Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35342e302f32342d3234203d3e20383334.roa
File:                     3231322e37342e35342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3PGiujYmgmfuo3zR+M+I9xuftEPhsE6eory6BR5YEHc=
Subject key identifier:   C7:5B:9B:34:80:15:47:F8:10:F8:6B:40:66:C7:2E:14:90:24:E2:56
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       4B166B530693371942FD05D0BF22E32BB11E08A4
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 24 Feb 2026 12:03:34 +0000
ROA not before:           Tue 24 Feb 2026 11:58:34 +0000
ROA not after:            Tue 23 Feb 2027 12:03:34 +0000
asID:                     834
IP address blocks:        212.74.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:07:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:16:6b:53:06:93:37:19:42:fd:05:d0:bf:22:e3:2b:b1:1e:08:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 24 11:58:34 2026 GMT
            Not After : Feb 23 12:03:34 2027 GMT
        Subject: CN=C75B9B34801547F810F86B4066C72E149024E256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:11:65:2d:08:05:0b:5c:13:65:21:22:f8:74:
                    c3:3b:8d:48:95:90:0c:9c:58:3c:9c:e6:3e:a7:18:
                    5a:f9:ce:a0:f4:46:ac:66:73:f3:d4:fe:b8:92:6f:
                    ae:1b:00:23:ed:81:83:89:84:b5:8f:e5:8b:86:98:
                    56:08:37:95:fd:4d:59:44:86:20:2a:df:f7:28:b9:
                    34:2d:7d:08:29:7b:e6:78:6a:19:a8:ef:da:59:76:
                    04:3b:1b:9c:23:0a:f1:56:54:87:cf:59:c2:c3:6c:
                    d2:5b:de:7b:bd:6a:05:0f:eb:9f:00:be:e1:58:d0:
                    c8:69:a0:7a:93:0e:4d:c2:7b:ec:e3:76:f6:ba:96:
                    0d:18:33:9f:a4:2e:d8:3b:a3:78:e8:ae:5c:c4:f0:
                    40:ba:db:42:96:a3:ac:e9:a0:f6:c5:d4:3b:e0:6d:
                    0d:dd:5e:21:cd:27:2e:65:25:9d:b0:f6:fc:69:e9:
                    b5:ce:6a:fa:15:b8:ff:e0:da:84:bf:e8:91:73:32:
                    ae:90:9c:4c:04:f8:af:43:81:e3:c0:99:0a:ba:80:
                    3e:f2:13:0a:98:b1:c9:5e:48:5b:c5:e8:e7:bf:0f:
                    00:ec:54:de:74:77:a1:a1:28:27:03:ea:fd:e5:ee:
                    93:cb:3d:af:0f:44:55:1f:70:03:2f:23:69:5b:9d:
                    94:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:5B:9B:34:80:15:47:F8:10:F8:6B:40:66:C7:2E:14:90:24:E2:56
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:77:84:92:33:71:af:0e:98:3b:fa:d0:8e:e4:85:22:8a:f0:
         cf:38:31:51:68:4f:07:a7:fe:cf:0b:d2:1f:05:a1:b9:f4:e4:
         f6:05:c0:72:7c:73:f1:73:74:53:5f:3d:3d:b8:e1:2d:28:89:
         59:43:a9:a5:30:ec:2e:54:c5:82:bd:ea:74:32:21:6a:86:19:
         61:35:22:95:6f:a3:71:08:6f:a5:88:e0:c2:35:8a:11:20:f5:
         1e:1a:ed:9a:22:7f:4a:3f:cb:d6:86:ac:5d:3f:86:1a:ba:c7:
         d4:f5:b1:39:27:25:67:5a:c5:82:86:d2:28:17:03:0a:97:ce:
         12:0d:09:65:8f:16:1a:27:26:16:84:a7:e1:9d:78:e5:ed:37:
         0b:f7:ce:d6:cf:fe:52:f5:d6:a0:05:f7:fa:9c:a3:50:99:ff:
         8e:d3:a7:5c:8b:3c:b5:fe:e4:26:d6:a3:9f:44:60:41:af:46:
         79:91:60:7d:c7:52:db:22:16:5b:55:b0:95:98:11:3d:4e:a4:
         97:d5:9e:d7:07:39:32:af:e7:a2:f2:46:22:da:58:0d:c7:46:
         2a:cc:1f:91:c0:d4:42:aa:4a:14:be:ce:ae:b4:49:0f:7b:60:
         f3:57:37:50:77:94:37:a5:be:dd:fe:17:97:25:45:54:31:c3:
         af:ec:d2:9e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSxZrUwaTNxlC/QXQvyLjK7EeCKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMjQxMTU4MzRaFw0yNzAyMjMxMjAzMzRaMDMxMTAvBgNV
BAMTKEM3NUI5QjM0ODAxNTQ3RjgxMEY4NkI0MDY2QzcyRTE0OTAyNEUyNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLEWUtCAULXBNlISL4dMM7jUiV
kAycWDyc5j6nGFr5zqD0Rqxmc/PU/riSb64bACPtgYOJhLWP5YuGmFYIN5X9TVlE
hiAq3/couTQtfQgpe+Z4ahmo79pZdgQ7G5wjCvFWVIfPWcLDbNJb3nu9agUP658A
vuFY0MhpoHqTDk3Ce+zjdva6lg0YM5+kLtg7o3jorlzE8EC620KWo6zpoPbF1Dvg
bQ3dXiHNJy5lJZ2w9vxp6bXOavoVuP/g2oS/6JFzMq6QnEwE+K9DgePAmQq6gD7y
EwqYscleSFvF6Oe/DwDsVN50d6GhKCcD6v3l7pPLPa8PRFUfcAMvI2lbnZTHAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUx1ubNIAVR/gQ+GtAZscuFJAk4lYwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Eo2MA0G
CSqGSIb3DQEBCwUAA4IBAQAFd4SSM3GvDpg7+tCO5IUiivDPODFRaE8Hp/7PC9If
BaG59OT2BcByfHPxc3RTXz09uOEtKIlZQ6mlMOwuVMWCvep0MiFqhhlhNSKVb6Nx
CG+liODCNYoRIPUeGu2aIn9KP8vWhqxdP4YausfU9bE5JyVnWsWChtIoFwMKl84S
DQlljxYaJyYWhKfhnXjl7TcL987Wz/5S9dagBff6nKNQmf+O06dcizy1/uQm1qOf
RGBBr0Z5kWB9x1LbIhZbVbCVmBE9TqSX1Z7XBzkyr+ei8kYi2lgNx0YqzB+RwNRC
qkoUvs6utEkPe2DzVzdQd5Q3pb7d/heXJUVUMcOv7NKe
-----END CERTIFICATE-----