Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e203133333335.roa
File:                     34352e38312e35382e302f32342d3234203d3e203133333335.roa (raw, json)
Hash identifier:          q1odFkTeiB/pBEbWg5JpQkAxpmrH9S0QmR2/CtllItc=
Subject key identifier:   DF:13:52:F8:F6:8D:7F:1A:0B:9A:E9:3F:08:E1:C8:BB:1E:CF:49:5F
Certificate issuer:       /CN=5da3215abfa4621d57709f838a92801f2e90ddfe
Certificate serial:       2152F3CB88D0F5699B6FDDB4AE468282886DF89C
Authority key identifier: 5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e203133333335.roa
Signing time:             Fri 20 Feb 2026 21:50:55 +0000
ROA not before:           Fri 20 Feb 2026 21:45:55 +0000
ROA not after:            Fri 19 Feb 2027 21:50:55 +0000
asID:                     13335
IP address blocks:        45.81.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:52:f3:cb:88:d0:f5:69:9b:6f:dd:b4:ae:46:82:82:88:6d:f8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3215abfa4621d57709f838a92801f2e90ddfe
        Validity
            Not Before: Feb 20 21:45:55 2026 GMT
            Not After : Feb 19 21:50:55 2027 GMT
        Subject: CN=DF1352F8F68D7F1A0B9AE93F08E1C8BB1ECF495F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:af:2a:88:a0:f1:d1:55:b9:99:b0:cd:0d:2a:
                    7a:b9:61:0c:57:d0:84:ef:69:9f:41:1a:f3:72:29:
                    e0:0b:f6:4e:0e:de:08:dd:4b:31:9d:10:25:7a:69:
                    9d:8a:32:8c:8b:72:19:77:8c:fa:1b:ed:af:90:d9:
                    35:dd:1b:d7:fc:d0:c6:29:dc:e3:6b:1f:a5:8e:fc:
                    29:6b:3a:82:30:40:54:02:98:bc:ee:96:73:a9:ad:
                    11:86:43:64:13:ad:ad:55:0f:ae:6e:a3:91:7a:ce:
                    da:32:8a:4e:bd:de:61:c4:eb:38:81:bb:8d:a2:f6:
                    25:87:44:c7:c0:40:44:07:01:97:db:c8:e4:3c:6e:
                    9e:a3:ce:b8:d6:dd:2b:1f:9c:7f:0e:12:b8:d2:32:
                    ee:be:b5:3b:50:b6:8a:f2:8f:37:60:98:38:77:83:
                    c1:f3:95:cd:ab:8f:39:72:86:06:91:1f:41:6c:f4:
                    a8:4c:86:8f:0f:23:f0:de:7a:bb:30:21:9f:b8:f0:
                    f9:95:67:ab:8d:64:14:69:38:71:9d:1e:6b:b4:9e:
                    fd:5c:7a:25:3b:2e:2f:af:7b:7e:6a:f6:bd:46:9d:
                    96:3a:ca:69:3f:48:b0:56:da:c1:85:db:d1:9e:5e:
                    ea:42:f3:83:21:17:84:0d:61:13:35:3b:f4:f0:b7:
                    e3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:13:52:F8:F6:8D:7F:1A:0B:9A:E9:3F:08:E1:C8:BB:1E:CF:49:5F
            X509v3 Authority Key Identifier:
                keyid:5D:A3:21:5A:BF:A4:62:1D:57:70:9F:83:8A:92:80:1F:2E:90:DD:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/5DA3215ABFA4621D57709F838A92801F2E90DDFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaMhWr-kYh1XcJ-DipKAHy6Q3f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf24567b-7a74-4c1f-aa85-dd24af73ccbb/0/34352e38312e35382e302f32342d3234203d3e203133333335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:23:7d:a9:99:72:31:5d:09:45:69:56:40:12:b7:82:84:c6:
         2e:35:a9:48:8e:cc:14:10:d0:7f:d9:6f:58:7c:9c:d4:ce:4f:
         14:b3:d2:1d:95:52:3e:e2:89:3d:7b:07:3d:20:ac:7d:04:2d:
         de:87:d6:2e:68:eb:f0:0e:64:17:be:61:45:b3:bc:03:81:27:
         20:6e:b6:dc:19:8f:7f:8f:cb:3f:40:c4:94:c8:a1:e6:26:d8:
         fc:fc:1c:b5:99:bd:05:07:c9:00:42:bb:ad:b2:d9:56:c9:9a:
         aa:fd:ea:71:ea:df:f4:d3:06:74:8c:86:45:dd:91:87:13:5c:
         47:2b:27:fd:38:46:4d:a3:13:ef:fb:30:11:92:be:54:3e:8c:
         82:5d:79:df:12:57:1a:a3:e8:aa:a0:13:15:fc:92:f2:de:b0:
         35:ff:37:30:14:f5:e2:56:ab:dc:e4:b7:8c:43:ca:41:da:91:
         86:9f:94:45:76:26:43:9b:50:65:f5:88:79:ec:1d:1d:32:4b:
         d5:54:7f:67:fb:d0:53:6e:31:5a:85:ae:0c:93:eb:de:71:fe:
         b2:b7:f5:51:ae:01:62:c4:c1:99:2c:3a:79:77:70:6b:c9:8a:
         ba:b8:b8:48:ae:06:02:96:59:9b:b8:d9:7c:3f:05:6d:ab:b6:
         0f:3a:34:93
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUIVLzy4jQ9Wmbb920rkaCgoht+JwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNWRhMzIxNWFiZmE0NjIxZDU3NzA5ZjgzOGE5MjgwMWYy
ZTkwZGRmZTAeFw0yNjAyMjAyMTQ1NTVaFw0yNzAyMTkyMTUwNTVaMDMxMTAvBgNV
BAMTKERGMTM1MkY4RjY4RDdGMUEwQjlBRTkzRjA4RTFDOEJCMUVDRjQ5NUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcryqIoPHRVbmZsM0NKnq5YQxX
0ITvaZ9BGvNyKeAL9k4O3gjdSzGdECV6aZ2KMoyLchl3jPob7a+Q2TXdG9f80MYp
3ONrH6WO/ClrOoIwQFQCmLzulnOprRGGQ2QTra1VD65uo5F6ztoyik693mHE6ziB
u42i9iWHRMfAQEQHAZfbyOQ8bp6jzrjW3SsfnH8OErjSMu6+tTtQtoryjzdgmDh3
g8Hzlc2rjzlyhgaRH0Fs9KhMho8PI/DeerswIZ+48PmVZ6uNZBRpOHGdHmu0nv1c
eiU7Li+ve35q9r1GnZY6ymk/SLBW2sGF29GeXupC84MhF4QNYRM1O/Twt+OHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3xNS+PaNfxoLmuk/COHIux7PSV8wHwYDVR0j
BBgwFoAUXaMhWr+kYh1XcJ+DipKAHy6Q3f4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYyNDU2N2ItN2E3NC00YzFmLWFhODUtZGQyNGFmNzNj
Y2JiLzAvNURBMzIxNUFCRkE0NjIxRDU3NzA5RjgzOEE5MjgwMUYyRTkwRERGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1hhTWhXci1rWWgxWGNKLURpcEtBSHk2
UTNmNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYyNDU2N2It
N2E3NC00YzFmLWFhODUtZGQyNGFmNzNjY2JiLzAvMzQzNTJlMzgzMTJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzMzMzMzMzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUTow
DQYJKoZIhvcNAQELBQADggEBAE8jfamZcjFdCUVpVkASt4KExi41qUiOzBQQ0H/Z
b1h8nNTOTxSz0h2VUj7iiT17Bz0grH0ELd6H1i5o6/AOZBe+YUWzvAOBJyButtwZ
j3+Pyz9AxJTIoeYm2Pz8HLWZvQUHyQBCu62y2VbJmqr96nHq3/TTBnSMhkXdkYcT
XEcrJ/04Rk2jE+/7MBGSvlQ+jIJded8SVxqj6KqgExX8kvLesDX/NzAU9eJWq9zk
t4xDykHakYaflEV2JkObUGX1iHnsHR0yS9VUf2f70FNuMVqFrgyT695x/rK39VGu
AWLEwZksOnl3cGvJirq4uEiuBgKWWZu42Xw/BW2rtg86NJM=
-----END CERTIFICATE-----