Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31382e302f32342d3234203d3e20383334.roa
File:                     352e3139392e31382e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          Dl4s9adwYOUZWwq3LSuAtl/z4lMhpfTmsgzOciloNMs=
Subject key identifier:   23:5B:4E:F5:03:6D:90:D9:D9:0B:98:F5:EF:E5:2F:D8:4F:1A:09:93
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       7377DD6FD94D73916E9CC2F08E1697052BF4126C
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31382e302f32342d3234203d3e20383334.roa
Signing time:             Wed 08 Apr 2026 06:41:54 +0000
ROA not before:           Wed 08 Apr 2026 06:36:54 +0000
ROA not after:            Wed 07 Apr 2027 06:41:54 +0000
asID:                     834
IP address blocks:        5.199.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:77:dd:6f:d9:4d:73:91:6e:9c:c2:f0:8e:16:97:05:2b:f4:12:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  8 06:36:54 2026 GMT
            Not After : Apr  7 06:41:54 2027 GMT
        Subject: CN=235B4EF5036D90D9D90B98F5EFE52FD84F1A0993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9c:0f:55:da:16:9d:c9:03:bb:39:ec:87:4b:
                    0e:93:35:c4:42:08:43:dd:15:d6:76:15:9a:5f:fd:
                    a2:53:9a:d0:55:54:8f:72:ab:c7:25:86:a1:73:e4:
                    db:6f:f8:ae:bf:7a:49:d4:70:da:6c:e4:7d:45:56:
                    03:48:1f:7f:12:42:62:a4:a3:9a:98:39:5c:99:24:
                    d8:cc:ad:0e:18:28:50:c0:f1:65:59:d2:5d:95:5d:
                    9d:4d:ea:dd:7d:a1:a0:2c:03:0c:e5:16:f1:a2:de:
                    3d:dd:9f:7f:74:5c:17:f2:39:0d:b4:2e:67:91:78:
                    f5:da:ae:ac:dd:6d:dd:dd:fa:c6:c5:26:b2:16:1b:
                    fe:07:d1:63:6c:b2:72:7a:fa:da:f7:fc:3a:39:07:
                    9e:2a:bf:d2:7a:52:6f:82:d2:f3:d5:e3:6a:8c:83:
                    8f:17:16:8b:9f:af:cb:da:ee:83:4b:c5:b7:ab:86:
                    10:06:68:11:b8:25:75:c3:12:9c:44:f2:a0:9e:01:
                    1d:a9:dd:15:c2:50:a7:7e:2d:a0:9b:75:a4:80:49:
                    b6:85:a4:a9:67:53:b3:e1:dc:15:55:c4:01:f6:67:
                    c4:57:46:73:39:69:3e:00:a9:6f:e4:d6:a1:4b:6e:
                    9a:93:56:1c:16:9b:2f:4f:6d:75:b3:4b:14:b1:62:
                    76:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:5B:4E:F5:03:6D:90:D9:D9:0B:98:F5:EF:E5:2F:D8:4F:1A:09:93
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e31382e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:df:0c:9a:5c:9a:59:61:81:de:eb:47:aa:ee:be:2e:db:ca:
         6d:50:25:31:b3:be:dd:d3:14:da:fb:64:be:9e:8d:42:d7:22:
         b3:bd:75:7e:21:cc:ad:a5:86:c9:6f:29:01:26:1c:a8:a6:cc:
         ea:be:c1:f3:20:14:3b:04:b9:cc:e1:30:b9:a4:5b:97:c0:08:
         1f:50:b8:a8:dd:da:52:48:59:8b:b6:69:88:b5:47:c9:ac:4e:
         fe:23:66:6f:98:70:f3:2b:a8:ab:9d:ab:dd:f3:cd:d7:38:26:
         1b:e4:43:65:e2:fc:54:22:1c:e3:ed:91:62:31:57:f8:4e:a9:
         68:65:c9:37:58:42:e6:b7:36:69:eb:58:84:f8:80:99:7a:35:
         89:64:2c:1f:ec:3d:3f:6f:92:f1:63:ea:3a:dd:8c:c8:ca:1d:
         3a:3a:b3:32:ef:63:44:0d:9c:2c:cf:1c:d8:8d:ab:af:56:d3:
         74:90:2b:1b:4a:eb:d4:4e:0b:1b:7b:c6:0a:a0:b0:80:c5:cf:
         15:b8:3a:a5:4d:ff:7e:87:de:e5:c8:aa:72:8a:11:73:20:59:
         9e:e6:25:cb:b0:16:28:a2:08:33:f0:98:6f:45:30:b0:b5:73:
         f4:47:6e:f5:8f:7f:d1:41:ac:28:ed:64:1f:53:77:c4:5a:1c:
         8d:24:c1:8a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUc3fdb9lNc5FunMLwjhaXBSv0EmwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDgwNjM2NTRaFw0yNzA0MDcwNjQxNTRaMDMxMTAvBgNV
BAMTKDIzNUI0RUY1MDM2RDkwRDlEOTBCOThGNUVGRTUyRkQ4NEYxQTA5OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKnA9V2hadyQO7OeyHSw6TNcRC
CEPdFdZ2FZpf/aJTmtBVVI9yq8clhqFz5Ntv+K6/eknUcNps5H1FVgNIH38SQmKk
o5qYOVyZJNjMrQ4YKFDA8WVZ0l2VXZ1N6t19oaAsAwzlFvGi3j3dn390XBfyOQ20
LmeRePXarqzdbd3d+sbFJrIWG/4H0WNssnJ6+tr3/Do5B54qv9J6Um+C0vPV42qM
g48XFoufr8va7oNLxberhhAGaBG4JXXDEpxE8qCeAR2p3RXCUKd+LaCbdaSASbaF
pKlnU7Ph3BVVxAH2Z8RXRnM5aT4AqW/k1qFLbpqTVhwWmy9PbXWzSxSxYnY5AgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUI1tO9QNtkNnZC5j17+Uv2E8aCZMwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzEzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXHEjANBgkq
hkiG9w0BAQsFAAOCAQEAw98MmlyaWWGB3utHqu6+LtvKbVAlMbO+3dMU2vtkvp6N
Qtcis711fiHMraWGyW8pASYcqKbM6r7B8yAUOwS5zOEwuaRbl8AIH1C4qN3aUkhZ
i7ZpiLVHyaxO/iNmb5hw8yuoq52r3fPN1zgmG+RDZeL8VCIc4+2RYjFX+E6paGXJ
N1hC5rc2aetYhPiAmXo1iWQsH+w9P2+S8WPqOt2MyModOjqzMu9jRA2cLM8c2I2r
r1bTdJArG0rr1E4LG3vGCqCwgMXPFbg6pU3/fofe5ciqcooRcyBZnuYly7AWKKII
M/CYb0UwsLVz9Edu9Y9/0UGsKO1kH1N3xFocjSTBig==
-----END CERTIFICATE-----