Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e32392e302f32342d3234203d3e20383334.roa
File:                     352e3139392e32392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          W2d4oVaowp/o949RJfDNYX4KYtWVqXjB2/I7Q3lvWEg=
Subject key identifier:   91:08:DD:AD:8C:8B:08:6F:A8:46:44:66:30:04:8F:FF:3C:60:8C:1E
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       4657FA8765143148C368C27BADB59232D938DA71
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e32392e302f32342d3234203d3e20383334.roa
Signing time:             Wed 08 Apr 2026 06:41:53 +0000
ROA not before:           Wed 08 Apr 2026 06:36:53 +0000
ROA not after:            Wed 07 Apr 2027 06:41:53 +0000
asID:                     834
IP address blocks:        5.199.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:57:fa:87:65:14:31:48:c3:68:c2:7b:ad:b5:92:32:d9:38:da:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  8 06:36:53 2026 GMT
            Not After : Apr  7 06:41:53 2027 GMT
        Subject: CN=9108DDAD8C8B086FA846446630048FFF3C608C1E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d3:60:9c:16:19:d3:c5:7c:11:1d:dd:51:b5:
                    2b:8b:27:fb:45:80:0b:8b:60:43:fc:fe:e0:a0:ce:
                    f3:9b:59:1c:b0:00:a3:d7:9d:d9:77:94:de:41:03:
                    52:fe:a4:6f:83:ca:e7:cc:c0:67:e5:a6:a2:48:33:
                    2f:20:d9:cb:f2:53:07:39:ac:37:2e:1d:53:14:52:
                    f9:4f:85:62:2d:1a:79:00:19:38:d7:f7:e3:99:60:
                    12:95:8a:7e:23:fc:fd:0c:f4:98:43:3d:3a:d4:f8:
                    24:ff:bc:45:a3:3e:f0:ef:15:a0:1c:76:40:3a:db:
                    83:e4:85:ec:a5:0a:52:44:13:0f:4d:b1:f4:f9:29:
                    a6:4a:4b:c6:cc:85:98:cd:85:03:ec:bd:35:57:6f:
                    2c:67:bf:f0:c3:06:70:ad:97:3c:b1:19:f3:c5:de:
                    99:fa:30:b0:f5:8f:d5:ff:35:2b:c9:81:43:b0:a2:
                    da:2e:23:89:a7:61:c6:f5:e9:ee:fb:c7:96:4c:c7:
                    15:8d:d6:6f:df:a2:75:ae:32:04:87:73:0a:09:92:
                    b4:8d:f7:39:cf:90:ef:74:6e:bf:65:50:37:80:16:
                    81:8a:ad:45:e6:d7:e6:79:f2:9f:10:af:e3:bd:86:
                    ea:5d:0e:57:09:ad:56:b0:49:b8:0e:88:14:87:45:
                    a6:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:08:DD:AD:8C:8B:08:6F:A8:46:44:66:30:04:8F:FF:3C:60:8C:1E
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e32392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:9e:fc:af:15:6d:fc:a7:96:4a:39:a6:7b:09:4c:ca:50:23:
         31:de:3f:0f:7a:ee:af:f6:8f:9d:d2:70:23:25:37:93:0e:b0:
         86:1d:0b:25:6c:5d:a9:be:cc:2c:77:95:20:9b:41:b1:67:b5:
         97:e7:3b:1d:62:e5:5c:78:c1:82:84:cf:92:53:58:db:ce:6c:
         ac:e9:d1:12:93:45:74:71:6c:39:75:2f:6d:41:02:2d:9a:a0:
         53:cb:45:88:bc:8a:55:ba:f1:16:68:67:b5:81:a2:7b:37:ed:
         53:d1:67:ee:17:f0:fc:12:ac:ce:ee:27:7e:8d:02:da:a1:c2:
         d3:e9:8f:7c:48:bd:e3:09:e9:9e:68:8a:2f:3d:45:da:28:cf:
         b0:22:ce:5c:ff:1f:1b:f1:0e:07:4d:5a:0d:d0:8b:d0:fa:fc:
         2d:f8:ae:a2:dd:f5:a6:27:35:26:c9:47:2f:08:7a:94:31:5d:
         80:c4:86:35:c3:ab:9f:7d:b4:9c:70:04:a0:47:2f:e3:e7:86:
         e6:75:74:be:90:26:5b:8d:8c:3c:26:64:6d:ed:e5:35:50:ff:
         f6:ae:4a:08:a3:18:71:bb:ec:4b:a1:45:d4:2d:3a:9a:2c:2e:
         c9:56:51:a6:4d:12:43:2c:82:2a:33:de:1d:47:f8:61:dc:6f:
         1d:78:9d:22
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIURlf6h2UUMUjDaMJ7rbWSMtk42nEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDgwNjM2NTNaFw0yNzA0MDcwNjQxNTNaMDMxMTAvBgNV
BAMTKDkxMDhEREFEOEM4QjA4NkZBODQ2NDQ2NjMwMDQ4RkZGM0M2MDhDMUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm02CcFhnTxXwRHd1RtSuLJ/tF
gAuLYEP8/uCgzvObWRywAKPXndl3lN5BA1L+pG+DyufMwGflpqJIMy8g2cvyUwc5
rDcuHVMUUvlPhWItGnkAGTjX9+OZYBKVin4j/P0M9JhDPTrU+CT/vEWjPvDvFaAc
dkA624PkheylClJEEw9NsfT5KaZKS8bMhZjNhQPsvTVXbyxnv/DDBnCtlzyxGfPF
3pn6MLD1j9X/NSvJgUOwotouI4mnYcb16e77x5ZMxxWN1m/fonWuMgSHcwoJkrSN
9znPkO90br9lUDeAFoGKrUXm1+Z58p8Qr+O9hupdDlcJrVawSbgOiBSHRaYVAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUkQjdrYyLCG+oRkRmMASP/zxgjB4wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzIzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXHHTANBgkq
hkiG9w0BAQsFAAOCAQEAqZ78rxVt/KeWSjmmewlMylAjMd4/D3rur/aPndJwIyU3
kw6whh0LJWxdqb7MLHeVIJtBsWe1l+c7HWLlXHjBgoTPklNY285srOnREpNFdHFs
OXUvbUECLZqgU8tFiLyKVbrxFmhntYGiezftU9Fn7hfw/BKszu4nfo0C2qHC0+mP
fEi94wnpnmiKLz1F2ijPsCLOXP8fG/EOB01aDdCL0Pr8Lfiuot31pic1JslHLwh6
lDFdgMSGNcOrn320nHAEoEcv4+eG5nV0vpAmW42MPCZkbe3lNVD/9q5KCKMYcbvs
S6FF1C06miwuyVZRpk0SQyyCKjPeHUf4YdxvHXidIg==
-----END CERTIFICATE-----