Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/34362e31382e39312e302f32342d3234203d3e20323032373932.roa
File:                     34362e31382e39312e302f32342d3234203d3e20323032373932.roa (raw, json)
Hash identifier:          ntblaebzWfMZkapnZj/wCZOlMJjioVqZTa39aOgNWdQ=
Subject key identifier:   A1:E3:80:80:7E:37:A3:7A:5B:96:58:40:0C:81:A1:F2:95:3B:4C:40
Certificate issuer:       /CN=d455dec4f1ebc2a64f5ccc2ee9292731eb82113d
Certificate serial:       3F9AEF68576585F1B6739D26BC47A67F759B42B0
Authority key identifier: D4:55:DE:C4:F1:EB:C2:A6:4F:5C:CC:2E:E9:29:27:31:EB:82:11:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FXexPHrwqZPXMwu6SknMeuCET0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/34362e31382e39312e302f32342d3234203d3e20323032373932.roa
Signing time:             Fri 17 Apr 2026 09:48:55 +0000
ROA not before:           Fri 17 Apr 2026 09:43:55 +0000
ROA not after:            Fri 16 Apr 2027 09:48:55 +0000
asID:                     202792
IP address blocks:        46.18.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/D455DEC4F1EBC2A64F5CCC2EE9292731EB82113D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/D455DEC4F1EBC2A64F5CCC2EE9292731EB82113D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FXexPHrwqZPXMwu6SknMeuCET0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 11:29:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:9a:ef:68:57:65:85:f1:b6:73:9d:26:bc:47:a6:7f:75:9b:42:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d455dec4f1ebc2a64f5ccc2ee9292731eb82113d
        Validity
            Not Before: Apr 17 09:43:55 2026 GMT
            Not After : Apr 16 09:48:55 2027 GMT
        Subject: CN=A1E380807E37A37A5B9658400C81A1F2953B4C40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4a:90:33:7e:dd:a6:2b:87:fa:73:96:f3:8b:
                    35:85:28:ba:9a:34:c8:d0:ca:22:78:29:5b:23:0d:
                    61:17:1d:6f:81:ea:e8:7e:90:92:25:79:66:80:0a:
                    c2:d8:31:6a:9b:d0:9a:72:c3:65:ea:e0:8d:3b:64:
                    69:08:03:94:62:03:8a:92:e2:4c:bb:8e:b5:26:db:
                    1d:f7:99:ca:cd:ff:a4:56:1d:ee:ed:84:25:47:21:
                    84:6c:18:5e:7a:f9:1c:0c:af:95:95:4f:76:19:f7:
                    91:57:1b:42:14:24:c7:62:0e:ed:f5:ed:4d:84:37:
                    d7:cc:c2:c2:17:b4:24:4f:19:36:31:d4:c9:00:cd:
                    ce:9e:9e:01:ba:53:3a:bd:3f:25:37:6d:0a:1d:9b:
                    ac:9d:3d:7d:2d:5a:b9:98:06:15:d6:6d:f9:62:52:
                    0f:bb:bc:7e:e2:b9:a4:88:7a:93:af:35:ca:97:04:
                    6b:ec:d5:ca:66:65:74:e0:39:55:51:d6:db:9f:90:
                    1e:25:14:00:3c:96:71:77:d1:68:db:ea:78:0b:d8:
                    50:06:4f:68:7e:72:4d:c5:e9:a8:98:ed:81:60:2b:
                    fd:a0:3d:ab:b1:86:bf:9c:7d:66:21:25:1f:16:bd:
                    ec:62:39:64:66:c6:7b:b8:51:eb:22:6e:17:cd:f9:
                    01:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E3:80:80:7E:37:A3:7A:5B:96:58:40:0C:81:A1:F2:95:3B:4C:40
            X509v3 Authority Key Identifier:
                keyid:D4:55:DE:C4:F1:EB:C2:A6:4F:5C:CC:2E:E9:29:27:31:EB:82:11:3D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/D455DEC4F1EBC2A64F5CCC2EE9292731EB82113D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FXexPHrwqZPXMwu6SknMeuCET0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c8d08b30-64c7-404b-9873-2e04bd74c140/0/34362e31382e39312e302f32342d3234203d3e20323032373932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:1a:fe:10:df:30:a0:b1:58:da:b4:a5:75:ce:88:d0:57:fd:
         5c:19:d1:f5:b4:a2:77:8f:b4:4d:e5:fc:9e:e3:d2:41:3b:44:
         d6:68:4d:a5:ca:d7:6a:83:66:67:e3:45:78:47:8e:00:ed:69:
         02:3a:94:1a:dd:46:2b:94:49:bd:77:cd:38:c8:b6:ff:14:9f:
         09:6b:82:96:1c:5f:bc:7a:31:e0:81:c2:58:73:75:32:f5:7f:
         9d:19:e5:98:36:ee:ec:1b:42:47:17:b0:55:7c:a3:a4:d8:a0:
         f5:b4:20:b5:61:fe:de:59:9c:b1:c9:01:76:f0:c9:3e:12:7e:
         0a:5f:8a:2c:4f:03:9a:7c:4b:99:d1:93:52:a5:92:c5:0d:15:
         0d:89:5e:2a:6a:33:4e:30:2d:9e:4f:24:eb:f1:5a:fd:eb:29:
         8b:f0:e6:e9:e0:2d:2a:9d:a5:83:51:25:e8:cb:be:cb:5f:4e:
         41:1c:75:57:a2:1d:b1:2e:a3:3b:b7:09:ba:40:ad:6c:c6:3c:
         5b:64:03:1d:2b:c9:f6:c9:6b:49:8e:8b:aa:23:f0:22:db:3a:
         d7:ad:fc:67:e5:9f:55:73:ec:83:1d:ab:01:75:71:31:62:c9:
         c8:3f:03:26:f5:4d:60:9f:80:61:60:db:ed:86:fd:41:ea:ba:
         77:bb:8d:06
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP5rvaFdlhfG2c50mvEemf3WbQrAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ1NWRlYzRmMWViYzJhNjRmNWNjYzJlZTkyOTI3MzFl
YjgyMTEzZDAeFw0yNjA0MTcwOTQzNTVaFw0yNzA0MTYwOTQ4NTVaMDMxMTAvBgNV
BAMTKEExRTM4MDgwN0UzN0EzN0E1Qjk2NTg0MDBDODFBMUYyOTUzQjRDNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0SpAzft2mK4f6c5bzizWFKLqa
NMjQyiJ4KVsjDWEXHW+B6uh+kJIleWaACsLYMWqb0Jpyw2Xq4I07ZGkIA5RiA4qS
4ky7jrUm2x33mcrN/6RWHe7thCVHIYRsGF56+RwMr5WVT3YZ95FXG0IUJMdiDu31
7U2EN9fMwsIXtCRPGTYx1MkAzc6engG6Uzq9PyU3bQodm6ydPX0tWrmYBhXWbfli
Ug+7vH7iuaSIepOvNcqXBGvs1cpmZXTgOVVR1tufkB4lFAA8lnF30Wjb6ngL2FAG
T2h+ck3F6aiY7YFgK/2gPauxhr+cfWYhJR8WvexiOWRmxnu4UesibhfN+QHtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUoeOAgH43o3pbllhADIGh8pU7TEAwHwYDVR0j
BBgwFoAU1FXexPHrwqZPXMwu6SknMeuCET0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzhkMDhiMzAtNjRjNy00MDRiLTk4NzMtMmUwNGJkNzRj
MTQwLzAvRDQ1NURFQzRGMUVCQzJBNjRGNUNDQzJFRTkyOTI3MzFFQjgyMTEzRC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFGWGV4UEhyd3FaUFhNd3U2U2tuTWV1
Q0VUMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzhkMDhiMzAt
NjRjNy00MDRiLTk4NzMtMmUwNGJkNzRjMTQwLzAvMzQzNjJlMzEzODJlMzkzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMjM3MzkzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC4S
WzANBgkqhkiG9w0BAQsFAAOCAQEAehr+EN8woLFY2rSldc6I0Ff9XBnR9bSid4+0
TeX8nuPSQTtE1mhNpcrXaoNmZ+NFeEeOAO1pAjqUGt1GK5RJvXfNOMi2/xSfCWuC
lhxfvHox4IHCWHN1MvV/nRnlmDbu7BtCRxewVXyjpNig9bQgtWH+3lmcsckBdvDJ
PhJ+Cl+KLE8DmnxLmdGTUqWSxQ0VDYleKmozTjAtnk8k6/Fa/espi/Dm6eAtKp2l
g1El6Mu+y19OQRx1V6IdsS6jO7cJukCtbMY8W2QDHSvJ9slrSY6LqiPwIts61638
Z+WfVXPsgx2rAXVxMWLJyD8DJvVNYJ+AYWDb7Yb9Qeq6d7uNBg==
-----END CERTIFICATE-----