Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e332e302f32342d3234203d3e20313939363439.roa
File:                     352e3139392e332e302f32342d3234203d3e20313939363439.roa (raw, json)
Hash identifier:          zB8Nc4HB7rzU7U1vjve5qRF79YSvmiyoggqaIFuc07A=
Subject key identifier:   3D:B3:62:D4:ED:7E:31:83:A4:14:8E:F0:20:26:5E:58:8E:BC:D5:A9
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       457DE77570989BDE36AE033E7E9C70D8EDA14942
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e332e302f32342d3234203d3e20313939363439.roa
Signing time:             Tue 31 Mar 2026 20:37:44 +0000
ROA not before:           Tue 31 Mar 2026 20:32:44 +0000
ROA not after:            Tue 30 Mar 2027 20:37:44 +0000
asID:                     199649
IP address blocks:        5.199.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:7d:e7:75:70:98:9b:de:36:ae:03:3e:7e:9c:70:d8:ed:a1:49:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Mar 31 20:32:44 2026 GMT
            Not After : Mar 30 20:37:44 2027 GMT
        Subject: CN=3DB362D4ED7E3183A4148EF020265E588EBCD5A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1b:8d:9f:e9:04:ad:86:38:37:27:21:88:ee:
                    28:bf:ec:fb:fc:b7:c2:60:72:a7:6a:f6:41:a7:33:
                    a2:cd:c7:8d:1b:a2:f5:7b:84:77:6b:e3:be:5d:fa:
                    1b:6b:d1:3b:b9:95:40:f6:c2:b7:8f:04:f7:69:5f:
                    84:c2:18:df:54:4d:ab:2b:ea:ce:58:73:15:f9:62:
                    99:1c:41:24:ed:78:a2:2e:8b:4c:a0:7e:53:88:1e:
                    c6:ec:65:6e:df:3b:1c:ca:43:3f:98:ca:8c:d2:71:
                    0b:1a:fa:76:11:7e:c3:36:e2:80:d6:6d:c7:78:ae:
                    05:b3:ba:b4:d6:5e:c7:14:c3:94:cd:40:ee:94:86:
                    f7:72:ca:9a:62:d0:e8:63:89:f6:12:91:d1:a4:dc:
                    4d:96:ed:a9:d6:dc:98:da:7a:c8:d5:cb:58:0d:54:
                    1d:57:a7:83:98:13:4b:49:1d:32:d5:b8:b9:f7:4f:
                    a0:ec:4e:b5:8d:37:db:36:65:f9:f6:21:47:41:34:
                    f8:04:61:58:f3:32:6a:a9:a4:c0:bf:12:02:df:0a:
                    25:59:e1:92:5c:aa:06:0f:5a:64:b7:bb:04:5b:d8:
                    2a:eb:ca:70:a8:17:51:96:9e:9f:a7:b4:c3:b5:2a:
                    28:1d:f7:26:42:bd:67:7d:73:65:6a:36:fb:52:c1:
                    b8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B3:62:D4:ED:7E:31:83:A4:14:8E:F0:20:26:5E:58:8E:BC:D5:A9
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e332e302f32342d3234203d3e20313939363439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:98:db:12:ca:70:d0:b9:e1:f5:a8:bb:06:be:06:4f:2c:0a:
         c8:c6:a9:07:68:82:9a:67:61:6a:db:d7:fb:b1:df:27:7c:a4:
         69:29:69:f2:c9:c6:2b:2e:65:c7:5e:07:08:8f:c8:7f:4b:5a:
         63:83:0b:7d:4b:72:c1:8b:20:ed:13:6c:bc:6a:0a:65:aa:ce:
         91:4a:4f:cc:ba:80:82:7d:16:13:f5:2d:7a:66:59:e0:7b:c1:
         b1:3a:9f:8f:0e:5e:da:dc:6a:55:dd:b0:5e:f2:28:ec:cb:94:
         dc:69:ad:f7:8e:98:5e:bf:44:33:3d:89:77:30:14:b3:c5:ce:
         be:31:46:33:d5:9b:31:d0:73:32:f2:17:f0:62:e5:ec:63:d7:
         e9:90:64:b7:fd:2f:5a:b0:8c:aa:bb:1f:1f:f4:26:aa:90:44:
         db:98:ce:11:b1:92:c9:77:99:94:20:f9:d5:7c:21:6a:5d:63:
         85:ba:49:47:e9:74:4e:53:8f:11:61:e2:46:1f:fd:b7:a0:c3:
         35:0c:e4:04:a8:16:f1:34:8b:e8:67:f0:c1:57:c7:63:8a:13:
         9d:6c:a6:69:67:d6:0c:21:58:7f:a1:61:6a:ce:aa:26:83:d4:
         dd:14:73:8c:30:6b:25:50:46:b4:f0:68:c0:30:f7:b2:bc:e5:
         73:7a:11:2b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURX3ndXCYm942rgM+fpxw2O2hSUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAzMzEyMDMyNDRaFw0yNzAzMzAyMDM3NDRaMDMxMTAvBgNV
BAMTKDNEQjM2MkQ0RUQ3RTMxODNBNDE0OEVGMDIwMjY1RTU4OEVCQ0Q1QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFG42f6QSthjg3JyGI7ii/7Pv8
t8Jgcqdq9kGnM6LNx40bovV7hHdr475d+htr0Tu5lUD2wrePBPdpX4TCGN9UTasr
6s5YcxX5YpkcQSTteKIui0ygflOIHsbsZW7fOxzKQz+YyozScQsa+nYRfsM24oDW
bcd4rgWzurTWXscUw5TNQO6Uhvdyyppi0OhjifYSkdGk3E2W7anW3JjaesjVy1gN
VB1Xp4OYE0tJHTLVuLn3T6DsTrWNN9s2Zfn2IUdBNPgEYVjzMmqppMC/EgLfCiVZ
4ZJcqgYPWmS3uwRb2CrrynCoF1GWnp+ntMO1Kigd9yZCvWd9c2VqNvtSwbifAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUPbNi1O1+MYOkFI7wICZeWI681akwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzMyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM5MzkzNjM0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAFxwMw
DQYJKoZIhvcNAQELBQADggEBAHqY2xLKcNC54fWouwa+Bk8sCsjGqQdogppnYWrb
1/ux3yd8pGkpafLJxisuZcdeBwiPyH9LWmODC31LcsGLIO0TbLxqCmWqzpFKT8y6
gIJ9FhP1LXpmWeB7wbE6n48OXtrcalXdsF7yKOzLlNxprfeOmF6/RDM9iXcwFLPF
zr4xRjPVmzHQczLyF/Bi5exj1+mQZLf9L1qwjKq7Hx/0JqqQRNuYzhGxksl3mZQg
+dV8IWpdY4W6SUfpdE5TjxFh4kYf/begwzUM5ASoFvE0i+hn8MFXx2OKE51spmln
1gwhWH+hYWrOqiaD1N0Uc4wwayVQRrTwaMAw97K85XN6ESs=
-----END CERTIFICATE-----