Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e34382e302f32312d3234203d3e20383334.roa
File:                     352e3139392e34382e302f32312d3234203d3e20383334.roa (raw, json)
Hash identifier:          dJlGeNTrok1pwRXRwHIVVrXciP/8MqKUzvkYM3vtzww=
Subject key identifier:   16:08:E1:42:EC:F7:31:BE:E9:F1:BE:CB:9D:67:ED:03:AC:6D:6F:C4
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       26CDEF3D78DA85CE4E7881164E50A48DF7A79725
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e34382e302f32312d3234203d3e20383334.roa
Signing time:             Wed 08 Apr 2026 06:41:53 +0000
ROA not before:           Wed 08 Apr 2026 06:36:53 +0000
ROA not after:            Wed 07 Apr 2027 06:41:53 +0000
asID:                     834
IP address blocks:        5.199.48.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 17:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:cd:ef:3d:78:da:85:ce:4e:78:81:16:4e:50:a4:8d:f7:a7:97:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Apr  8 06:36:53 2026 GMT
            Not After : Apr  7 06:41:53 2027 GMT
        Subject: CN=1608E142ECF731BEE9F1BECB9D67ED03AC6D6FC4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:61:6c:82:a6:ca:1c:a5:15:61:66:3e:00:e9:
                    6b:c1:64:94:76:f8:40:89:ee:e5:f6:09:73:02:06:
                    96:53:23:b3:f8:ac:c1:36:2a:ee:91:42:a9:99:6a:
                    63:fc:08:9e:81:7f:cb:78:6f:31:94:92:cd:fe:7f:
                    a9:bc:af:2a:e5:c5:36:4e:8e:8b:6f:81:88:2c:98:
                    cd:18:4d:0f:cb:c1:0b:ad:3b:33:00:99:7c:99:3d:
                    18:f4:c6:88:b3:ef:d8:a1:ea:94:81:06:84:af:f0:
                    1c:a9:71:94:4d:99:1e:ed:b5:ed:47:d8:1a:02:cc:
                    15:e8:1a:9d:55:05:ba:d7:43:7b:ff:63:13:20:bc:
                    9e:45:db:87:73:8d:ab:ae:cf:cb:93:36:9b:5d:4c:
                    37:86:b6:49:1d:f3:b3:96:21:1c:6d:1c:fa:e6:e3:
                    0b:7c:5f:ee:1b:7b:86:55:ed:b8:a4:6d:d0:32:02:
                    f1:b6:78:ed:09:e4:6d:94:db:d8:14:85:86:f9:4d:
                    14:89:cb:59:82:e2:0f:c5:c7:2f:c8:f7:6e:43:e4:
                    a2:d9:1f:6d:65:71:1f:fd:a4:04:f5:7f:26:24:73:
                    cd:4f:35:eb:4f:7a:cc:a5:ae:e6:46:f9:6d:8a:85:
                    b6:f8:9b:14:10:87:d9:02:ad:92:d0:40:31:d4:10:
                    d1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:08:E1:42:EC:F7:31:BE:E9:F1:BE:CB:9D:67:ED:03:AC:6D:6F:C4
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/352e3139392e34382e302f32312d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c1:0a:58:d7:81:b2:c0:05:d2:b8:1c:33:a3:c1:44:19:b2:3c:
         f6:95:af:aa:47:32:18:7d:fd:c8:15:96:42:3b:ed:21:17:cd:
         9b:2b:6c:a7:d6:a4:c6:22:e3:4f:2d:29:a2:2b:09:00:e3:26:
         2b:a2:a6:68:d8:66:41:c3:b8:28:7f:4e:6d:1b:3a:6e:f3:da:
         e0:7d:03:1c:07:bf:79:be:8c:7a:a0:14:00:dc:3c:df:9f:11:
         d3:8a:0f:30:23:99:ee:b8:30:54:d1:82:54:b1:0c:d7:54:bb:
         04:a6:33:8e:c0:57:0c:e0:c0:69:24:74:fb:01:f1:c2:f9:10:
         0e:0f:e4:d7:8c:98:ec:39:16:94:38:e5:af:f3:5b:fb:46:ed:
         b7:26:a6:39:32:50:55:50:a9:5a:27:df:64:a1:ea:7b:81:0d:
         34:ba:a1:6f:64:07:ab:46:ab:ce:c5:af:55:31:86:86:cd:33:
         f4:30:f4:50:23:f0:43:30:c1:ff:1b:58:28:b9:d1:41:c3:70:
         31:ec:bd:d0:75:8c:e2:f3:5d:66:e4:c5:d0:1e:8c:50:82:e9:
         d2:1b:f6:04:ec:22:62:8e:93:a0:57:20:21:3b:b4:41:fe:0f:
         34:11:8b:66:50:ed:01:fd:84:48:07:7d:de:fd:dc:8a:8a:4d:
         6a:3e:cd:db
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgIUJs3vPXjahc5OeIEWTlCkjfenlyUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjA0MDgwNjM2NTNaFw0yNzA0MDcwNjQxNTNaMDMxMTAvBgNV
BAMTKDE2MDhFMTQyRUNGNzMxQkVFOUYxQkVDQjlENjdFRDAzQUM2RDZGQzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSYWyCpsocpRVhZj4A6WvBZJR2
+ECJ7uX2CXMCBpZTI7P4rME2Ku6RQqmZamP8CJ6Bf8t4bzGUks3+f6m8ryrlxTZO
jotvgYgsmM0YTQ/LwQutOzMAmXyZPRj0xoiz79ih6pSBBoSv8BypcZRNmR7tte1H
2BoCzBXoGp1VBbrXQ3v/YxMgvJ5F24dzjauuz8uTNptdTDeGtkkd87OWIRxtHPrm
4wt8X+4be4ZV7bikbdAyAvG2eO0J5G2U29gUhYb5TRSJy1mC4g/Fxy/I925D5KLZ
H21lcR/9pAT1fyYkc81PNetPesylruZG+W2Khbb4mxQQh9kCrZLQQDHUENFpAgMB
AAGjggI1MIICMTAdBgNVHQ4EFgQUFgjhQuz3Mb7p8b7LnWftA6xtb8QwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgaUGCCsGAQUFBwELBIGYMIGVMIGSBggrBgEFBQcwC4aBhXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzUyZTMxMzkzOTJlMzQzODJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAwXHMDANBgkq
hkiG9w0BAQsFAAOCAQEAwQpY14GywAXSuBwzo8FEGbI89pWvqkcyGH39yBWWQjvt
IRfNmytsp9akxiLjTy0poisJAOMmK6KmaNhmQcO4KH9ObRs6bvPa4H0DHAe/eb6M
eqAUANw8358R04oPMCOZ7rgwVNGCVLEM11S7BKYzjsBXDODAaSR0+wHxwvkQDg/k
14yY7DkWlDjlr/Nb+0bttyamOTJQVVCpWiffZKHqe4ENNLqhb2QHq0arzsWvVTGG
hs0z9DD0UCPwQzDB/xtYKLnRQcNwMey90HWM4vNdZuTF0B6MUILp0hv2BOwiYo6T
oFcgITu0Qf4PNBGLZlDtAf2ESAd93v3ciopNaj7N2w==
-----END CERTIFICATE-----