Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
File:                     34352e382e3137352e302f32342d3234203d3e2037353632.roa (raw, json)
Hash identifier:          O5xaR+jQW/wFf5fQ4meB7PNzpTh/uGAmEj862jE+YtE=
Subject key identifier:   9E:05:1E:0B:3B:25:C0:BD:F6:D2:52:6A:28:C3:79:FE:9F:EB:FD:C9
Certificate issuer:       /CN=cefce449bea8deaedb1804dba25c584df5873dc4
Certificate serial:       02370DC8ECD75E75E5863297ED63FCF1284E5763
Authority key identifier: CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa
Signing time:             Thu 09 Apr 2026 17:47:04 +0000
ROA not before:           Thu 09 Apr 2026 17:42:04 +0000
ROA not after:            Thu 08 Apr 2027 17:47:04 +0000
asID:                     7562
IP address blocks:        45.8.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:37:0d:c8:ec:d7:5e:75:e5:86:32:97:ed:63:fc:f1:28:4e:57:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cefce449bea8deaedb1804dba25c584df5873dc4
        Validity
            Not Before: Apr  9 17:42:04 2026 GMT
            Not After : Apr  8 17:47:04 2027 GMT
        Subject: CN=9E051E0B3B25C0BDF6D2526A28C379FE9FEBFDC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cf:6a:1a:eb:8d:2d:27:17:98:53:fc:ed:b8:
                    e3:aa:45:c2:1e:bc:30:87:7d:10:b5:6d:10:50:0d:
                    6d:5e:7c:82:45:a0:b2:10:f4:fa:14:e0:b6:04:7b:
                    a8:ac:1d:55:eb:23:00:30:89:eb:31:9e:ba:7d:da:
                    2a:c5:63:03:61:11:de:8a:d8:85:62:75:35:11:00:
                    17:70:f8:7d:b6:46:76:e2:0e:d0:5f:85:93:b0:3d:
                    1a:ab:51:b5:3a:c5:11:c2:da:a7:57:e3:9f:b4:11:
                    be:ce:47:e9:3f:8b:39:f1:08:73:3a:ed:c8:eb:73:
                    2a:c0:c8:3e:2a:84:ec:79:b5:39:9e:a3:85:1d:f6:
                    3f:00:63:01:59:20:5c:0e:36:a0:e2:93:ae:b2:72:
                    22:db:0d:fa:02:ac:a5:8a:20:4b:1c:c7:08:92:0c:
                    8b:5a:d0:5d:32:07:5b:ef:bc:37:3d:6e:12:fd:28:
                    89:36:6b:06:95:ea:e0:21:8a:ab:74:00:dc:76:1d:
                    4d:58:bb:b1:64:d1:a8:7b:d2:2b:56:44:be:ba:43:
                    2f:98:5d:af:71:27:24:a5:2b:7e:1b:b0:4d:62:10:
                    5a:eb:26:03:68:d7:b3:f0:0c:a6:a6:f1:72:06:3f:
                    38:5a:a1:69:86:c9:b6:cd:94:1d:dc:10:83:55:6d:
                    5a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:05:1E:0B:3B:25:C0:BD:F6:D2:52:6A:28:C3:79:FE:9F:EB:FD:C9
            X509v3 Authority Key Identifier:
                keyid:CE:FC:E4:49:BE:A8:DE:AE:DB:18:04:DB:A2:5C:58:4D:F5:87:3D:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/CEFCE449BEA8DEAEDB1804DBA25C584DF5873DC4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zvzkSb6o3q7bGATbolxYTfWHPcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/d1b35f8b-6f48-4bad-b185-5c1daa8acda9/0/34352e382e3137352e302f32342d3234203d3e2037353632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:77:a3:ec:d3:fc:78:c1:a6:c4:45:8b:d0:a7:7a:56:1a:28:
         b7:53:9c:f0:2f:de:94:7a:01:f0:94:4f:a3:98:e6:d8:a2:25:
         75:ef:76:89:d5:ec:e0:2f:1f:58:52:c6:44:50:c7:8a:d2:0c:
         f0:53:dd:75:61:3b:48:ff:d1:b2:68:2f:ed:ca:62:e6:36:a5:
         ff:7c:fe:5f:a8:e9:5b:81:03:ec:d7:a0:b0:4e:90:19:a8:42:
         77:76:ff:a6:4f:18:7a:d4:22:03:24:1d:49:a4:0b:48:e5:f9:
         21:00:69:69:44:f9:8f:2b:e9:99:e0:7f:c1:6c:46:3f:91:fc:
         1a:5f:f3:bb:53:9b:36:8a:bf:82:3f:52:b9:e7:81:bb:18:14:
         eb:69:c1:4a:36:b9:0a:c7:13:dc:67:db:4f:b1:8f:2f:09:c4:
         01:e6:63:6f:39:91:4f:1e:de:15:c2:57:a6:88:bf:73:e7:2c:
         24:22:7e:a7:bb:ad:c6:1a:43:eb:e4:43:7b:2e:c7:88:c3:20:
         d1:40:9c:75:73:4d:d9:3a:ed:f8:fe:6e:f1:83:95:92:78:00:
         88:6f:e4:02:ab:85:29:f1:e5:bb:12:9a:95:0b:9b:7b:28:45:
         a2:c6:2c:6c:42:14:5d:55:3c:a7:d6:dd:5f:36:b6:20:39:46:
         80:1f:ff:27
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAjcNyOzXXnXlhjKX7WP88ShOV2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoY2VmY2U0NDliZWE4ZGVhZWRiMTgwNGRiYTI1YzU4NGRm
NTg3M2RjNDAeFw0yNjA0MDkxNzQyMDRaFw0yNzA0MDgxNzQ3MDRaMDMxMTAvBgNV
BAMTKDlFMDUxRTBCM0IyNUMwQkRGNkQyNTI2QTI4QzM3OUZFOUZFQkZEQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7z2oa640tJxeYU/ztuOOqRcIe
vDCHfRC1bRBQDW1efIJFoLIQ9PoU4LYEe6isHVXrIwAwiesxnrp92irFYwNhEd6K
2IVidTURABdw+H22RnbiDtBfhZOwPRqrUbU6xRHC2qdX45+0Eb7OR+k/iznxCHM6
7cjrcyrAyD4qhOx5tTmeo4Ud9j8AYwFZIFwONqDik66yciLbDfoCrKWKIEscxwiS
DIta0F0yB1vvvDc9bhL9KIk2awaV6uAhiqt0ANx2HU1Yu7Fk0ah70itWRL66Qy+Y
Xa9xJySlK34bsE1iEFrrJgNo17PwDKam8XIGPzhaoWmGybbNlB3cEINVbVoDAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUngUeCzslwL320lJqKMN5/p/r/ckwHwYDVR0j
BBgwFoAUzvzkSb6o3q7bGATbolxYTfWHPcQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZDFiMzVmOGItNmY0OC00YmFkLWIxODUtNWMxZGFhOGFj
ZGE5LzAvQ0VGQ0U0NDlCRUE4REVBRURCMTgwNERCQTI1QzU4NERGNTg3M0RDNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3p2emtTYjZvM3E3YkdBVGJvbHhZVGZX
SFBjUS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZDFiMzVmOGIt
NmY0OC00YmFkLWIxODUtNWMxZGFhOGFjZGE5LzAvMzQzNTJlMzgyZTMxMzczNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzUzNjMyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQivMA0G
CSqGSIb3DQEBCwUAA4IBAQB3d6Ps0/x4wabERYvQp3pWGii3U5zwL96UegHwlE+j
mObYoiV173aJ1ezgLx9YUsZEUMeK0gzwU911YTtI/9GyaC/tymLmNqX/fP5fqOlb
gQPs16CwTpAZqEJ3dv+mTxh61CIDJB1JpAtI5fkhAGlpRPmPK+mZ4H/BbEY/kfwa
X/O7U5s2ir+CP1K554G7GBTracFKNrkKxxPcZ9tPsY8vCcQB5mNvOZFPHt4Vwlem
iL9z5ywkIn6nu63GGkPr5EN7LseIwyDRQJx1c03ZOu34/m7xg5WSeACIb+QCq4Up
8eW7EpqVC5t7KEWixixsQhRdVTyn1t1fNrYgOUaAH/8n
-----END CERTIFICATE-----