Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
File:                     34352e31332e3134392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          PqF1eE/0Vytv7KbARFQc98GTbtGeCuQLtbd2lwf8340=
Subject key identifier:   3B:FF:6C:32:04:99:DE:68:87:55:F4:85:45:5E:2A:E0:BF:25:3D:66
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       514CB88C33D0CFEEFAAEF0951829271BBC58B7CE
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 09 Apr 2026 17:47:04 +0000
ROA not before:           Thu 09 Apr 2026 17:42:04 +0000
ROA not after:            Thu 08 Apr 2027 17:47:04 +0000
asID:                     61317
IP address blocks:        45.13.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:4c:b8:8c:33:d0:cf:ee:fa:ae:f0:95:18:29:27:1b:bc:58:b7:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Apr  9 17:42:04 2026 GMT
            Not After : Apr  8 17:47:04 2027 GMT
        Subject: CN=3BFF6C320499DE688755F485455E2AE0BF253D66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b7:93:c4:ba:53:b3:72:4e:18:44:65:de:c3:
                    4d:3b:8c:b7:7a:77:be:29:18:58:65:a4:58:41:44:
                    21:12:39:27:7c:48:7a:48:34:e0:35:6f:08:3a:fd:
                    1f:ce:a6:84:9a:13:1a:32:51:41:c3:9b:77:c7:99:
                    c3:43:e2:f8:77:72:25:2e:3d:88:c7:f4:59:db:fc:
                    bd:19:28:95:7b:14:7c:d5:cb:29:44:35:ec:f4:38:
                    18:cf:38:b1:bc:cd:a4:26:9b:83:47:91:30:49:61:
                    77:bd:0c:27:c5:cd:46:31:6d:00:fd:c3:6a:ba:3a:
                    d4:9f:72:f5:40:13:c0:76:d7:c4:7e:50:14:0d:5c:
                    7e:49:05:a3:6f:6b:cb:e5:64:53:45:f0:0e:74:e0:
                    82:c0:06:0d:07:eb:cc:eb:45:c2:2b:c4:75:e0:95:
                    5b:29:c6:75:49:eb:43:45:56:99:ea:1a:a1:84:ec:
                    39:01:a1:1d:bc:8c:c0:5f:d3:19:3e:ec:b9:82:a1:
                    95:a3:9e:90:1f:51:a3:3b:77:45:66:7d:9f:d0:c4:
                    91:cf:41:88:3b:2f:5b:f8:bc:82:c2:54:0b:a1:bf:
                    75:aa:bf:79:e7:55:f7:55:ea:ba:9c:35:d8:de:59:
                    8d:3d:27:e3:af:60:81:e8:01:c1:6a:f1:c6:d5:ce:
                    2b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FF:6C:32:04:99:DE:68:87:55:F4:85:45:5E:2A:E0:BF:25:3D:66
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e31332e3134392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:c1:1c:d4:70:31:62:4a:c9:39:7e:95:01:fa:f8:b1:05:29:
         90:56:56:e5:5e:fe:45:6e:98:72:f4:45:69:1d:f5:31:3a:6c:
         41:a9:6b:8c:fd:de:18:93:49:a6:c4:a8:dd:ed:f8:15:49:b0:
         2a:ea:fc:e9:5f:08:d7:13:c6:4a:45:6b:58:3a:44:c6:30:1e:
         1d:9f:9e:ad:5c:f8:28:70:4d:06:a7:66:b3:76:37:5e:94:7f:
         dc:46:f8:78:0b:8b:e8:e7:08:f6:d2:c9:7b:d9:ff:23:03:b1:
         75:35:41:82:35:f8:18:0f:bf:29:a9:f2:ce:87:4b:7e:ee:dd:
         94:ec:5d:71:51:45:58:6a:fa:71:ed:3a:a5:5a:7f:56:5a:f7:
         60:bf:c5:76:12:20:e2:ef:f0:68:b3:e2:97:e0:a7:bb:27:b3:
         eb:4e:e6:4d:3c:24:86:32:28:4e:ae:d8:7e:21:38:18:45:78:
         34:29:a1:96:0d:eb:f1:8c:2f:41:02:0a:d0:c3:2d:e1:46:b9:
         7e:08:ac:f8:22:94:5f:65:51:85:53:b6:31:e5:de:f0:b3:28:
         0c:b7:42:aa:53:73:01:49:94:44:b1:fd:12:45:1c:02:45:d2:
         d8:c4:08:1b:e8:d9:b7:94:66:de:5b:63:7a:70:05:c8:cf:18:
         3a:73:73:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUUy4jDPQz+76rvCVGCknG7xYt84wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA0MDkxNzQyMDRaFw0yNzA0MDgxNzQ3MDRaMDMxMTAvBgNV
BAMTKDNCRkY2QzMyMDQ5OURFNjg4NzU1RjQ4NTQ1NUUyQUUwQkYyNTNENjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCft5PEulOzck4YRGXew007jLd6
d74pGFhlpFhBRCESOSd8SHpINOA1bwg6/R/OpoSaExoyUUHDm3fHmcND4vh3ciUu
PYjH9Fnb/L0ZKJV7FHzVyylENez0OBjPOLG8zaQmm4NHkTBJYXe9DCfFzUYxbQD9
w2q6OtSfcvVAE8B218R+UBQNXH5JBaNva8vlZFNF8A504ILABg0H68zrRcIrxHXg
lVspxnVJ60NFVpnqGqGE7DkBoR28jMBf0xk+7LmCoZWjnpAfUaM7d0VmfZ/QxJHP
QYg7L1v4vILCVAuhv3Wqv3nnVfdV6rqcNdjeWY09J+OvYIHoAcFq8cbVzivtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUO/9sMgSZ3miHVfSFRV4q4L8lPWYwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzEzMzJlMzEzNDM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0N
lTANBgkqhkiG9w0BAQsFAAOCAQEAc8Ec1HAxYkrJOX6VAfr4sQUpkFZW5V7+RW6Y
cvRFaR31MTpsQalrjP3eGJNJpsSo3e34FUmwKur86V8I1xPGSkVrWDpExjAeHZ+e
rVz4KHBNBqdms3Y3XpR/3Eb4eAuL6OcI9tLJe9n/IwOxdTVBgjX4GA+/KanyzodL
fu7dlOxdcVFFWGr6ce06pVp/Vlr3YL/FdhIg4u/waLPil+Cnuyez607mTTwkhjIo
Tq7YfiE4GEV4NCmhlg3r8YwvQQIK0MMt4Ua5fgis+CKUX2VRhVO2MeXe8LMoDLdC
qlNzAUmURLH9EkUcAkXS2MQIG+jZt5Rm3ltjenAFyM8YOnNzsA==
-----END CERTIFICATE-----