Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33322e302f32312d3234203d3e20383334.roa
File:                     352e3139392e33322e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          y3UUMIBbu4Rt1HamHhDvTDPcVXgsnq2K8dgFuUnA0rQ=
Subject key identifier:   E5:85:6E:50:D4:45:6E:5E:62:DE:F9:56:F6:D0:0F:94:C9:59:2B:94
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       14BF5679E131D0FA69D0A4A8149CF3DDD5E0F372
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33322e302f32312d3234203d3e20383334.roa
Signing time:             Tue 07 Apr 2026 19:10:56 +0000
ROA not before:           Tue 07 Apr 2026 19:05:56 +0000
ROA not after:            Tue 06 Apr 2027 19:10:56 +0000
asID:                     834
IP address blocks:        5.199.32.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:bf:56:79:e1:31:d0:fa:69:d0:a4:a8:14:9c:f3:dd:d5:e0:f3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  7 19:05:56 2026 GMT
            Not After : Apr  6 19:10:56 2027 GMT
        Subject: CN=E5856E50D4456E5E62DEF956F6D00F94C9592B94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bd:72:b5:55:19:26:7f:04:89:2e:a4:95:2a:
                    03:de:c2:57:0a:24:38:3a:09:c5:84:21:46:ed:a4:
                    24:f1:fd:13:2e:03:3c:6e:41:e0:8a:a1:cf:fb:36:
                    d7:aa:59:35:fc:ec:25:cf:a8:66:10:9a:61:85:ed:
                    10:e9:3a:6c:df:af:00:36:6e:d5:01:b8:dd:70:48:
                    d0:13:73:86:a1:64:c0:2c:b1:87:1d:48:3a:9c:26:
                    cc:83:6f:ea:76:e0:c8:c3:bc:5a:5f:cb:ad:ad:4c:
                    8c:f4:28:df:b5:83:0b:7f:4b:f1:38:5f:73:d4:40:
                    47:15:49:84:02:85:2a:ac:15:bf:36:66:94:83:ee:
                    ab:7e:87:2b:8a:9d:16:4c:77:b0:47:68:e3:8d:cd:
                    dd:68:ae:02:16:01:c7:69:41:41:25:06:73:27:70:
                    a6:ae:ff:95:8e:0f:b2:09:0d:bc:38:a4:5c:56:b1:
                    85:08:e9:69:54:0d:3a:74:c7:7a:f3:b2:3d:65:2f:
                    97:78:41:fe:31:54:65:14:c8:80:5d:13:6a:1b:fa:
                    64:e7:20:0e:7b:37:25:6b:8f:ed:e2:1a:00:0d:b9:
                    85:02:8f:f0:80:65:64:9c:81:be:46:3d:16:41:e1:
                    34:39:4d:e4:fb:b2:25:af:f3:1e:f5:0d:f0:11:99:
                    97:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:85:6E:50:D4:45:6E:5E:62:DE:F9:56:F6:D0:0F:94:C9:59:2B:94
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e33322e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:48:46:cb:b3:ec:27:b8:29:2a:5d:ad:17:b9:24:64:54:ef:
         cd:ce:cf:6a:37:c9:25:2f:5c:82:a7:d8:24:40:93:7d:70:cf:
         8a:68:0c:6d:05:d1:15:ff:1d:ed:c5:67:ea:38:96:86:de:95:
         6a:5f:97:b1:36:87:bf:32:d7:30:f3:c0:18:b8:fd:5a:66:69:
         04:a5:76:24:66:ca:9e:07:1c:fd:f6:08:e8:29:36:40:e6:a4:
         05:37:10:cc:ef:df:c8:a8:66:53:37:86:d6:05:68:c9:4c:7e:
         96:c0:3c:c1:03:8e:48:10:6f:01:51:b7:fd:bd:f9:e8:eb:1a:
         7a:64:3b:01:99:6c:b7:73:bb:94:7f:11:f3:6d:d9:c0:e1:25:
         a6:a8:fd:8c:de:a9:5b:6c:f4:59:76:9a:5f:15:05:f8:27:78:
         bf:5e:ad:d5:03:a9:d7:cc:96:8b:d1:de:98:01:48:07:e7:ab:
         64:c0:a2:b1:cc:83:b5:0a:40:61:45:ea:f1:8f:e5:98:f3:94:
         82:55:7a:25:79:89:ed:07:13:5c:dd:60:aa:89:e4:02:2a:28:
         01:b3:bb:1e:71:a9:33:a6:34:f3:c4:07:c2:3d:b1:f1:30:a2:
         85:42:ca:4e:40:1c:34:56:a0:fc:4f:a1:82:b1:a7:69:c8:9a:
         f3:96:2e:d3
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUFL9WeeEx0Ppp0KSoFJzz3dXg83IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDcxOTA1NTZaFw0yNzA0MDYxOTEwNTZaMDMxMTAvBgNV
BAMTKEU1ODU2RTUwRDQ0NTZFNUU2MkRFRjk1NkY2RDAwRjk0Qzk1OTJCOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVvXK1VRkmfwSJLqSVKgPewlcK
JDg6CcWEIUbtpCTx/RMuAzxuQeCKoc/7NteqWTX87CXPqGYQmmGF7RDpOmzfrwA2
btUBuN1wSNATc4ahZMAssYcdSDqcJsyDb+p24MjDvFpfy62tTIz0KN+1gwt/S/E4
X3PUQEcVSYQChSqsFb82ZpSD7qt+hyuKnRZMd7BHaOONzd1orgIWAcdpQUElBnMn
cKau/5WOD7IJDbw4pFxWsYUI6WlUDTp0x3rzsj1lL5d4Qf4xVGUUyIBdE2ob+mTn
IA57NyVrj+3iGgANuYUCj/CAZWScgb5GPRZB4TQ5TeT7siWv8x71DfARmZchAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQU5YVuUNRFbl5i3vlW9tAPlMlZK5QwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzMzMjJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAwXHIDANBgkq
hkiG9w0BAQsFAAOCAQEAnEhGy7PsJ7gpKl2tF7kkZFTvzc7PajfJJS9cgqfYJECT
fXDPimgMbQXRFf8d7cVn6jiWht6Val+XsTaHvzLXMPPAGLj9WmZpBKV2JGbKngcc
/fYI6Ck2QOakBTcQzO/fyKhmUzeG1gVoyUx+lsA8wQOOSBBvAVG3/b356OsaemQ7
AZlst3O7lH8R823ZwOElpqj9jN6pW2z0WXaaXxUF+Cd4v16t1QOp18yWi9HemAFI
B+erZMCiscyDtQpAYUXq8Y/lmPOUglV6JXmJ7QcTXN1gqonkAiooAbO7HnGpM6Y0
88QHwj2x8TCihULKTkAcNFag/E+hgrGnacia85Yu0w==
-----END CERTIFICATE-----