Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e20313337343039.roa
File:                     34352e38302e362e302f32342d3234203d3e20313337343039.roa (raw, json)
Hash identifier:          mQ6YzssFE/nFARpdXzey7q80X9EpUm3gxUnbZxsMHUo=
Subject key identifier:   64:4C:CB:BF:05:51:4C:C0:7E:44:44:3B:09:1A:3F:14:3A:82:6C:8E
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       2E8F0BCB8509942A2EB8044FAA37516EECCDFE77
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e20313337343039.roa
Signing time:             Thu 19 Mar 2026 09:46:48 +0000
ROA not before:           Thu 19 Mar 2026 09:41:48 +0000
ROA not after:            Thu 18 Mar 2027 09:46:48 +0000
asID:                     137409
IP address blocks:        45.80.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 12:28:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:8f:0b:cb:85:09:94:2a:2e:b8:04:4f:aa:37:51:6e:ec:cd:fe:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Mar 19 09:41:48 2026 GMT
            Not After : Mar 18 09:46:48 2027 GMT
        Subject: CN=644CCBBF05514CC07E44443B091A3F143A826C8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:79:a9:3e:a7:6a:13:25:58:d3:21:e3:d0:65:
                    df:69:56:1b:a0:1b:e1:47:c0:19:d6:cb:ed:31:f0:
                    56:b4:7d:18:55:e9:d8:cb:be:d7:97:a4:b6:00:05:
                    00:fe:20:73:03:e6:ef:63:4b:46:f0:cb:b9:28:f4:
                    f7:d1:9f:0c:06:60:c9:89:fb:d0:be:cd:f5:73:97:
                    f7:a2:61:ef:7e:80:fa:ae:14:85:92:ac:a9:dd:de:
                    c0:ef:2f:3d:fc:31:00:bb:34:53:a5:2a:43:bb:e9:
                    46:f8:38:fb:ca:23:5e:50:d4:38:56:1d:aa:72:c6:
                    45:63:be:7e:5c:ac:e3:f2:e8:8b:6a:94:5a:aa:94:
                    c0:53:0b:2b:a0:b6:c2:2c:94:12:04:d9:db:c6:8a:
                    63:4b:68:16:80:02:3e:a5:55:eb:d1:36:91:7f:d0:
                    db:2c:29:09:db:fe:5b:b9:6b:cf:ae:ed:95:9c:98:
                    33:8e:19:3d:df:a9:89:d0:2c:1c:a2:4f:ad:c5:a0:
                    fa:83:08:a2:4e:66:3b:40:60:c5:03:19:e6:af:da:
                    ce:39:00:4f:07:c7:10:9a:58:22:f8:23:cc:67:3c:
                    95:37:38:66:d6:bd:df:dc:40:15:7d:36:81:5f:02:
                    f8:1a:33:45:64:1b:f8:b7:95:1e:99:bd:37:a0:3d:
                    e9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:4C:CB:BF:05:51:4C:C0:7E:44:44:3B:09:1A:3F:14:3A:82:6C:8E
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e362e302f32342d3234203d3e20313337343039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:a3:60:7a:8e:2f:6d:6d:94:ea:3b:6a:a7:42:b5:d3:c2:c2:
         bc:37:77:37:f2:3c:9f:43:97:1b:5e:9e:ec:2a:25:6b:15:87:
         c4:e6:0d:bd:3d:58:70:7d:49:71:f5:14:39:5f:3a:fd:c4:3c:
         c7:62:ea:db:46:65:14:51:2f:a5:d8:e6:13:a9:0b:af:67:af:
         39:6d:77:b8:41:33:e3:c0:d4:4a:41:bf:b1:d1:40:df:82:e7:
         03:00:8a:bd:79:63:c0:1f:6b:52:d3:5a:91:77:99:45:8a:f1:
         6a:ef:27:17:70:31:8a:49:7c:2f:68:86:3f:c8:da:55:3f:5a:
         43:d2:26:65:31:65:d3:36:10:04:0a:b5:38:42:54:b2:2e:c5:
         74:fd:73:9e:79:7c:e7:74:93:c4:48:7d:b2:a1:95:0a:c7:0b:
         73:11:fd:64:b8:25:5e:12:45:8b:62:f0:55:32:80:79:4c:50:
         13:92:9e:71:93:1d:29:b8:0a:eb:dd:fb:30:8b:9d:46:9a:36:
         e5:0d:f5:b2:78:5e:31:ac:dd:f1:c3:9a:db:29:03:90:7b:8f:
         38:3f:bc:a7:a9:e9:bd:c7:3f:d5:32:12:fa:b7:a4:31:77:5c:
         5f:92:c4:bb:1c:f5:7e:45:e4:54:32:fa:aa:c0:8a:ec:92:1d:
         db:80:b9:64
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIULo8Ly4UJlCouuARPqjdRbuzN/ncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAzMTkwOTQxNDhaFw0yNzAzMTgwOTQ2NDhaMDMxMTAvBgNV
BAMTKDY0NENDQkJGMDU1MTRDQzA3RTQ0NDQzQjA5MUEzRjE0M0E4MjZDOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIeak+p2oTJVjTIePQZd9pVhug
G+FHwBnWy+0x8Fa0fRhV6djLvteXpLYABQD+IHMD5u9jS0bwy7ko9PfRnwwGYMmJ
+9C+zfVzl/eiYe9+gPquFIWSrKnd3sDvLz38MQC7NFOlKkO76Ub4OPvKI15Q1DhW
HapyxkVjvn5crOPy6ItqlFqqlMBTCyugtsIslBIE2dvGimNLaBaAAj6lVevRNpF/
0NssKQnb/lu5a8+u7ZWcmDOOGT3fqYnQLByiT63FoPqDCKJOZjtAYMUDGeav2s45
AE8HxxCaWCL4I8xnPJU3OGbWvd/cQBV9NoFfAvgaM0VkG/i3lR6ZvTegPelbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZEzLvwVRTMB+REQ7CRo/FDqCbI4wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzYyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTMzMzczNDMwMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUAYw
DQYJKoZIhvcNAQELBQADggEBAEmjYHqOL21tlOo7aqdCtdPCwrw3dzfyPJ9Dlxte
nuwqJWsVh8TmDb09WHB9SXH1FDlfOv3EPMdi6ttGZRRRL6XY5hOpC69nrzltd7hB
M+PA1EpBv7HRQN+C5wMAir15Y8Afa1LTWpF3mUWK8WrvJxdwMYpJfC9ohj/I2lU/
WkPSJmUxZdM2EAQKtThCVLIuxXT9c555fOd0k8RIfbKhlQrHC3MR/WS4JV4SRYti
8FUygHlMUBOSnnGTHSm4Cuvd+zCLnUaaNuUN9bJ4XjGs3fHDmtspA5B7jzg/vKep
6b3HP9UyEvq3pDF3XF+SxLsc9X5F5FQy+qrAiuySHduAuWQ=
-----END CERTIFICATE-----