Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36332e302f32342d3234203d3e20383334.roa
File:                     3231322e37342e36332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          G5KXPgeRkpzjNkRcM8U/bO8lbqE4t/svZucbgrPS3NQ=
Subject key identifier:   7F:C3:4B:B0:F0:60:DF:D1:35:BC:B9:CB:BB:32:F3:A4:74:B6:AA:E5
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       2E7273BDB8CE082EFE04D5F4E75C30144C9F6A88
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 02 Apr 2026 10:42:47 +0000
ROA not before:           Thu 02 Apr 2026 10:37:47 +0000
ROA not after:            Thu 01 Apr 2027 10:42:47 +0000
asID:                     834
IP address blocks:        212.74.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:72:73:bd:b8:ce:08:2e:fe:04:d5:f4:e7:5c:30:14:4c:9f:6a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  2 10:37:47 2026 GMT
            Not After : Apr  1 10:42:47 2027 GMT
        Subject: CN=7FC34BB0F060DFD135BCB9CBBB32F3A474B6AAE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:81:b7:67:84:58:c7:96:be:a0:b8:a4:b9:c1:
                    b3:c9:4d:7e:82:79:db:02:3c:43:e9:d7:8b:37:6c:
                    e9:21:e5:b1:dd:35:12:bc:98:6f:8c:06:03:e8:fc:
                    77:17:3d:6f:fd:de:0f:b6:cc:26:6a:4f:2e:6f:af:
                    69:36:19:6a:5e:cc:38:97:93:2e:25:c7:7a:8e:cb:
                    bf:9f:7c:ba:22:f9:e1:d3:34:72:44:87:35:7b:7f:
                    55:24:a4:09:63:64:ec:f8:25:a6:55:26:1e:16:e5:
                    d8:c7:1d:19:48:f2:be:a9:91:54:d8:81:e5:3d:9f:
                    6f:27:e3:5f:de:3f:50:f0:58:ea:1f:0d:35:06:dd:
                    53:fc:8a:31:5a:95:16:4e:b0:bd:37:3f:7a:e3:66:
                    b8:84:23:1c:b0:8d:ef:25:98:22:cb:dc:58:5a:9e:
                    2f:8c:00:77:06:d8:f4:a4:c5:2e:f9:91:aa:46:e3:
                    26:7e:63:45:83:0e:1d:f3:f9:5f:a6:8c:44:25:4d:
                    36:4c:f8:5f:e1:27:f7:92:46:22:6d:53:df:90:59:
                    1d:41:c0:ac:f0:8e:62:06:ac:f9:24:e9:62:06:65:
                    fc:1b:09:5c:ee:31:16:b8:c1:8e:7c:6e:65:81:a7:
                    00:fa:57:35:1e:52:aa:97:63:37:03:11:02:bf:bb:
                    03:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:C3:4B:B0:F0:60:DF:D1:35:BC:B9:CB:BB:32:F3:A4:74:B6:AA:E5
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e36332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:79:09:1b:90:6d:9c:6b:82:ea:72:75:c6:a4:e3:f1:91:aa:
         97:45:3a:37:30:59:29:b0:cf:c7:b2:b1:1b:2f:1e:b7:bd:97:
         63:4a:95:55:79:29:be:bb:38:0e:9e:e6:32:6b:eb:ca:97:16:
         d9:92:0f:f1:cf:b0:7c:04:33:e6:d9:41:b3:97:d9:f4:a0:be:
         f3:1f:54:7c:c2:96:30:63:6e:32:82:07:3a:34:5f:7a:21:e7:
         88:a5:93:b2:3a:c1:e7:d1:1e:ee:be:ac:9e:e5:99:96:76:84:
         a4:54:cc:c1:b4:8a:4d:51:e7:3a:9e:84:28:5a:90:b6:c9:d8:
         48:de:e1:d9:c2:44:09:ea:64:72:ee:16:24:7d:ab:af:73:c8:
         7b:cb:be:77:c6:09:a3:e3:2b:bf:2d:d7:c7:43:f3:b9:60:00:
         c4:3a:3c:1c:d7:bc:6d:44:15:ad:1f:43:9f:41:15:89:01:e5:
         18:5a:46:a1:9d:a9:62:67:8f:69:09:78:1c:c3:00:1a:d7:3d:
         ec:07:20:76:56:d4:f4:f0:da:b5:16:af:2e:14:0c:a8:7b:96:
         09:7d:41:bf:05:43:3f:4c:33:dd:5d:69:98:2f:34:30:49:41:
         3f:30:c6:64:56:a7:fa:c4:43:25:4d:a1:a0:b6:66:b5:88:4e:
         c3:40:ae:2d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIULnJzvbjOCC7+BNX051wwFEyfaogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDIxMDM3NDdaFw0yNzA0MDExMDQyNDdaMDMxMTAvBgNV
BAMTKDdGQzM0QkIwRjA2MERGRDEzNUJDQjlDQkJCMzJGM0E0NzRCNkFBRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCogbdnhFjHlr6guKS5wbPJTX6C
edsCPEPp14s3bOkh5bHdNRK8mG+MBgPo/HcXPW/93g+2zCZqTy5vr2k2GWpezDiX
ky4lx3qOy7+ffLoi+eHTNHJEhzV7f1UkpAljZOz4JaZVJh4W5djHHRlI8r6pkVTY
geU9n28n41/eP1DwWOofDTUG3VP8ijFalRZOsL03P3rjZriEIxywje8lmCLL3Fha
ni+MAHcG2PSkxS75kapG4yZ+Y0WDDh3z+V+mjEQlTTZM+F/hJ/eSRiJtU9+QWR1B
wKzwjmIGrPkk6WIGZfwbCVzuMRa4wY58bmWBpwD6VzUeUqqXYzcDEQK/uwOFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUf8NLsPBg39E1vLnLuzLzpHS2quUwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNjMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Eo/MA0G
CSqGSIb3DQEBCwUAA4IBAQCmeQkbkG2ca4LqcnXGpOPxkaqXRTo3MFkpsM/HsrEb
Lx63vZdjSpVVeSm+uzgOnuYya+vKlxbZkg/xz7B8BDPm2UGzl9n0oL7zH1R8wpYw
Y24yggc6NF96IeeIpZOyOsHn0R7uvqye5ZmWdoSkVMzBtIpNUec6noQoWpC2ydhI
3uHZwkQJ6mRy7hYkfauvc8h7y753xgmj4yu/LdfHQ/O5YADEOjwc17xtRBWtH0Of
QRWJAeUYWkahnaliZ49pCXgcwwAa1z3sByB2VtT08Nq1Fq8uFAyoe5YJfUG/BUM/
TDPdXWmYLzQwSUE/MMZkVqf6xEMlTaGgtma1iE7DQK4t
-----END CERTIFICATE-----