Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20383334.roa
File:                     34352e382e3133342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          iEdgi8LUJ5eXDUXWfTdv/twWJoOFZ9zXsmxDhcn3YfQ=
Subject key identifier:   4F:FA:50:6C:F4:AD:96:6E:23:36:D8:7C:56:27:BA:D3:68:B7:CB:E5
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       5B75F417F68DB91EEC284337BF88F9DA6367035F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20383334.roa
Signing time:             Mon 23 Mar 2026 21:01:21 +0000
ROA not before:           Mon 23 Mar 2026 20:56:21 +0000
ROA not after:            Mon 22 Mar 2027 21:01:21 +0000
asID:                     834
IP address blocks:        45.8.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 22:16:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:75:f4:17:f6:8d:b9:1e:ec:28:43:37:bf:88:f9:da:63:67:03:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 23 20:56:21 2026 GMT
            Not After : Mar 22 21:01:21 2027 GMT
        Subject: CN=4FFA506CF4AD966E2336D87C5627BAD368B7CBE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:73:56:25:95:60:ff:32:04:a7:5b:48:b5:d2:
                    42:e2:65:9a:1c:a5:82:08:d7:b1:96:1a:e1:c6:1d:
                    6d:42:f7:34:1d:6f:0f:cf:d2:49:66:7b:57:da:b6:
                    87:68:6f:9d:08:b9:e8:b1:2a:97:76:81:78:78:06:
                    2f:ca:d9:8d:aa:dd:db:e4:ac:ea:30:0a:3a:86:16:
                    f9:1e:d4:d6:b1:20:6c:29:ad:f2:02:d2:67:46:e7:
                    af:dd:2c:69:28:0a:64:e3:bb:64:43:bd:80:46:53:
                    11:11:fe:c7:77:5a:0c:ee:93:fd:83:20:64:a3:ae:
                    9c:b5:65:22:9e:7d:07:ee:f4:61:39:0d:97:fa:c8:
                    29:23:7a:cd:84:e3:85:ee:fe:72:0c:0d:93:b6:bc:
                    9e:78:08:c6:a5:2b:8a:1c:50:3f:db:81:48:42:11:
                    d7:8e:92:81:b8:56:55:75:eb:ad:90:7f:1f:4e:4f:
                    d7:78:d3:3f:f0:4e:6d:0b:8a:eb:8c:a7:64:90:31:
                    3a:5c:95:88:a6:e0:23:34:5b:b0:ad:b5:be:4f:74:
                    ea:24:4f:37:31:6c:8e:7e:4c:80:8e:03:7c:a6:8b:
                    64:f0:97:73:8d:f7:7b:e0:ee:34:ff:3f:63:26:9b:
                    74:ac:51:58:35:58:f3:ca:18:b1:c3:ac:eb:00:f3:
                    94:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FA:50:6C:F4:AD:96:6E:23:36:D8:7C:56:27:BA:D3:68:B7:CB:E5
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:d0:d7:7d:e4:fd:06:ee:d0:8a:a4:e9:f3:c6:db:20:b1:9a:
         a0:dd:22:ac:b5:d0:d0:b5:be:9b:37:00:28:18:09:7f:bb:0b:
         7a:eb:bd:d7:0f:fe:8e:96:a7:12:4c:92:14:64:51:c2:47:d7:
         d6:94:ba:23:32:68:65:38:f5:ed:c8:c7:96:a9:3c:5a:5d:9a:
         0e:30:49:fc:59:e0:4c:6d:18:3a:ca:e6:e2:fb:f9:ba:e2:13:
         a4:3e:03:49:0a:27:2d:13:6e:b7:04:ea:4c:03:1d:32:02:66:
         ef:be:9b:3e:08:45:c4:f1:5e:a7:b9:24:c8:65:26:f7:cc:ee:
         01:cf:8d:78:b0:5e:99:7f:fa:d9:5c:70:5a:c3:b2:27:4b:5f:
         dd:e8:5f:2e:e9:55:47:29:a7:82:db:94:7c:af:84:44:6f:14:
         1c:0e:34:cb:06:8d:34:d9:08:ee:fb:6a:5b:78:3f:33:56:77:
         0c:22:e0:ee:5f:23:9d:ff:9e:4c:ef:ff:ba:e2:e1:ea:89:c8:
         dd:91:80:96:fb:12:7d:45:9b:34:01:98:7b:d7:61:e2:14:c7:
         a5:0c:e6:f4:ca:5b:92:0e:04:4b:0b:36:11:81:3a:dc:ad:3a:
         f2:4c:c3:74:0e:02:7c:c7:07:08:9c:a5:ca:ca:a0:03:06:48:
         9e:53:16:f0
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUW3X0F/aNuR7sKEM3v4j52mNnA18wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMjMyMDU2MjFaFw0yNzAzMjIyMTAxMjFaMDMxMTAvBgNV
BAMTKDRGRkE1MDZDRjRBRDk2NkUyMzM2RDg3QzU2MjdCQUQzNjhCN0NCRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkc1YllWD/MgSnW0i10kLiZZoc
pYII17GWGuHGHW1C9zQdbw/P0klme1fatodob50IueixKpd2gXh4Bi/K2Y2q3dvk
rOowCjqGFvke1NaxIGwprfIC0mdG56/dLGkoCmTju2RDvYBGUxER/sd3Wgzuk/2D
IGSjrpy1ZSKefQfu9GE5DZf6yCkjes2E44Xu/nIMDZO2vJ54CMalK4ocUD/bgUhC
EdeOkoG4VlV1662Qfx9OT9d40z/wTm0LiuuMp2SQMTpclYim4CM0W7Cttb5PdOok
TzcxbI5+TICOA3ymi2Twl3ON93vg7jT/P2Mmm3SsUVg1WPPKGLHDrOsA85QpAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUT/pQbPStlm4jNth8Vie602i3y+UwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0IhjANBgkq
hkiG9w0BAQsFAAOCAQEAodDXfeT9Bu7QiqTp88bbILGaoN0irLXQ0LW+mzcAKBgJ
f7sLeuu91w/+jpanEkySFGRRwkfX1pS6IzJoZTj17cjHlqk8Wl2aDjBJ/FngTG0Y
Osrm4vv5uuITpD4DSQonLRNutwTqTAMdMgJm776bPghFxPFep7kkyGUm98zuAc+N
eLBemX/62VxwWsOyJ0tf3ehfLulVRymngtuUfK+ERG8UHA40ywaNNNkI7vtqW3g/
M1Z3DCLg7l8jnf+eTO//uuLh6onI3ZGAlvsSfUWbNAGYe9dh4hTHpQzm9Mpbkg4E
Sws2EYE63K068kzDdA4CfMcHCJylysqgAwZInlMW8A==
-----END CERTIFICATE-----