Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32342d3234203d3e20383334.roa
File:                     352e3139392e322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rN4Gemgtt3oLS4TJBHf8ddQU/67Wbk9fV3w0SaJ9h/g=
Subject key identifier:   6F:E3:B9:95:CA:32:04:59:DE:7F:52:FE:4E:F7:D7:32:AB:1A:4E:77
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       5030A247B21AFC9661ACF66A809B8264367C748D
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32342d3234203d3e20383334.roa
Signing time:             Tue 31 Mar 2026 20:38:47 +0000
ROA not before:           Tue 31 Mar 2026 20:33:47 +0000
ROA not after:            Tue 30 Mar 2027 20:38:47 +0000
asID:                     834
IP address blocks:        5.199.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:30:a2:47:b2:1a:fc:96:61:ac:f6:6a:80:9b:82:64:36:7c:74:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 31 20:33:47 2026 GMT
            Not After : Mar 30 20:38:47 2027 GMT
        Subject: CN=6FE3B995CA320459DE7F52FE4EF7D732AB1A4E77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:00:a4:ef:d3:63:e6:b2:12:2e:4c:9f:51:48:
                    55:df:54:42:31:1e:db:15:10:c2:aa:2b:45:db:fd:
                    da:11:01:a5:09:6f:27:4a:eb:0b:a5:ca:df:94:2c:
                    3f:ff:26:14:72:db:e4:5f:36:49:19:41:a8:aa:e5:
                    1f:20:6c:89:f0:b4:36:0e:69:d2:0c:77:b2:59:f9:
                    a9:30:43:7c:ef:d1:ee:55:12:99:03:6f:a5:3d:64:
                    30:f6:92:c7:3d:a2:9f:1e:fa:e7:da:9d:09:06:f8:
                    18:7a:81:fe:5f:f4:7b:88:b2:bb:4f:da:bd:d1:84:
                    16:e9:40:f3:51:4d:aa:f3:dd:03:28:b4:d4:1d:af:
                    27:24:c2:a1:df:9d:a7:df:dd:bc:7f:42:64:b3:0d:
                    2f:26:07:7b:eb:85:6d:ba:f7:bc:ba:67:22:e0:50:
                    04:25:0d:31:eb:fb:d9:e6:cb:c8:3f:db:2f:4f:0c:
                    36:cf:21:1e:92:b6:b0:a6:71:b3:85:fc:6c:36:54:
                    df:e4:03:5e:a4:dc:76:84:ae:2a:ec:ae:cb:ff:b2:
                    6d:c0:c8:e2:73:7c:c2:cb:b6:f7:2b:28:f6:b4:3f:
                    e5:3f:08:c5:c5:11:8a:ce:d5:17:90:83:82:6f:53:
                    5c:42:4c:8f:68:64:fd:f1:13:1d:e1:c2:23:42:81:
                    fe:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E3:B9:95:CA:32:04:59:DE:7F:52:FE:4E:F7:D7:32:AB:1A:4E:77
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:58:bb:50:98:2e:48:15:0d:25:29:62:ff:98:fe:17:d8:57:
         eb:ef:48:00:15:3c:a5:c2:4d:39:e4:a6:91:7d:99:a7:fd:e2:
         d2:82:87:8b:38:d5:50:ed:de:33:d6:48:55:18:85:80:3f:b6:
         09:10:1a:a2:40:79:63:4d:36:e7:b2:81:d5:02:54:56:f4:87:
         3f:81:a4:c3:43:63:2a:2c:7f:3f:68:62:ee:6f:ad:1c:b2:e1:
         b5:f3:24:f0:3e:b1:17:21:a3:80:71:dc:ef:d4:02:b1:af:04:
         aa:15:49:8f:0b:71:29:4a:66:9e:98:2a:88:49:79:82:1e:f6:
         40:e5:3c:65:e4:df:cf:73:61:a1:6f:2b:99:7f:29:26:a9:3d:
         42:42:f1:e8:84:b5:05:86:b8:55:80:ab:c9:e3:1b:d6:a4:de:
         78:4e:36:9d:ba:14:a2:d9:84:05:01:f5:5e:18:d5:f2:7d:5c:
         5a:67:17:69:1d:ee:a0:fb:bc:2c:97:52:ac:13:50:9b:93:bb:
         61:3d:ab:72:f6:00:fa:27:0f:c9:a2:54:94:0e:c5:01:4e:12:
         2f:da:45:75:5c:7c:0e:d5:c8:57:6e:26:b1:17:6d:83:77:97:
         4e:fa:1a:ba:ae:5d:cd:20:2e:e6:58:bd:9b:1f:38:37:51:03:
         18:18:8d:f2
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgIUUDCiR7Ia/JZhrPZqgJuCZDZ8dI0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMzEyMDMzNDdaFw0yNzAzMzAyMDM4NDdaMDMxMTAvBgNV
BAMTKDZGRTNCOTk1Q0EzMjA0NTlERTdGNTJGRTRFRjdENzMyQUIxQTRFNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3AKTv02PmshIuTJ9RSFXfVEIx
HtsVEMKqK0Xb/doRAaUJbydK6wulyt+ULD//JhRy2+RfNkkZQaiq5R8gbInwtDYO
adIMd7JZ+akwQ3zv0e5VEpkDb6U9ZDD2ksc9op8e+ufanQkG+Bh6gf5f9HuIsrtP
2r3RhBbpQPNRTarz3QMotNQdryckwqHfnaff3bx/QmSzDS8mB3vrhW2697y6ZyLg
UAQlDTHr+9nmy8g/2y9PDDbPIR6StrCmcbOF/Gw2VN/kA16k3HaErirsrsv/sm3A
yOJzfMLLtvcrKPa0P+U/CMXFEYrO1ReQg4JvU1xCTI9oZP3xEx3hwiNCgf41AgMB
AAGjggIzMIICLzAdBgNVHQ4EFgQUb+O5lcoyBFnef1L+TvfXMqsaTncwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaMGCCsGAQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzIyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQOMAwwCgYI
KwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFxwIwDQYJKoZI
hvcNAQELBQADggEBADhYu1CYLkgVDSUpYv+Y/hfYV+vvSAAVPKXCTTnkppF9maf9
4tKCh4s41VDt3jPWSFUYhYA/tgkQGqJAeWNNNueygdUCVFb0hz+BpMNDYyosfz9o
Yu5vrRyy4bXzJPA+sRcho4Bx3O/UArGvBKoVSY8LcSlKZp6YKohJeYIe9kDlPGXk
389zYaFvK5l/KSapPUJC8eiEtQWGuFWAq8njG9ak3nhONp26FKLZhAUB9V4Y1fJ9
XFpnF2kd7qD7vCyXUqwTUJuTu2E9q3L2APonD8miVJQOxQFOEi/aRXVcfA7VyFdu
JrEXbYN3l076GrquXc0gLuZYvZsfODdRAxgYjfI=
-----END CERTIFICATE-----