Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136342e302f32322d3232203d3e2033333230.roa
File:                     3132382e36352e3136342e302f32322d3232203d3e2033333230.roa (raw, json)
Hash identifier:          MdPKw7OONGYXcOZWO/o2hEi1vtA1V+k+wu8N5c3I5aE=
Subject key identifier:   04:07:F0:7E:6B:25:20:53:BF:65:ED:05:39:86:AE:C6:6C:4B:F2:18
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       1E005FEC7DCACBEAFA5FD0C10D1C68264C7D4C1B
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136342e302f32322d3232203d3e2033333230.roa
Signing time:             Tue 24 Feb 2026 06:55:40 +0000
ROA not before:           Tue 24 Feb 2026 06:50:40 +0000
ROA not after:            Tue 23 Feb 2027 06:55:40 +0000
asID:                     3320
IP address blocks:        128.65.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:00:5f:ec:7d:ca:cb:ea:fa:5f:d0:c1:0d:1c:68:26:4c:7d:4c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb 24 06:50:40 2026 GMT
            Not After : Feb 23 06:55:40 2027 GMT
        Subject: CN=0407F07E6B252053BF65ED053986AEC66C4BF218
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c0:fb:aa:61:10:38:fc:ec:cb:40:fb:c2:3b:
                    96:0a:17:11:82:64:8b:94:3d:ef:68:fb:ed:68:b7:
                    59:9f:1b:28:60:eb:d7:f6:d0:22:c7:87:16:78:79:
                    f2:66:f0:30:16:ff:79:f5:9f:14:69:90:ec:bf:d6:
                    3c:29:ce:e0:41:58:c1:67:36:95:d1:60:01:2f:b3:
                    d9:ac:63:c9:54:0c:8d:85:f4:6f:13:1b:ac:ca:70:
                    b8:3f:e0:f8:b4:58:11:e7:1f:10:55:04:1e:6b:86:
                    66:04:ca:2d:2f:41:f6:9a:3d:87:4c:48:76:1e:32:
                    b8:12:e0:19:29:ee:f9:54:a8:98:66:ae:6b:43:13:
                    ac:6b:5d:48:50:7b:c2:47:28:82:66:2b:05:63:2a:
                    b9:bb:a4:74:58:da:88:8b:a0:0a:8c:07:fe:99:47:
                    3f:06:0e:f4:81:ff:53:33:a1:66:59:ec:81:1c:41:
                    de:22:a9:ac:fe:e9:07:8f:dd:09:1e:3b:c0:ea:99:
                    74:8c:aa:8a:00:05:9c:e7:24:7a:ae:f1:b7:8e:13:
                    19:57:59:dc:8b:0a:41:66:a2:f0:59:7e:9b:d1:7e:
                    aa:9a:fd:c1:56:d2:43:3c:f4:b2:00:6f:b7:73:80:
                    aa:67:eb:70:2b:9c:86:06:b6:c3:52:6e:2a:e5:0f:
                    62:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:07:F0:7E:6B:25:20:53:BF:65:ED:05:39:86:AE:C6:6C:4B:F2:18
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3132382e36352e3136342e302f32322d3232203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:0a:d7:f5:01:ae:e3:00:85:63:e2:65:2f:fb:76:ab:03:0b:
         a1:b2:65:76:70:90:76:f0:83:c6:fe:17:65:f9:e9:c4:78:83:
         1a:db:da:80:cf:fe:ba:74:a8:45:33:c0:b7:72:0b:0d:11:73:
         9b:c2:f7:c8:9e:1f:79:ea:29:4f:59:f8:77:8f:c7:81:63:47:
         68:63:ab:e8:a6:ba:8d:43:4d:a5:b1:6c:fb:dc:c7:66:7d:39:
         24:17:62:54:92:43:a1:50:73:20:13:b6:92:8e:8f:5a:7b:7f:
         09:36:ea:c1:c6:f3:58:f4:b4:da:70:4a:e6:d9:4e:2e:22:f5:
         3c:60:69:f5:d1:a9:48:63:5b:85:46:b7:f6:f3:73:aa:d9:1d:
         ae:26:8a:17:33:ea:d7:2d:f3:27:48:8a:d5:f7:94:c5:ef:4b:
         6f:d9:92:93:44:7b:58:4a:71:fc:75:62:af:99:b6:7b:08:21:
         3c:17:b9:e8:7f:00:8e:12:5c:68:f6:cf:74:c6:95:e5:7e:04:
         74:4d:64:1d:a4:a4:c0:06:7e:2e:7f:3f:b6:0d:f7:f0:5e:fc:
         c9:88:ab:97:39:26:ee:d4:32:19:58:59:ea:e0:42:26:03:e2:
         26:86:27:0c:1a:8d:fe:9b:7b:0e:41:ac:bc:14:14:57:26:40:
         a3:6d:3f:f2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHgBf7H3Ky+r6X9DBDRxoJkx9TBswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMjQwNjUwNDBaFw0yNzAyMjMwNjU1NDBaMDMxMTAvBgNV
BAMTKDA0MDdGMDdFNkIyNTIwNTNCRjY1RUQwNTM5ODZBRUM2NkM0QkYyMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfwPuqYRA4/OzLQPvCO5YKFxGC
ZIuUPe9o++1ot1mfGyhg69f20CLHhxZ4efJm8DAW/3n1nxRpkOy/1jwpzuBBWMFn
NpXRYAEvs9msY8lUDI2F9G8TG6zKcLg/4Pi0WBHnHxBVBB5rhmYEyi0vQfaaPYdM
SHYeMrgS4Bkp7vlUqJhmrmtDE6xrXUhQe8JHKIJmKwVjKrm7pHRY2oiLoAqMB/6Z
Rz8GDvSB/1MzoWZZ7IEcQd4iqaz+6QeP3QkeO8DqmXSMqooABZznJHqu8beOExlX
WdyLCkFmovBZfpvRfqqa/cFW0kM89LIAb7dzgKpn63ArnIYGtsNSbirlD2LFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBAfwfmslIFO/Ze0FOYauxmxL8hgwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzMjM4MmUzNjM1MmUzMTM2
MzQyZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAoBB
pDANBgkqhkiG9w0BAQsFAAOCAQEAFwrX9QGu4wCFY+JlL/t2qwMLobJldnCQdvCD
xv4XZfnpxHiDGtvagM/+unSoRTPAt3ILDRFzm8L3yJ4feeopT1n4d4/HgWNHaGOr
6Ka6jUNNpbFs+9zHZn05JBdiVJJDoVBzIBO2ko6PWnt/CTbqwcbzWPS02nBK5tlO
LiL1PGBp9dGpSGNbhUa39vNzqtkdriaKFzPq1y3zJ0iK1feUxe9Lb9mSk0R7WEpx
/HVir5m2ewghPBe56H8AjhJcaPbPdMaV5X4EdE1kHaSkwAZ+Ln8/tg338F78yYir
lzkm7tQyGVhZ6uBCJgPiJoYnDBqN/pt7DkGsvBQUVyZAo20/8g==
-----END CERTIFICATE-----