Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3231322e34372e33362e302f32342d3234203d3e2039333138.roa
File:                     3231322e34372e33362e302f32342d3234203d3e2039333138.roa (raw, json)
Hash identifier:          ZVXQWb7gEfqAkq16Ky0ZSqFCIZ2vC/M8/7YAMrFhXy0=
Subject key identifier:   0F:1E:1D:B0:B3:0C:B1:E6:44:2D:EB:BB:FE:F1:FA:91:05:2B:B6:E5
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       08B23E9F1F74A49E7D60085BA6F013FC7BC07714
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3231322e34372e33362e302f32342d3234203d3e2039333138.roa
Signing time:             Wed 04 Feb 2026 13:39:22 +0000
ROA not before:           Wed 04 Feb 2026 13:34:22 +0000
ROA not after:            Wed 03 Feb 2027 13:39:22 +0000
asID:                     9318
IP address blocks:        212.47.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:b2:3e:9f:1f:74:a4:9e:7d:60:08:5b:a6:f0:13:fc:7b:c0:77:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb  4 13:34:22 2026 GMT
            Not After : Feb  3 13:39:22 2027 GMT
        Subject: CN=0F1E1DB0B30CB1E6442DEBBBFEF1FA91052BB6E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ad:f9:18:43:24:b2:6e:b3:02:8a:af:5b:02:
                    47:05:f5:cf:58:69:2f:b7:74:8f:48:29:dd:73:44:
                    a8:e1:08:ab:f8:01:0e:fc:60:b8:12:5c:5d:65:9b:
                    9d:e1:3f:3b:7d:e5:eb:b5:a5:5d:6e:c0:0e:c4:04:
                    66:11:cf:87:95:8d:ed:77:bd:d4:8e:32:c3:97:98:
                    8e:f2:a7:97:05:73:81:7c:f9:bc:3d:81:5a:01:07:
                    e6:50:e6:c9:d0:ff:6c:a6:50:3d:ec:a5:e3:02:5f:
                    d9:a8:54:f1:4e:db:06:22:50:e1:10:96:11:da:c4:
                    af:bb:73:91:0c:9b:93:a5:e3:74:f4:6b:c6:5a:9e:
                    c6:09:52:cf:1b:cc:86:77:7e:e6:e2:27:3f:a3:15:
                    3b:a3:d8:a3:8c:36:83:d6:29:98:51:2f:82:48:0c:
                    3f:c2:4c:bc:bf:ef:a6:03:be:e0:d2:4d:5e:ea:90:
                    8e:2a:25:3a:30:07:b4:59:27:8f:81:a7:69:b9:c3:
                    df:f0:50:51:a5:90:92:c6:d1:aa:fa:52:18:c7:a8:
                    e5:ee:6f:ef:98:de:b5:87:69:5d:cf:a7:f2:f4:83:
                    3f:4b:43:f0:e6:c3:69:47:bc:50:56:26:a9:8e:a6:
                    4d:c5:ca:ad:47:9b:70:0f:98:74:7a:71:d7:96:e1:
                    84:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1E:1D:B0:B3:0C:B1:E6:44:2D:EB:BB:FE:F1:FA:91:05:2B:B6:E5
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3231322e34372e33362e302f32342d3234203d3e2039333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.47.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:cc:40:9f:4e:68:32:fb:df:05:d7:c9:ad:5c:5d:69:df:de:
         dc:26:88:22:a3:77:33:f7:98:cf:28:ed:24:5b:5f:3a:38:11:
         59:b9:86:ba:7a:7b:3c:c5:9d:4d:39:46:70:c2:68:39:b9:bd:
         84:e4:a2:80:23:e9:e8:f8:7b:88:d9:17:55:14:cc:c1:23:e8:
         6f:4c:a7:b1:02:00:f9:7e:21:65:2f:37:a0:1a:b2:6a:21:6d:
         77:4f:ba:f6:50:1b:ca:37:fd:9c:5d:47:6f:86:5e:50:34:95:
         7c:67:d8:89:5f:7f:65:4f:c9:67:36:85:72:8b:1d:26:38:59:
         a2:74:19:e4:8f:47:75:76:01:67:d8:d4:3c:b7:dd:28:0c:66:
         56:d5:1d:11:fb:2a:63:b0:41:32:56:f0:07:de:c7:00:77:f4:
         1b:92:90:f3:4f:7a:11:ad:7b:1d:da:6d:39:cf:8c:1d:0a:01:
         34:27:d8:7b:e0:72:8f:93:56:5d:b7:db:a7:92:4f:30:dd:d5:
         1e:6a:f8:f3:f0:07:43:c4:0e:db:e1:b2:7d:ce:0a:ae:35:16:
         be:e7:d3:ef:ef:1e:2e:aa:c6:2a:3a:d6:e3:2f:33:17:ec:24:
         58:52:8b:40:84:7c:b0:e9:65:5e:26:9c:23:3a:e1:ca:fd:73:
         9e:00:cf:ee
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUCLI+nx90pJ59YAhbpvAT/HvAdxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMDQxMzM0MjJaFw0yNzAyMDMxMzM5MjJaMDMxMTAvBgNV
BAMTKDBGMUUxREIwQjMwQ0IxRTY0NDJERUJCQkZFRjFGQTkxMDUyQkI2RTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDArfkYQySybrMCiq9bAkcF9c9Y
aS+3dI9IKd1zRKjhCKv4AQ78YLgSXF1lm53hPzt95eu1pV1uwA7EBGYRz4eVje13
vdSOMsOXmI7yp5cFc4F8+bw9gVoBB+ZQ5snQ/2ymUD3speMCX9moVPFO2wYiUOEQ
lhHaxK+7c5EMm5Ol43T0a8ZansYJUs8bzIZ3fubiJz+jFTuj2KOMNoPWKZhRL4JI
DD/CTLy/76YDvuDSTV7qkI4qJTowB7RZJ4+Bp2m5w9/wUFGlkJLG0ar6UhjHqOXu
b++Y3rWHaV3Pp/L0gz9LQ/Dmw2lHvFBWJqmOpk3Fyq1Hm3APmHR6cdeW4YRVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUDx4dsLMMseZELeu7/vH6kQUrtuUwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzIzMTMyMmUzNDM3MmUzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzkzMzMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADULyQw
DQYJKoZIhvcNAQELBQADggEBAIHMQJ9OaDL73wXXya1cXWnf3twmiCKjdzP3mM8o
7SRbXzo4EVm5hrp6ezzFnU05RnDCaDm5vYTkooAj6ej4e4jZF1UUzMEj6G9Mp7EC
APl+IWUvN6AasmohbXdPuvZQG8o3/ZxdR2+GXlA0lXxn2Ilff2VPyWc2hXKLHSY4
WaJ0GeSPR3V2AWfY1Dy33SgMZlbVHRH7KmOwQTJW8AfexwB39BuSkPNPehGtex3a
bTnPjB0KATQn2Hvgco+TVl2326eSTzDd1R5q+PPwB0PEDtvhsn3OCq41Fr7n0+/v
Hi6qxio61uMvMxfsJFhSi0CEfLDpZV4mnCM64cr9c54Az+4=
-----END CERTIFICATE-----