Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20323136303232.roa
File:                     34352e382e3231372e302f32342d3234203d3e20323136303232.roa (raw, json)
Hash identifier:          hhXc/MDi5B7M4hlHOjLVsLkGzhKvVMLy6aW3Y+PG9Lw=
Subject key identifier:   B2:A3:25:B7:5D:68:8A:0A:E9:96:FF:B7:CD:73:4D:AB:BA:59:AA:B6
Certificate issuer:       /CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
Certificate serial:       7C9D3598580B8AEEDA9BA56E2B13302C9D419263
Authority key identifier: A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20323136303232.roa
Signing time:             Thu 19 Feb 2026 10:56:13 +0000
ROA not before:           Thu 19 Feb 2026 10:51:13 +0000
ROA not after:            Thu 18 Feb 2027 10:56:13 +0000
asID:                     216022
IP address blocks:        45.8.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:9d:35:98:58:0b:8a:ee:da:9b:a5:6e:2b:13:30:2c:9d:41:92:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9420e6c6f24b0e422da7fe7e420ef50354f45c6
        Validity
            Not Before: Feb 19 10:51:13 2026 GMT
            Not After : Feb 18 10:56:13 2027 GMT
        Subject: CN=B2A325B75D688A0AE996FFB7CD734DABBA59AAB6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:af:15:90:cc:7d:66:7b:c5:99:e8:e3:0d:ef:
                    c3:be:e7:97:83:7e:8d:81:e8:28:39:cb:f1:52:66:
                    fa:f6:6d:3f:e1:f8:aa:ba:a8:d2:be:9d:cb:34:61:
                    80:10:c1:d0:13:49:6a:07:68:25:ba:1d:b7:62:64:
                    46:81:bb:77:b5:b6:43:bb:a1:74:ab:7f:90:78:6e:
                    17:da:fb:c8:d7:53:c8:b4:a1:0c:5a:fd:b2:a1:12:
                    33:96:54:84:a6:93:07:34:7a:23:2b:d1:4a:eb:5a:
                    a4:9d:6a:f9:38:87:06:89:12:bd:d5:80:3a:71:9e:
                    44:23:d2:7c:3c:9e:a7:b6:e6:ee:c3:c7:da:ec:e7:
                    9f:f5:58:67:ed:a3:eb:e6:ba:8a:f9:bb:bc:ad:6b:
                    1f:1a:f6:12:f3:cd:97:56:6b:85:95:9f:22:dc:8d:
                    bd:23:e3:5c:35:71:12:e3:29:34:b9:b1:10:84:b6:
                    1a:23:22:c3:c5:18:99:7f:f4:fd:1a:84:20:00:13:
                    0b:43:cb:aa:84:4a:28:a3:2e:77:b0:53:3d:42:54:
                    c6:b7:61:12:7b:d2:b6:87:01:57:cd:a2:4e:4c:1a:
                    a3:c2:21:35:51:cc:b4:59:e0:fa:32:6a:4f:53:9d:
                    19:20:77:64:ff:c8:0e:bd:57:79:3a:98:9f:ed:d2:
                    9b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:A3:25:B7:5D:68:8A:0A:E9:96:FF:B7:CD:73:4D:AB:BA:59:AA:B6
            X509v3 Authority Key Identifier:
                keyid:A9:42:0E:6C:6F:24:B0:E4:22:DA:7F:E7:E4:20:EF:50:35:4F:45:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/A9420E6C6F24B0E422DA7FE7E420EF50354F45C6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qUIObG8ksOQi2n_n5CDvUDVPRcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1f9823d0-0855-41f2-ac46-59a2e98da736/1/34352e382e3231372e302f32342d3234203d3e20323136303232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:41:04:65:c3:e2:8d:45:3e:0d:86:54:7c:ec:54:35:f0:a9:
         42:fa:56:29:22:65:0b:f5:80:59:69:71:5d:97:e9:22:37:ef:
         6d:fe:98:5d:e9:86:fe:09:95:20:5b:36:59:8b:f0:cc:ff:18:
         f1:23:03:49:2c:5a:78:6a:e7:ad:4c:b8:d5:2d:bf:1d:ff:f1:
         25:0d:cc:9b:68:ab:4f:ae:cc:e7:83:98:21:b8:c7:cf:e5:d0:
         d9:14:3f:95:a5:2c:b3:46:a1:2c:1f:b4:ef:5e:e2:e2:ba:3c:
         73:04:33:9f:3c:cc:e8:da:a8:3a:4c:ba:c1:f1:08:ec:f5:4a:
         89:de:0c:0a:52:dc:11:ba:dc:b3:2d:bd:e1:e1:e8:f9:32:6a:
         21:b1:59:ba:24:58:94:b4:3f:df:34:31:f6:c8:27:8a:42:5b:
         84:26:b9:a3:80:8e:11:e9:d0:ef:13:99:b9:84:54:42:b5:c0:
         44:da:4c:ce:c9:55:0c:44:2b:0d:83:86:58:e8:ff:0b:61:b7:
         b2:19:03:7b:54:54:9c:87:cc:24:a1:b2:6f:a7:51:7f:4c:c2:
         7b:70:35:c7:b5:f5:89:38:74:fe:7c:b9:89:5d:b0:23:db:50:
         fb:ad:b5:4e:4f:2e:b0:b3:6e:f0:7e:13:b0:b6:45:9b:35:b3:
         63:00:29:54
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfJ01mFgLiu7am6VuKxMwLJ1BkmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTk0MjBlNmM2ZjI0YjBlNDIyZGE3ZmU3ZTQyMGVmNTAz
NTRmNDVjNjAeFw0yNjAyMTkxMDUxMTNaFw0yNzAyMTgxMDU2MTNaMDMxMTAvBgNV
BAMTKEIyQTMyNUI3NUQ2ODhBMEFFOTk2RkZCN0NENzM0REFCQkE1OUFBQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcrxWQzH1me8WZ6OMN78O+55eD
fo2B6Cg5y/FSZvr2bT/h+Kq6qNK+ncs0YYAQwdATSWoHaCW6HbdiZEaBu3e1tkO7
oXSrf5B4bhfa+8jXU8i0oQxa/bKhEjOWVISmkwc0eiMr0UrrWqSdavk4hwaJEr3V
gDpxnkQj0nw8nqe25u7Dx9rs55/1WGfto+vmuor5u7ytax8a9hLzzZdWa4WVnyLc
jb0j41w1cRLjKTS5sRCEthojIsPFGJl/9P0ahCAAEwtDy6qESiijLnewUz1CVMa3
YRJ70raHAVfNok5MGqPCITVRzLRZ4Poyak9TnRkgd2T/yA69V3k6mJ/t0puhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUsqMlt11oigrplv+3zXNNq7pZqrYwHwYDVR0j
BBgwFoAUqUIObG8ksOQi2n/n5CDvUDVPRcYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAtMDg1NS00MWYyLWFjNDYtNTlhMmU5OGRh
NzM2LzEvQTk0MjBFNkM2RjI0QjBFNDIyREE3RkU3RTQyMEVGNTAzNTRGNDVDNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FVSU9iRzhrc09RaTJuX241Q0R2VURW
UFJjWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWY5ODIzZDAt
MDg1NS00MWYyLWFjNDYtNTlhMmU5OGRhNzM2LzEvMzQzNTJlMzgyZTMyMzEzNzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNjMwMzIzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
2TANBgkqhkiG9w0BAQsFAAOCAQEAL0EEZcPijUU+DYZUfOxUNfCpQvpWKSJlC/WA
WWlxXZfpIjfvbf6YXemG/gmVIFs2WYvwzP8Y8SMDSSxaeGrnrUy41S2/Hf/xJQ3M
m2irT67M54OYIbjHz+XQ2RQ/laUss0ahLB+0717i4ro8cwQznzzM6NqoOky6wfEI
7PVKid4MClLcEbrcsy294eHo+TJqIbFZuiRYlLQ/3zQx9sgnikJbhCa5o4COEenQ
7xOZuYRUQrXARNpMzslVDEQrDYOGWOj/C2G3shkDe1RUnIfMJKGyb6dRf0zCe3A1
x7X1iTh0/ny5iV2wI9tQ+621Tk8usLNu8H4TsLZFmzWzYwApVA==
-----END CERTIFICATE-----