Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa
File:                     34352e39302e3132322e302f32332d3332203d3e203531313637.roa (raw, json)
Hash identifier:          /Vyot8J3/I7Vf/GzL2/i5u7Xok+vggUnvOmmcQXy0RI=
Subject key identifier:   82:C6:F3:F6:C7:8A:60:CA:6B:31:E7:B3:68:EE:F5:56:0A:6B:05:71
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       3530CE47C40B2DA63BA76566A16A34DE9EED653C
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa
Signing time:             Wed 25 Mar 2026 14:23:31 +0000
ROA not before:           Wed 25 Mar 2026 14:18:31 +0000
ROA not after:            Wed 24 Mar 2027 14:23:31 +0000
asID:                     51167
IP address blocks:        45.90.122.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:30:ce:47:c4:0b:2d:a6:3b:a7:65:66:a1:6a:34:de:9e:ed:65:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 25 14:18:31 2026 GMT
            Not After : Mar 24 14:23:31 2027 GMT
        Subject: CN=82C6F3F6C78A60CA6B31E7B368EEF5560A6B0571
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:02:f4:ce:21:e2:2e:72:d6:8a:4a:65:66:fa:
                    c0:70:02:eb:2a:18:8c:d2:b8:ca:51:0d:09:48:d2:
                    46:86:0f:63:31:ae:9f:6f:a7:8b:0c:6e:06:1e:31:
                    b4:e7:7b:10:fa:4c:5d:4a:ed:ba:5e:19:c2:e6:19:
                    64:e4:e1:57:0f:16:07:6e:fb:f9:94:8b:0e:ad:de:
                    86:a5:c4:e0:04:c6:23:a8:a2:aa:a5:17:d7:f1:64:
                    24:b9:07:c5:10:7d:e8:5c:c5:c6:95:f5:ac:f3:c5:
                    21:4b:72:80:eb:c6:f1:14:06:ad:d8:71:a4:7a:35:
                    d0:00:b8:62:13:92:6b:11:da:82:26:5d:f2:d4:63:
                    de:74:21:0a:f6:d9:dc:32:e6:38:ac:aa:62:7a:3a:
                    2b:1f:10:bf:78:b9:6c:20:85:7f:76:0d:ce:70:49:
                    9c:30:ae:60:71:c3:cd:33:f7:02:ad:ba:9b:7c:1b:
                    f5:5e:31:82:e1:20:95:f2:87:09:16:7b:b7:25:63:
                    87:f0:3f:ab:ce:00:7d:8a:49:33:cf:16:72:e7:3a:
                    82:7f:a2:69:36:f2:7a:dd:23:ec:76:1d:a7:41:01:
                    e5:4d:72:fe:64:d8:32:f1:d2:46:6a:1b:cc:f8:a0:
                    b7:92:6c:fc:65:21:e5:27:a2:b4:89:92:43:36:d6:
                    00:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C6:F3:F6:C7:8A:60:CA:6B:31:E7:B3:68:EE:F5:56:0A:6B:05:71
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e39302e3132322e302f32332d3332203d3e203531313637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:c6:c2:a1:61:b0:fa:3e:64:e2:72:fb:2b:98:24:f6:ec:78:
         24:62:13:a3:6e:60:6e:39:2c:3c:2d:16:75:c1:de:e7:f2:0a:
         26:c5:56:78:fd:7b:92:dd:81:39:04:02:29:3b:bc:08:d2:81:
         70:7b:3e:a1:5f:f4:c0:8d:3c:34:15:6f:4e:67:a9:51:db:be:
         10:77:f6:d1:91:6a:52:c9:6b:28:c8:cb:80:1a:53:01:d9:51:
         68:dd:5f:a2:54:85:2d:6a:a8:e1:0a:4c:5a:ab:85:bc:9a:7b:
         a9:f1:17:2a:c4:80:0e:6d:6f:9e:bd:ba:59:e8:fd:18:35:c9:
         42:be:f7:26:1b:29:01:b4:c5:8e:2b:5e:7c:c2:b0:06:aa:c5:
         5a:f6:9c:60:18:ae:8b:2c:1a:36:79:20:24:3d:2d:cf:fc:e9:
         a3:55:65:d3:03:78:92:a9:00:4b:70:3e:a4:d6:d2:2c:33:63:
         ae:82:2c:ae:bf:8f:0c:89:9a:60:a4:ad:ea:3b:65:53:9f:24:
         c2:20:4e:d7:1b:1a:fb:99:04:00:c0:44:2c:0e:41:7e:42:1e:
         95:38:11:cf:8e:9e:d6:f3:60:29:de:b1:08:58:fa:87:bd:6d:
         f2:69:a4:ed:e3:bb:0f:ea:47:08:8b:cb:91:c0:20:3a:d8:8e:
         fc:7f:3a:9a
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNTDOR8QLLaY7p2VmoWo03p7tZTwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMjUxNDE4MzFaFw0yNzAzMjQxNDIzMzFaMDMxMTAvBgNV
BAMTKDgyQzZGM0Y2Qzc4QTYwQ0E2QjMxRTdCMzY4RUVGNTU2MEE2QjA1NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrAvTOIeIuctaKSmVm+sBwAusq
GIzSuMpRDQlI0kaGD2Mxrp9vp4sMbgYeMbTnexD6TF1K7bpeGcLmGWTk4VcPFgdu
+/mUiw6t3oalxOAExiOooqqlF9fxZCS5B8UQfehcxcaV9azzxSFLcoDrxvEUBq3Y
caR6NdAAuGITkmsR2oImXfLUY950IQr22dwy5jisqmJ6OisfEL94uWwghX92Dc5w
SZwwrmBxw80z9wKtupt8G/VeMYLhIJXyhwkWe7clY4fwP6vOAH2KSTPPFnLnOoJ/
omk28nrdI+x2HadBAeVNcv5k2DLx0kZqG8z4oLeSbPxlIeUnorSJkkM21gDhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgsbz9seKYMprMeezaO71VgprBXEwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzkzMDJlMzEzMjMy
MmUzMDJmMzIzMzJkMzMzMjIwM2QzZTIwMzUzMTMxMzYzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS1a
ejANBgkqhkiG9w0BAQsFAAOCAQEAe8bCoWGw+j5k4nL7K5gk9ux4JGITo25gbjks
PC0WdcHe5/IKJsVWeP17kt2BOQQCKTu8CNKBcHs+oV/0wI08NBVvTmepUdu+EHf2
0ZFqUslrKMjLgBpTAdlRaN1folSFLWqo4QpMWquFvJp7qfEXKsSADm1vnr26Wej9
GDXJQr73JhspAbTFjitefMKwBqrFWvacYBiuiywaNnkgJD0tz/zpo1Vl0wN4kqkA
S3A+pNbSLDNjroIsrr+PDImaYKSt6jtlU58kwiBO1xsa+5kEAMBELA5BfkIelTgR
z46e1vNgKd6xCFj6h71t8mmk7eO7D+pHCIvLkcAgOtiO/H86mg==
-----END CERTIFICATE-----