Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
File:                     34352e31332e3134382e302f32332d3233203d3e203632333837.roa (raw, json)
Hash identifier:          mtoEJfZDnNC4yDUgLMX3zgAOQvqNn4zdImsuSsOQHFo=
Subject key identifier:   8E:F5:29:55:27:51:3E:88:00:6C:89:F7:14:9F:02:6A:67:DA:86:4A
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       7EB19D1C873AF603A570EE5222BB8A4BC06BDB20
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa
Signing time:             Thu 09 Apr 2026 17:47:04 +0000
ROA not before:           Thu 09 Apr 2026 17:42:04 +0000
ROA not after:            Thu 08 Apr 2027 17:47:04 +0000
asID:                     62387
IP address blocks:        45.13.148.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:b1:9d:1c:87:3a:f6:03:a5:70:ee:52:22:bb:8a:4b:c0:6b:db:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Apr  9 17:42:04 2026 GMT
            Not After : Apr  8 17:47:04 2027 GMT
        Subject: CN=8EF5295527513E88006C89F7149F026A67DA864A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:32:d3:a2:75:b3:3c:07:b6:5a:dd:da:2f:50:
                    8b:c7:32:ff:6a:49:26:f0:06:a8:4c:14:a7:c5:c4:
                    44:3c:01:27:1f:79:38:24:3f:a6:bf:48:1b:c6:b1:
                    0a:f4:b1:1a:88:17:3b:07:70:64:63:5c:1f:cd:6d:
                    81:0c:9b:cb:2c:bf:5a:9a:5d:cf:14:be:54:76:b0:
                    b5:27:df:77:d5:53:b3:43:02:32:10:d9:27:db:22:
                    a1:1a:21:d0:eb:af:ed:ad:1f:ae:1a:b7:7a:5d:14:
                    7c:f2:af:ea:16:e9:e7:f8:fd:e2:a9:85:e4:66:9a:
                    77:7e:90:56:57:9b:1a:5a:52:6b:b9:48:65:93:ac:
                    62:f0:5b:8f:d4:9f:c8:f5:f9:c2:dc:ac:63:ae:2c:
                    27:8c:2d:b1:3a:fa:6e:9a:d2:55:31:30:ba:74:a7:
                    10:28:fe:06:6f:ca:d0:4f:7e:1e:8a:9a:1a:30:97:
                    44:e0:29:b1:7b:c9:dc:3c:fa:eb:1b:f5:97:b9:e4:
                    e4:7d:a2:05:09:9b:e3:3f:1e:8f:f9:c8:03:38:b0:
                    5e:e7:be:ab:cd:c6:21:09:dc:2e:92:ff:76:c3:fe:
                    eb:7d:1e:46:10:4c:4b:3d:a5:cb:1d:14:e3:ec:54:
                    9e:ac:44:54:00:6c:e9:dd:d3:04:d3:d1:f2:1e:23:
                    0b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:F5:29:55:27:51:3E:88:00:6C:89:F7:14:9F:02:6A:67:DA:86:4A
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134382e302f32332d3233203d3e203632333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:fd:f0:58:cc:9e:17:91:7a:e2:ab:ab:ba:9b:f6:ce:7f:15:
         b3:fb:a5:e3:c8:4f:75:48:bc:05:85:ee:08:08:ba:d1:8c:73:
         d0:81:84:c2:11:8f:70:4c:df:b0:0b:cc:9e:d6:f2:14:67:ff:
         68:cd:73:6d:41:b8:e6:1a:57:06:e1:b0:64:c5:dd:1b:32:0f:
         2a:b9:fb:ea:e4:16:bc:46:96:83:58:fb:87:5d:a3:47:c1:c9:
         58:99:3d:a0:66:bc:e3:3c:ba:4f:6d:85:f1:27:4e:b4:36:8c:
         b0:54:01:76:24:b7:a7:52:1f:7e:50:ef:9f:9d:74:df:8c:67:
         10:fa:75:45:4c:a9:4d:d6:5b:8d:7a:5f:91:c1:96:a6:57:a2:
         8c:a7:35:38:86:08:48:2a:b5:f8:15:7f:50:2b:b5:b1:ae:48:
         74:3d:82:f2:a7:dc:e2:7e:4c:01:7d:8e:a1:55:19:b2:02:bd:
         d2:59:18:7f:a3:46:ad:37:0b:07:f9:20:64:27:15:36:af:68:
         15:4f:f4:08:dd:4a:ab:94:e5:25:38:6c:94:0f:8e:1d:e8:74:
         26:e6:b2:da:20:9f:ec:40:da:af:7d:14:3a:da:bd:87:7a:ee:
         4c:68:df:48:4f:50:f7:dd:e0:ac:ec:ee:99:e5:03:77:f0:7c:
         cf:3f:be:e6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfrGdHIc69gOlcO5SIruKS8Br2yAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA0MDkxNzQyMDRaFw0yNzA0MDgxNzQ3MDRaMDMxMTAvBgNV
BAMTKDhFRjUyOTU1Mjc1MTNFODgwMDZDODlGNzE0OUYwMjZBNjdEQTg2NEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPMtOidbM8B7Za3dovUIvHMv9q
SSbwBqhMFKfFxEQ8AScfeTgkP6a/SBvGsQr0sRqIFzsHcGRjXB/NbYEMm8ssv1qa
Xc8UvlR2sLUn33fVU7NDAjIQ2SfbIqEaIdDrr+2tH64at3pdFHzyr+oW6ef4/eKp
heRmmnd+kFZXmxpaUmu5SGWTrGLwW4/Un8j1+cLcrGOuLCeMLbE6+m6a0lUxMLp0
pxAo/gZvytBPfh6Kmhowl0TgKbF7ydw8+usb9Ze55OR9ogUJm+M/Ho/5yAM4sF7n
vqvNxiEJ3C6S/3bD/ut9HkYQTEs9pcsdFOPsVJ6sRFQAbOnd0wTT0fIeIwshAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjvUpVSdRPogAbIn3FJ8CamfahkowHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNDM4
MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzYzMjMzMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAS0N
lDANBgkqhkiG9w0BAQsFAAOCAQEArv3wWMyeF5F64qurupv2zn8Vs/ul48hPdUi8
BYXuCAi60Yxz0IGEwhGPcEzfsAvMntbyFGf/aM1zbUG45hpXBuGwZMXdGzIPKrn7
6uQWvEaWg1j7h12jR8HJWJk9oGa84zy6T22F8SdOtDaMsFQBdiS3p1IfflDvn510
34xnEPp1RUypTdZbjXpfkcGWpleijKc1OIYISCq1+BV/UCu1sa5IdD2C8qfc4n5M
AX2OoVUZsgK90lkYf6NGrTcLB/kgZCcVNq9oFU/0CN1Kq5TlJThslA+OHeh0Juay
2iCf7EDar30UOtq9h3ruTGjfSE9Q993grOzumeUDd/B8zz++5g==
-----END CERTIFICATE-----