Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa
File:                     34352e31302e3136302e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          pKyWe+pLjMj5DzuzrigB2hq6ooIS51QyNx7pB92lRgQ=
Subject key identifier:   F1:21:7D:86:A3:ED:C4:90:FD:B1:64:64:34:DA:B4:05:B6:85:E1:1C
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       1FD7E6B2D97368BF3F7710AB3C21F198022CFE67
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 25 Mar 2026 14:23:31 +0000
ROA not before:           Wed 25 Mar 2026 14:18:31 +0000
ROA not after:            Wed 24 Mar 2027 14:23:31 +0000
asID:                     51167
IP address blocks:        45.10.160.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:d7:e6:b2:d9:73:68:bf:3f:77:10:ab:3c:21:f1:98:02:2c:fe:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 25 14:18:31 2026 GMT
            Not After : Mar 24 14:23:31 2027 GMT
        Subject: CN=F1217D86A3EDC490FDB1646434DAB405B685E11C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:69:eb:26:a6:12:41:22:8a:c0:3f:a5:9d:09:
                    79:41:60:63:1b:e6:f2:d3:ea:f2:0a:ee:2e:82:de:
                    d9:5c:1c:b5:0b:64:f6:c8:98:23:23:bd:6e:8f:47:
                    98:f7:36:d3:42:b9:98:92:5a:97:6c:e2:fc:2e:99:
                    06:36:fd:8b:fc:d6:c2:c6:c6:e7:a1:ea:a7:d6:6e:
                    7c:e1:3b:18:88:a2:30:de:72:b8:89:bd:b7:79:83:
                    f9:0c:c6:3d:68:1d:8f:34:43:c3:b3:1e:d0:73:01:
                    c5:a1:c3:59:84:e0:f8:c0:e1:2b:d0:81:2d:88:bf:
                    88:50:6c:3f:9c:a3:12:95:2b:88:13:68:63:04:bd:
                    ba:25:cd:b8:f0:f2:12:7f:1b:cf:b1:25:bb:4b:d4:
                    2d:44:37:ae:b4:e6:2c:3d:72:e8:d5:e5:27:4c:77:
                    5a:0c:94:ba:a2:f1:c0:73:5f:8c:7d:dc:37:9b:98:
                    b6:99:fb:75:2b:44:5a:1f:3f:b1:72:da:e7:eb:c4:
                    65:8b:48:2b:4f:17:1b:08:6e:5a:33:95:0e:f6:6a:
                    bc:4a:c5:bd:7a:24:ca:cb:3c:49:93:25:40:89:a7:
                    a4:f1:c4:10:9a:ac:d7:f3:b3:c0:c1:97:61:37:b7:
                    29:a8:a5:16:5d:d3:a7:1d:82:86:9b:30:3a:3b:27:
                    c7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:21:7D:86:A3:ED:C4:90:FD:B1:64:64:34:DA:B4:05:B6:85:E1:1C
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e31302e3136302e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:ba:38:0a:6d:f9:e4:34:ff:b3:bd:97:6a:00:08:d2:30:da:
         c4:3e:2f:db:72:f5:f8:e4:5c:3c:e3:81:60:7a:6a:e3:fa:60:
         8b:c1:84:2e:c6:51:19:cc:e1:4a:5f:75:8e:fc:50:8d:cb:66:
         c1:45:a9:22:b3:0c:39:fb:a2:c1:fd:47:fc:f6:07:89:de:43:
         fa:53:d0:f5:cc:49:ce:c2:85:8b:6e:80:ab:7b:d6:84:15:80:
         c7:19:07:3f:fd:92:a9:26:bd:b0:50:df:1b:15:d5:79:02:e8:
         97:17:32:2e:b7:c8:d0:ba:3d:9f:c2:cc:4b:b3:8c:21:4b:dc:
         3a:ab:aa:7f:c5:de:05:59:de:8b:9a:7f:d2:a4:37:48:e3:02:
         1f:4d:c9:31:3a:16:5e:46:bf:c3:52:6c:24:b6:f1:d6:de:b4:
         34:1e:d8:4f:65:a0:48:b1:06:af:63:82:bb:21:fb:07:e7:92:
         1a:01:38:7a:9f:17:13:d7:2f:a3:a2:91:0f:a9:85:4f:3d:62:
         21:67:b5:1e:38:2c:6f:62:6d:a3:89:05:ed:5c:a4:1e:08:6e:
         c9:27:2a:8c:3d:a4:8d:77:66:a1:fb:53:b2:30:de:be:da:b5:
         32:7f:76:e0:f3:90:cc:e8:28:55:31:83:ec:b1:5b:c5:cc:ad:
         00:d4:df:af
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUH9fmstlzaL8/dxCrPCHxmAIs/mcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMjUxNDE4MzFaFw0yNzAzMjQxNDIzMzFaMDMxMTAvBgNV
BAMTKEYxMjE3RDg2QTNFREM0OTBGREIxNjQ2NDM0REFCNDA1QjY4NUUxMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyaesmphJBIorAP6WdCXlBYGMb
5vLT6vIK7i6C3tlcHLULZPbImCMjvW6PR5j3NtNCuZiSWpds4vwumQY2/Yv81sLG
xueh6qfWbnzhOxiIojDecriJvbd5g/kMxj1oHY80Q8OzHtBzAcWhw1mE4PjA4SvQ
gS2Iv4hQbD+coxKVK4gTaGMEvbolzbjw8hJ/G8+xJbtL1C1EN6605iw9cujV5SdM
d1oMlLqi8cBzX4x93DebmLaZ+3UrRFofP7Fy2ufrxGWLSCtPFxsIblozlQ72arxK
xb16JMrLPEmTJUCJp6TxxBCarNfzs8DBl2E3tymopRZd06cdgoabMDo7J8eLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8SF9hqPtxJD9sWRkNNq0BbaF4RwwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzEzMDJlMzEzNjMw
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0K
oDANBgkqhkiG9w0BAQsFAAOCAQEAYro4Cm355DT/s72XagAI0jDaxD4v23L1+ORc
POOBYHpq4/pgi8GELsZRGczhSl91jvxQjctmwUWpIrMMOfuiwf1H/PYHid5D+lPQ
9cxJzsKFi26Aq3vWhBWAxxkHP/2SqSa9sFDfGxXVeQLolxcyLrfI0Lo9n8LMS7OM
IUvcOquqf8XeBVnei5p/0qQ3SOMCH03JMToWXka/w1JsJLbx1t60NB7YT2WgSLEG
r2OCuyH7B+eSGgE4ep8XE9cvo6KRD6mFTz1iIWe1Hjgsb2Jto4kF7VykHghuyScq
jD2kjXdmoftTsjDevtq1Mn924POQzOgoVTGD7LFbxcytANTfrw==
-----END CERTIFICATE-----