Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31312e302f32342d3234203d3e20383334.roa
File:                     352e3139392e31312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          835bBfoxQf9gnWckeL1wZzTk2wY6Pl/ZAAwgMmGaDlg=
Subject key identifier:   72:68:EA:9A:97:01:02:DB:DC:08:3F:E8:13:D3:7B:B3:C6:E0:74:F8
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       22C08114B320C2A759AA0433BE725D0431C563A6
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31312e302f32342d3234203d3e20383334.roa
Signing time:             Thu 02 Apr 2026 04:38:31 +0000
ROA not before:           Thu 02 Apr 2026 04:33:31 +0000
ROA not after:            Thu 01 Apr 2027 04:38:31 +0000
asID:                     834
IP address blocks:        5.199.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:c0:81:14:b3:20:c2:a7:59:aa:04:33:be:72:5d:04:31:c5:63:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  2 04:33:31 2026 GMT
            Not After : Apr  1 04:38:31 2027 GMT
        Subject: CN=7268EA9A970102DBDC083FE813D37BB3C6E074F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:69:60:d0:33:22:7b:8f:86:9d:54:f5:b1:
                    3c:b2:e5:d9:d3:e4:42:f5:6b:30:c6:3c:4e:78:3d:
                    84:ea:d1:96:a0:4a:06:c6:08:6e:ac:d8:1d:3a:75:
                    de:d3:92:3a:72:d5:67:96:f4:00:73:4f:43:87:45:
                    8c:c2:77:40:3f:f4:f8:56:da:2d:7b:1b:86:29:58:
                    af:1f:9d:bb:6b:b1:01:71:e1:21:71:58:30:0d:b2:
                    b7:32:29:42:ba:c4:f0:bf:be:a3:58:96:29:83:68:
                    5d:1d:ea:e1:47:b5:d8:33:77:91:93:f0:a6:1c:c0:
                    26:25:0b:30:88:76:d8:23:2e:24:73:64:82:d2:ef:
                    50:5b:19:56:e2:5c:d4:1b:08:7c:21:5d:65:97:1b:
                    43:5c:40:d5:21:b6:e0:b0:68:14:cf:b6:33:07:e4:
                    3c:4e:c9:13:d6:59:6f:27:bb:b9:4c:3d:a1:9c:3c:
                    08:2e:1d:54:7a:de:e0:e2:c7:7c:d7:c0:dc:78:02:
                    86:17:0d:81:1e:24:31:62:70:d3:71:25:cd:18:8e:
                    78:3c:de:d3:ef:93:26:70:e3:12:e0:e8:41:09:62:
                    6d:24:58:aa:be:b7:2e:06:23:69:61:10:63:a4:33:
                    47:84:95:bd:d9:10:8b:31:b4:92:7e:67:a9:7a:2f:
                    bf:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:68:EA:9A:97:01:02:DB:DC:08:3F:E8:13:D3:7B:B3:C6:E0:74:F8
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:b7:4a:c5:ca:25:8d:d9:fd:6a:50:ce:72:a7:38:c3:b7:5d:
         27:02:81:47:e3:3c:91:73:f4:88:12:71:b4:fe:4b:b0:64:b3:
         80:71:52:d6:6a:f9:31:63:47:5c:bf:6c:41:65:b3:67:fb:e3:
         fa:eb:01:34:72:ef:63:33:75:2f:a1:4d:24:af:da:fd:d1:28:
         b1:90:5f:6a:77:d5:ef:7b:2e:72:a2:d1:f2:91:b2:6a:b7:38:
         a4:95:0b:ec:f8:1c:fc:26:97:be:07:a0:e3:96:cc:51:16:c7:
         cb:79:6a:f7:01:7d:00:ec:42:55:10:20:a9:dd:20:c3:cd:0e:
         32:59:01:c3:76:32:44:c2:42:e0:54:20:3f:d7:ac:93:34:63:
         e2:eb:26:82:38:70:63:3e:37:5c:8a:e9:12:db:43:45:54:e3:
         6d:bd:f4:73:7f:9c:2e:35:1c:29:c2:c0:dc:d7:b4:9f:1e:d5:
         02:97:fd:09:64:3a:8d:f4:6d:d8:66:af:5d:72:10:04:db:f2:
         d4:67:de:76:2a:5a:cc:73:46:94:dc:3b:8e:ed:3c:e1:9d:11:
         49:31:db:1a:96:9f:53:db:e0:22:8d:19:a9:3d:17:3f:79:0e:
         d1:4d:13:7e:aa:d0:15:75:bf:c8:7f:47:05:a4:07:7c:1d:88:
         a7:53:1d:44
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUIsCBFLMgwqdZqgQzvnJdBDHFY6YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDIwNDMzMzFaFw0yNzA0MDEwNDM4MzFaMDMxMTAvBgNV
BAMTKDcyNjhFQTlBOTcwMTAyREJEQzA4M0ZFODEzRDM3QkIzQzZFMDc0RjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVb2lg0DMie4+GnVT1sTyy5dnT
5EL1azDGPE54PYTq0ZagSgbGCG6s2B06dd7Tkjpy1WeW9ABzT0OHRYzCd0A/9PhW
2i17G4YpWK8fnbtrsQFx4SFxWDANsrcyKUK6xPC/vqNYlimDaF0d6uFHtdgzd5GT
8KYcwCYlCzCIdtgjLiRzZILS71BbGVbiXNQbCHwhXWWXG0NcQNUhtuCwaBTPtjMH
5DxOyRPWWW8nu7lMPaGcPAguHVR63uDix3zXwNx4AoYXDYEeJDFicNNxJc0Yjng8
3tPvkyZw4xLg6EEJYm0kWKq+ty4GI2lhEGOkM0eElb3ZEIsxtJJ+Z6l6L783AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUcmjqmpcBAtvcCD/oE9N7s8bgdPgwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXHCzANBgkq
hkiG9w0BAQsFAAOCAQEAgLdKxcoljdn9alDOcqc4w7ddJwKBR+M8kXP0iBJxtP5L
sGSzgHFS1mr5MWNHXL9sQWWzZ/vj+usBNHLvYzN1L6FNJK/a/dEosZBfanfV73su
cqLR8pGyarc4pJUL7Pgc/CaXvgeg45bMURbHy3lq9wF9AOxCVRAgqd0gw80OMlkB
w3YyRMJC4FQgP9eskzRj4usmgjhwYz43XIrpEttDRVTjbb30c3+cLjUcKcLA3Ne0
nx7VApf9CWQ6jfRt2GavXXIQBNvy1GfedipazHNGlNw7ju084Z0RSTHbGpafU9vg
Io0ZqT0XP3kO0U0TfqrQFXW/yH9HBaQHfB2Ip1MdRA==
-----END CERTIFICATE-----