Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa
File:                     34352e3134382e3134322e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          W4iW8uqu4EjiNigQJZWfrFiYlO5PWOh5dMaeipnC2SY=
Subject key identifier:   E2:00:3B:9C:27:8C:9F:9D:76:50:8B:66:0D:CE:BC:6A:B8:39:95:E9
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       2B6FAC20C7AC03ED7677B667706240B2D3FC04C5
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa
Signing time:             Tue 24 Feb 2026 17:46:24 +0000
ROA not before:           Tue 24 Feb 2026 17:41:24 +0000
ROA not after:            Tue 23 Feb 2027 17:46:24 +0000
asID:                     5065
IP address blocks:        45.148.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:27:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:6f:ac:20:c7:ac:03:ed:76:77:b6:67:70:62:40:b2:d3:fc:04:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Feb 24 17:41:24 2026 GMT
            Not After : Feb 23 17:46:24 2027 GMT
        Subject: CN=E2003B9C278C9F9D76508B660DCEBC6AB83995E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4d:ba:d7:0a:f1:dd:09:6a:ab:dd:26:27:af:
                    8e:49:af:62:7d:60:41:3c:6a:4a:47:d0:cf:6c:74:
                    d7:1c:d7:f3:50:8c:bd:3a:b8:5f:c8:b4:3c:2a:23:
                    f9:06:7b:6d:50:30:c5:0d:3e:27:6c:98:02:a4:0a:
                    cb:17:5d:e4:50:94:be:48:65:61:e0:41:2f:f7:9c:
                    83:ab:7f:3f:3b:2d:56:80:e1:51:cc:34:02:cd:7d:
                    53:fc:32:71:b1:7f:a2:bf:4f:9f:07:0e:8d:48:6e:
                    70:50:66:43:d3:05:6a:cc:4a:c7:1d:62:04:d2:4d:
                    d2:01:85:ea:9c:7b:35:50:f1:77:62:11:1f:a1:08:
                    43:c2:46:d8:53:2e:63:52:42:b9:e8:58:3c:4f:4d:
                    07:8e:32:e5:a9:92:ff:d8:16:37:61:1a:00:fc:b3:
                    ae:8b:0c:1e:01:8d:b0:c2:a2:8f:5f:55:e7:cd:a3:
                    83:cc:43:3a:86:44:8d:76:03:5b:6b:52:fe:1e:3d:
                    47:28:83:91:00:b1:08:e7:b1:10:80:15:b0:39:31:
                    c2:79:94:e1:6a:87:66:eb:5f:68:62:a4:db:a9:ea:
                    58:bf:72:65:a1:0c:84:3e:4d:ca:67:f5:04:0f:9e:
                    06:3c:85:f3:3b:6a:6f:b8:57:5a:74:81:e2:29:98:
                    a8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:00:3B:9C:27:8C:9F:9D:76:50:8B:66:0D:CE:BC:6A:B8:39:95:E9
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/34352e3134382e3134322e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:a9:56:d4:81:9b:06:e8:f8:ea:45:d3:26:75:f1:3b:69:e5:
         a3:5f:cb:9d:e6:31:e7:3c:cf:67:f8:83:13:2d:e9:18:20:65:
         0c:1c:25:b5:4b:32:94:6b:6e:d6:ac:2a:ea:5a:9f:e3:7c:b1:
         fd:09:f8:32:d0:3b:f6:54:ef:71:f5:95:68:32:4b:f7:fc:a5:
         92:5c:aa:21:a7:33:20:b6:11:10:8e:e2:d6:04:a9:ef:9d:30:
         46:61:26:8f:c1:b7:cf:6f:7e:a5:c6:61:69:2f:8a:0d:c1:86:
         74:7b:b5:99:88:68:36:d4:34:10:e3:d0:da:f8:f2:ec:1f:be:
         85:04:4c:ac:54:4e:7b:40:fa:de:03:86:8d:06:d8:00:c5:1a:
         7f:81:e9:29:4e:b2:c0:32:38:02:81:dd:90:ee:b6:f8:36:a4:
         52:c3:00:59:a2:4e:db:0e:1a:a9:7c:14:f2:91:06:a8:91:c4:
         1b:48:50:c9:f9:33:3b:30:19:42:9e:72:84:10:74:dc:b6:95:
         14:d4:00:6f:ae:17:58:d5:05:90:32:b1:5c:86:e8:54:17:fc:
         ce:34:7e:e9:fa:54:3b:53:e2:e5:df:ef:15:77:e6:6a:e2:1f:
         a2:63:ef:84:a4:88:72:98:a4:7e:e7:6e:96:1a:5b:a7:7d:a1:
         bc:cc:e2:39
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK2+sIMesA+12d7ZncGJAstP8BMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNjAyMjQxNzQxMjRaFw0yNzAyMjMxNzQ2MjRaMDMxMTAvBgNV
BAMTKEUyMDAzQjlDMjc4QzlGOUQ3NjUwOEI2NjBEQ0VCQzZBQjgzOTk1RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/TbrXCvHdCWqr3SYnr45Jr2J9
YEE8akpH0M9sdNcc1/NQjL06uF/ItDwqI/kGe21QMMUNPidsmAKkCssXXeRQlL5I
ZWHgQS/3nIOrfz87LVaA4VHMNALNfVP8MnGxf6K/T58HDo1IbnBQZkPTBWrMSscd
YgTSTdIBheqcezVQ8XdiER+hCEPCRthTLmNSQrnoWDxPTQeOMuWpkv/YFjdhGgD8
s66LDB4BjbDCoo9fVefNo4PMQzqGRI12A1trUv4ePUcog5EAsQjnsRCAFbA5McJ5
lOFqh2brX2hipNup6li/cmWhDIQ+Tcpn9QQPngY8hfM7am+4V1p0geIpmKh/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU4gA7nCeMn512UItmDc68arg5lekwHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzQzNTJlMzEzNDM4MmUzMTM0
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2U
jjANBgkqhkiG9w0BAQsFAAOCAQEAsqlW1IGbBuj46kXTJnXxO2nlo1/LneYx5zzP
Z/iDEy3pGCBlDBwltUsylGtu1qwq6lqf43yx/Qn4MtA79lTvcfWVaDJL9/ylklyq
IaczILYREI7i1gSp750wRmEmj8G3z29+pcZhaS+KDcGGdHu1mYhoNtQ0EOPQ2vjy
7B++hQRMrFROe0D63gOGjQbYAMUaf4HpKU6ywDI4AoHdkO62+DakUsMAWaJO2w4a
qXwU8pEGqJHEG0hQyfkzOzAZQp5yhBB03LaVFNQAb64XWNUFkDKxXIboVBf8zjR+
6fpUO1Pi5d/vFXfmauIfomPvhKSIcpikfudulhpbp32hvMziOQ==
-----END CERTIFICATE-----