:ed:16:8a:2f:ae:60:fa:9c:6f:27:3e:
                    a5:08:b0:f1:95:79:44:d4:db:0c:7e:ef:4a:d3:c7:
                    0f:3e:39:b9:67:65:3b:f2:c0:19:b0:90:79:40:ef:
                    8d:93:41:0e:d8:0e:60:ac:d1:b2:0f:bf:70:88:e4:
                    e0:e7:5a:b2:5e:66:98:84:53:9a:db:31:5c:1c:0f:
                    b3:aa:fa:70:93:84:f9:62:98:88:77:d4:67:37:ab:
                    8a:07:a3:57:6b:94:82:88:1f:b4:6d:a3:07:c0:8c:
                    97:ff:77:3f:c5:4d:86:ee:ea:0f:9c:76:63:b8:3a:
                    da:9d:75:5a:07:cc:20:2e:05:5b:10:a3:5f:53:6a:
                    c2:f3:0e:ca:35:64:78:ce:9a:7c:d1:89:15:ac:dc:
                    22:74:d8:49:96:99:24:92:5f:72:c1:a8:d5:be:c3:
                    52:4e:39:dd:92:4c:60:13:32:cd:c7:e5:09:65:62:
                    ce:53:a5:2f:f8:40:2f:ab:5a:5a:cb:d0:0d:7e:1b:
                    4c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CB:1C:90:C5:62:84:52:94:25:DD:2E:18:18:92:92:3F:E7:2D:A5
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e3134362e3130372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:46:58:c2:52:2a:27:90:1d:e6:a5:6e:0e:8b:d6:1d:7a:69:
         e5:6e:33:ab:33:b2:10:04:9d:2f:e1:13:09:85:b3:62:29:49:
         85:b3:b8:a4:f6:03:26:1c:0d:c2:37:03:db:e7:c0:f6:ca:d9:
         62:0a:50:5d:d7:84:44:90:7c:ef:c0:4b:f6:d1:d0:77:61:fd:
         b6:5f:08:19:db:20:b0:fd:40:d5:f3:98:77:e6:52:f1:47:17:
         60:95:12:86:45:c0:2b:86:c1:92:0a:bc:ee:3b:40:02:0c:15:
         d4:2a:c6:66:90:92:76:c1:d7:30:2f:42:17:8c:dc:54:65:b8:
         54:42:b5:b4:49:4c:e1:70:3d:e6:fb:42:aa:1f:35:9a:da:18:
         37:6f:12:8f:aa:4f:58:d1:68:0d:7c:67:04:5c:a1:47:59:ca:
         c8:6f:ec:22:fe:31:67:15:c6:b2:02:e7:4f:0b:39:a3:3c:fb:
         be:50:c2:38:99:25:ce:1c:04:25:03:2b:6d:4f:51:2a:04:ef:
         9c:d1:be:b4:37:e0:d7:7d:0d:2e:a5:ca:a4:3e:12:e8:76:46:
         35:4e:5f:11:42:cb:94:b1:f4:8b:48:55:d0:bd:3f:51:bb:15:
         15:85:79:78:17:d8:31:53:c0:a0:09:cf:71:4a:b3:97:19:37:
         77:0c:26:34
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUN6zRTvHLwKX6rs9LulEZK+Fj4XMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAzMTcwMDI0NDFaFw0yNzAzMTYwMDI5NDFaMDMxMTAvBgNV
BAMTKDBGQ0IxQzkwQzU2Mjg0NTI5NDI1REQyRTE4MTg5MjkyM0ZFNzJEQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgrjqR2WrEm5+YiUnWVaj219cf
PNFUuFHL5/kbhjCwKiH52uxLdQ3U9UaIFblVw5sc5PB9hbD4LQe1AA+EVL/tFoov
rmD6nG8nPqUIsPGVeUTU2wx+70rTxw8+OblnZTvywBmwkHlA742TQQ7YDmCs0bIP
v3CI5ODnWrJeZpiEU5rbMVwcD7Oq+nCThPlimIh31Gc3q4oHo1drlIKIH7RtowfA
jJf/dz/FTYbu6g+cdmO4OtqddVoHzCAuBVsQo19TasLzDso1ZHjOmnzRiRWs3CJ0
2EmWmSSSX3LBqNW+w1JOOd2STGATMs3H5QllYs5TpS/4QC+rWlrL0A1+G0x3AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUD8sckMVihFKUJd0uGBiSkj/nLaUwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzEzNDM2MmUzMTMw
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtkmsw
DQYJKoZIhvcNAQELBQADggEBACpGWMJSKieQHealbg6L1h16aeVuM6szshAEnS/h
EwmFs2IpSYWzuKT2AyYcDcI3A9vnwPbK2WIKUF3XhESQfO/AS/bR0Hdh/bZfCBnb
ILD9QNXzmHfmUvFHF2CVEoZFwCuGwZIKvO47QAIMFdQqxmaQknbB1zAvQheM3FRl
uFRCtbRJTOFwPeb7QqofNZraGDdvEo+qT1jRaA18ZwRcoUdZyshv7CL+MWcVxrIC
508LOaM8+75QwjiZJc4cBCUDK21PUSoE75zRvrQ34Nd9DS6lyqQ+Euh2RjVOXxFC
y5Sx9ItIVdC9P1G7FRWFeXgX2DFTwKAJz3FKs5cZN3cMJjQ=
-----END CERTIFICATE-----