Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31372e302f32342d3234203d3e20383334.roa
File:                     352e3139392e31372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          +EHZD6gKdtqqFEioml53d5OoDdONstmP6l+u1w/ewGk=
Subject key identifier:   62:1A:F4:97:10:73:51:D6:77:BA:5A:06:2E:0F:F7:3D:4F:C1:84:CD
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       247902F4C41D71F2C7FC231833583E5D4077A0FC
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31372e302f32342d3234203d3e20383334.roa
Signing time:             Wed 25 Feb 2026 03:10:08 +0000
ROA not before:           Wed 25 Feb 2026 03:05:08 +0000
ROA not after:            Wed 24 Feb 2027 03:10:08 +0000
asID:                     834
IP address blocks:        5.199.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:79:02:f4:c4:1d:71:f2:c7:fc:23:18:33:58:3e:5d:40:77:a0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 25 03:05:08 2026 GMT
            Not After : Feb 24 03:10:08 2027 GMT
        Subject: CN=621AF497107351D677BA5A062E0FF73D4FC184CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6d:98:b4:c0:8f:e6:77:47:d2:4a:42:c4:35:
                    5b:eb:3b:5f:51:a1:7f:7d:34:d4:aa:5d:3d:1f:a0:
                    35:63:85:e9:63:d3:6d:1d:64:0f:66:81:6d:80:fe:
                    f8:67:f2:29:84:ca:48:ec:31:20:3a:11:b6:a8:c7:
                    65:3e:ea:62:cf:aa:2f:01:e0:e9:7b:a8:c4:d3:c8:
                    59:07:cb:01:1b:29:c9:c6:c1:09:40:36:99:6c:34:
                    b7:85:47:c8:df:17:08:5c:e8:0e:8e:ff:02:aa:14:
                    cd:28:6b:76:f9:7d:b7:a9:22:c8:fd:6e:28:8b:b1:
                    4e:23:9e:2b:d3:94:a4:e5:9d:c5:ee:f3:40:66:a5:
                    22:a8:85:68:56:7b:53:77:46:06:29:ae:ab:a8:bf:
                    62:b2:ca:a5:93:80:18:7c:65:5f:3b:09:7a:19:15:
                    93:30:1b:07:20:45:02:ee:70:e4:a5:68:e7:78:e7:
                    38:6d:e0:9c:18:4a:1a:1d:7c:0b:83:ac:2f:45:94:
                    bf:65:44:00:fc:76:28:dd:ff:1b:0f:c0:e5:fd:e1:
                    e8:26:3d:b1:35:9e:c6:7c:54:bf:8b:6b:a7:24:7b:
                    1d:c4:3a:19:06:f1:90:dc:d4:3f:35:5a:72:1f:de:
                    b0:ee:9b:df:b7:58:e6:88:b5:68:c9:8b:b4:40:ac:
                    a0:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:1A:F4:97:10:73:51:D6:77:BA:5A:06:2E:0F:F7:3D:4F:C1:84:CD
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:df:0c:67:e3:26:cd:23:a1:66:99:39:aa:3a:d2:8e:fa:8e:
         2e:96:a4:2d:21:82:d4:a2:ec:76:65:27:e0:04:f0:3b:54:8a:
         41:1c:dd:5b:d1:dd:32:b2:1e:7c:63:1b:89:46:e7:39:07:53:
         4a:1c:55:17:22:85:58:90:f6:35:02:e2:d5:ce:af:67:59:da:
         82:e4:44:17:52:e9:17:d4:6a:3a:e3:78:88:ca:38:08:45:9b:
         8a:9a:53:e6:e1:2d:33:dd:fc:b1:5f:a1:e4:17:24:ea:4b:85:
         59:57:38:e2:00:bf:b9:6f:5b:a2:1e:c8:9d:20:b0:bb:97:f1:
         6d:9d:18:cc:98:72:18:a6:6b:41:17:89:a9:b9:a8:00:0d:84:
         12:03:a2:51:9c:b7:94:10:cf:7c:fb:d3:9a:3c:44:eb:09:c0:
         5b:50:30:e1:36:23:5e:10:32:9c:44:79:41:93:67:60:0d:da:
         37:45:0b:1d:54:5d:15:94:e4:40:fa:81:24:e4:f2:5d:14:32:
         d3:35:5b:9d:d6:68:ee:12:49:04:ab:48:61:79:ca:6f:3d:ea:
         57:1a:fc:ac:01:3d:04:c9:f5:60:c8:4a:e7:b7:b7:bd:a6:7d:
         99:30:92:ad:02:e1:be:54:1d:3b:ec:23:f6:ab:12:10:f6:1b:
         57:fa:28:02
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUJHkC9MQdcfLH/CMYM1g+XUB3oPwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMjUwMzA1MDhaFw0yNzAyMjQwMzEwMDhaMDMxMTAvBgNV
BAMTKDYyMUFGNDk3MTA3MzUxRDY3N0JBNUEwNjJFMEZGNzNENEZDMTg0Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPbZi0wI/md0fSSkLENVvrO19R
oX99NNSqXT0foDVjhelj020dZA9mgW2A/vhn8imEykjsMSA6Ebaox2U+6mLPqi8B
4Ol7qMTTyFkHywEbKcnGwQlANplsNLeFR8jfFwhc6A6O/wKqFM0oa3b5fbepIsj9
biiLsU4jnivTlKTlncXu80BmpSKohWhWe1N3RgYprquov2KyyqWTgBh8ZV87CXoZ
FZMwGwcgRQLucOSlaOd45zht4JwYShodfAuDrC9FlL9lRAD8dijd/xsPwOX94egm
PbE1nsZ8VL+La6ckex3EOhkG8ZDc1D81WnIf3rDum9+3WOaItWjJi7RArKCNAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUYhr0lxBzUdZ3uloGLg/3PU/BhM0wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXHETANBgkq
hkiG9w0BAQsFAAOCAQEA2t8MZ+MmzSOhZpk5qjrSjvqOLpakLSGC1KLsdmUn4ATw
O1SKQRzdW9HdMrIefGMbiUbnOQdTShxVFyKFWJD2NQLi1c6vZ1naguREF1LpF9Rq
OuN4iMo4CEWbippT5uEtM938sV+h5Bck6kuFWVc44gC/uW9boh7InSCwu5fxbZ0Y
zJhyGKZrQReJqbmoAA2EEgOiUZy3lBDPfPvTmjxE6wnAW1Aw4TYjXhAynER5QZNn
YA3aN0ULHVRdFZTkQPqBJOTyXRQy0zVbndZo7hJJBKtIYXnKbz3qVxr8rAE9BMn1
YMhK57e3vaZ9mTCSrQLhvlQdO+wj9qsSEPYbV/ooAg==
-----END CERTIFICATE-----