Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e34342e302f32342d3234203d3e20323033303735.roa
File:                     352e3139392e34342e302f32342d3234203d3e20323033303735.roa (raw, json)
Hash identifier:          4E/kM9ImnL5GQyitZo8gZZwcUq21Q9pQ0BaSRBp7JJI=
Subject key identifier:   CB:15:0A:97:18:B1:1F:0B:DB:20:D4:B2:E0:05:98:68:07:D2:85:AD
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       473BCC278E707C57EA7CCAB50C70C210FF141DF1
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e34342e302f32342d3234203d3e20323033303735.roa
Signing time:             Fri 06 Feb 2026 04:11:53 +0000
ROA not before:           Fri 06 Feb 2026 04:06:53 +0000
ROA not after:            Fri 05 Feb 2027 04:11:53 +0000
asID:                     203075
IP address blocks:        5.199.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:3b:cc:27:8e:70:7c:57:ea:7c:ca:b5:0c:70:c2:10:ff:14:1d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb  6 04:06:53 2026 GMT
            Not After : Feb  5 04:11:53 2027 GMT
        Subject: CN=CB150A9718B11F0BDB20D4B2E005986807D285AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e9:d8:0c:6f:35:9f:47:9b:19:a6:1e:a3:dc:
                    b2:31:cd:00:49:a9:78:23:cf:af:9f:de:b0:98:58:
                    21:8c:85:07:3b:34:c9:77:8b:21:dc:b5:33:bb:78:
                    ca:d2:7b:c5:72:20:18:e9:0b:d1:b5:6c:bd:53:aa:
                    b7:01:1a:44:99:61:89:c2:80:36:e5:25:cf:41:18:
                    f9:09:63:73:63:8b:3b:3a:ce:c8:f9:05:fe:8b:c5:
                    0a:30:40:ac:a5:41:d4:ad:20:7f:96:af:9c:99:ec:
                    90:a2:f6:93:6f:70:86:c4:36:35:aa:c6:e1:c6:9b:
                    9c:dc:0e:c0:b6:01:0f:db:d8:1d:fc:20:06:1e:3f:
                    98:28:fc:19:d1:f8:00:c2:36:39:35:10:f4:ee:d7:
                    1a:33:79:76:cf:8b:3d:a1:3a:43:5e:9e:c8:17:61:
                    9a:c6:f7:3e:5b:e2:6d:36:12:03:28:ac:c2:de:21:
                    ca:d9:5e:cf:6f:86:7a:cb:9e:64:87:a1:e8:33:b0:
                    a7:8a:a9:b5:91:d2:f9:85:47:89:41:26:cf:5a:ef:
                    42:f9:89:83:35:41:d6:73:34:8c:7c:40:a5:a9:02:
                    7c:ec:a7:5d:a4:20:70:43:db:c3:34:56:b0:43:e6:
                    e0:05:11:30:84:ea:27:31:04:4d:e8:5d:a7:7c:1d:
                    9c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:15:0A:97:18:B1:1F:0B:DB:20:D4:B2:E0:05:98:68:07:D2:85:AD
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e34342e302f32342d3234203d3e20323033303735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:a3:35:9b:dc:f0:41:0d:ad:cb:c6:fe:84:11:22:bf:04:03:
         2c:18:b8:cd:03:97:91:df:4a:b8:a9:2b:66:3a:fb:78:86:92:
         63:7e:0a:d4:c8:00:a9:0a:e1:1a:f8:62:7d:9e:f4:07:19:b1:
         11:97:ec:21:b5:bc:5a:da:83:2e:86:d7:62:92:4d:d8:d4:40:
         ff:fa:a1:66:ca:aa:68:2e:c8:9d:5d:35:30:ab:bc:da:a0:d8:
         c5:c9:c9:99:dd:48:1e:2d:eb:39:7b:06:3d:af:8d:31:64:ee:
         0e:e3:d2:dd:f1:01:ad:96:16:bc:8d:34:a7:fe:50:e7:fd:fb:
         9c:db:48:c2:41:40:0b:06:c4:b5:a9:fc:1f:e3:4f:08:a2:53:
         34:12:8f:ab:56:f1:e8:41:7a:13:bd:a7:44:ba:18:fb:1e:bb:
         0c:34:ec:de:ce:95:9d:ee:55:e9:b2:98:05:db:ce:61:7c:b1:
         bb:2a:2d:86:95:e2:15:5b:4a:78:96:29:9b:41:97:3d:91:a5:
         54:d2:79:fa:69:93:3b:65:fe:ee:45:e7:da:e7:78:07:a3:d5:
         47:af:2d:85:27:5f:35:59:41:5c:c5:7c:cb:04:c6:79:72:33:
         f5:01:b7:d4:f9:4d:51:bf:ce:99:35:91:a5:d3:ec:27:f8:6b:
         a1:4a:35:53
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURzvMJ45wfFfqfMq1DHDCEP8UHfEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMDYwNDA2NTNaFw0yNzAyMDUwNDExNTNaMDMxMTAvBgNV
BAMTKENCMTUwQTk3MThCMTFGMEJEQjIwRDRCMkUwMDU5ODY4MDdEMjg1QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH6dgMbzWfR5sZph6j3LIxzQBJ
qXgjz6+f3rCYWCGMhQc7NMl3iyHctTO7eMrSe8VyIBjpC9G1bL1TqrcBGkSZYYnC
gDblJc9BGPkJY3Njizs6zsj5Bf6LxQowQKylQdStIH+Wr5yZ7JCi9pNvcIbENjWq
xuHGm5zcDsC2AQ/b2B38IAYeP5go/BnR+ADCNjk1EPTu1xozeXbPiz2hOkNensgX
YZrG9z5b4m02EgMorMLeIcrZXs9vhnrLnmSHoegzsKeKqbWR0vmFR4lBJs9a70L5
iYM1QdZzNIx8QKWpAnzsp12kIHBD28M0VrBD5uAFETCE6icxBE3oXad8HZzDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyxUKlxixHwvbINSy4AWYaAfSha0wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzQzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMzMwMzczNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAXH
LDANBgkqhkiG9w0BAQsFAAOCAQEABKM1m9zwQQ2ty8b+hBEivwQDLBi4zQOXkd9K
uKkrZjr7eIaSY34K1MgAqQrhGvhifZ70BxmxEZfsIbW8WtqDLobXYpJN2NRA//qh
ZsqqaC7InV01MKu82qDYxcnJmd1IHi3rOXsGPa+NMWTuDuPS3fEBrZYWvI00p/5Q
5/37nNtIwkFACwbEtan8H+NPCKJTNBKPq1bx6EF6E72nRLoY+x67DDTs3s6Vne5V
6bKYBdvOYXyxuyothpXiFVtKeJYpm0GXPZGlVNJ5+mmTO2X+7kXn2ud4B6PVR68t
hSdfNVlBXMV8ywTGeXIz9QG31PlNUb/OmTWRpdPsJ/hroUo1Uw==
-----END CERTIFICATE-----