Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32332d3234203d3e20383334.roa
File:                     3231322e37342e36322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          qIZUZ1G18lOVHEEThQsaYERjVzUVwfBwwEHExuXUFqA=
Subject key identifier:   00:53:3D:89:7C:E0:2B:EC:0E:A4:EA:5F:E0:20:B0:06:57:3C:53:58
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       3351D32FBD7AC550FFCA1F0432961A35F6F81544
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32332d3234203d3e20383334.roa
Signing time:             Wed 25 Feb 2026 03:22:18 +0000
ROA not before:           Wed 25 Feb 2026 03:17:18 +0000
ROA not after:            Wed 24 Feb 2027 03:22:18 +0000
asID:                     834
IP address blocks:        212.74.62.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:07:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:51:d3:2f:bd:7a:c5:50:ff:ca:1f:04:32:96:1a:35:f6:f8:15:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 25 03:17:18 2026 GMT
            Not After : Feb 24 03:22:18 2027 GMT
        Subject: CN=00533D897CE02BEC0EA4EA5FE020B006573C5358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:61:5d:eb:19:51:af:b0:e7:0b:64:d3:68:2a:
                    85:bc:aa:5b:d8:ef:1a:88:76:8b:fb:0e:61:35:80:
                    26:85:60:76:d4:9b:10:84:15:52:7c:fe:da:cb:59:
                    77:9d:cd:12:d8:80:f3:e5:ba:0d:94:2e:82:e0:49:
                    14:16:2d:8e:38:43:12:d0:4d:b9:63:92:49:d0:d8:
                    07:65:60:bc:61:4d:ca:97:e0:09:9b:dc:b5:41:1e:
                    91:76:d7:eb:9e:0d:f3:af:58:bf:ca:84:12:e5:ac:
                    7e:2c:0e:5f:4d:79:6f:f6:4a:3e:c2:71:6b:79:db:
                    be:fe:52:ab:44:e7:0d:b4:0c:e9:fb:07:50:4a:0d:
                    7b:43:e8:26:1b:25:8a:d8:23:a6:7b:76:a6:92:64:
                    9a:46:77:58:67:c5:a7:4d:11:76:a1:a4:a3:52:5c:
                    c4:dd:72:f5:84:a8:d2:ce:52:9d:81:07:f6:20:65:
                    42:b5:6a:71:e6:55:e4:b3:4a:d2:60:71:78:50:4c:
                    d0:a2:65:1e:2a:a4:dc:d9:a2:cc:3d:13:12:6a:7b:
                    ac:3b:f7:40:b3:38:62:1a:e3:91:67:7d:9b:f2:c5:
                    97:4b:f3:e3:e6:d3:3d:fb:26:00:2c:9a:be:2f:b7:
                    8f:da:71:65:10:14:fb:d5:2b:0a:0e:d9:67:7e:df:
                    6b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:53:3D:89:7C:E0:2B:EC:0E:A4:EA:5F:E0:20:B0:06:57:3C:53:58
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:3a:cb:e2:6a:42:f9:7e:0c:64:9a:d4:f3:20:7f:bc:3b:d8:
         6f:fb:20:07:65:8c:d5:d5:32:1a:30:6d:e9:eb:60:ce:ca:87:
         85:42:30:1a:84:f1:3a:43:8f:a3:80:69:62:64:15:08:5e:80:
         1d:0a:a4:97:b9:f4:52:c1:1d:2a:0c:5d:19:9b:50:bf:de:88:
         dc:7a:58:ec:71:8e:d0:85:71:f6:0a:95:8c:bd:3b:50:6a:a0:
         f1:f1:c1:98:83:51:5d:45:64:45:bc:96:24:de:4b:5b:f0:f6:
         bc:1e:cf:f3:23:eb:d4:a2:7f:bf:56:65:f7:01:22:9b:a6:7a:
         1d:86:9c:f5:c1:e7:3f:c4:84:a7:33:9b:e1:f6:c0:5e:40:7c:
         37:b9:a3:8e:d4:ce:f8:f8:ac:1f:98:30:5f:be:1f:7c:69:61:
         cb:aa:f5:a5:ef:c9:08:af:14:be:91:2f:4c:f4:2e:72:b3:83:
         69:ca:55:bd:1a:b1:3d:7e:7d:bc:0c:41:de:69:42:d3:9c:e6:
         6e:50:4d:a4:fe:2b:bc:d3:15:79:65:07:dc:71:76:8a:3a:f2:
         fc:a5:7e:d0:6a:67:ed:9c:f9:2e:4b:e5:b3:60:65:81:9c:f7:
         33:c7:15:ca:d1:c9:88:a6:86:dd:f0:f1:46:b3:89:6e:96:f4:
         03:67:08:e3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUM1HTL716xVD/yh8EMpYaNfb4FUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMjUwMzE3MThaFw0yNzAyMjQwMzIyMThaMDMxMTAvBgNV
BAMTKDAwNTMzRDg5N0NFMDJCRUMwRUE0RUE1RkUwMjBCMDA2NTczQzUzNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWYV3rGVGvsOcLZNNoKoW8qlvY
7xqIdov7DmE1gCaFYHbUmxCEFVJ8/trLWXedzRLYgPPlug2ULoLgSRQWLY44QxLQ
TbljkknQ2AdlYLxhTcqX4Amb3LVBHpF21+ueDfOvWL/KhBLlrH4sDl9NeW/2Sj7C
cWt5277+UqtE5w20DOn7B1BKDXtD6CYbJYrYI6Z7dqaSZJpGd1hnxadNEXahpKNS
XMTdcvWEqNLOUp2BB/YgZUK1anHmVeSzStJgcXhQTNCiZR4qpNzZosw9ExJqe6w7
90CzOGIa45FnfZvyxZdL8+Pm0z37JgAsmr4vt4/acWUQFPvVKwoO2Wd+32uVAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUAFM9iXzgK+wOpOpf4CCwBlc8U1gwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1Eo+MA0G
CSqGSIb3DQEBCwUAA4IBAQBkOsviakL5fgxkmtTzIH+8O9hv+yAHZYzV1TIaMG3p
62DOyoeFQjAahPE6Q4+jgGliZBUIXoAdCqSXufRSwR0qDF0Zm1C/3ojceljscY7Q
hXH2CpWMvTtQaqDx8cGYg1FdRWRFvJYk3ktb8Pa8Hs/zI+vUon+/VmX3ASKbpnod
hpz1wec/xISnM5vh9sBeQHw3uaOO1M74+KwfmDBfvh98aWHLqvWl78kIrxS+kS9M
9C5ys4NpylW9GrE9fn28DEHeaULTnOZuUE2k/iu80xV5ZQfccXaKOvL8pX7Qamft
nPkuS+WzYGWBnPczxxXK0cmIpobd8PFGs4lulvQDZwjj
-----END CERTIFICATE-----