Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3139312e302f32342d3234203d3e203236373339.roa
File:                     34352e31312e3139312e302f32342d3234203d3e203236373339.roa (raw, json)
Hash identifier:          4U+XCcdM3m36AmTYE/FsJZIfEAQZyTwJ33grS6lQ53w=
Subject key identifier:   B2:98:80:E4:0A:D1:24:21:81:51:15:38:8E:7B:75:BA:97:5F:DB:A4
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       5540FD8B982A0E13F719C4EFF0866FAB52E4DC5A
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3139312e302f32342d3234203d3e203236373339.roa
Signing time:             Fri 12 Jun 2026 13:26:41 +0000
ROA not before:           Fri 12 Jun 2026 13:21:41 +0000
ROA not after:            Fri 11 Jun 2027 13:26:41 +0000
asID:                     26739
IP address blocks:        45.11.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:40:fd:8b:98:2a:0e:13:f7:19:c4:ef:f0:86:6f:ab:52:e4:dc:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Jun 12 13:21:41 2026 GMT
            Not After : Jun 11 13:26:41 2027 GMT
        Subject: CN=B29880E40AD12421815115388E7B75BA975FDBA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1a:ac:a5:40:df:4d:aa:c4:5c:92:32:17:1b:
                    22:1f:03:ad:4e:16:ef:91:29:97:0a:86:7b:77:bf:
                    d4:5b:20:63:3f:68:cc:be:72:58:52:17:60:1b:8c:
                    02:75:40:cb:b6:83:20:0f:0a:13:e3:d4:a7:46:af:
                    ed:b6:47:6a:51:06:8a:d2:3b:52:75:3f:fe:04:7e:
                    00:43:47:28:c2:ff:ba:97:d0:96:ca:27:eb:39:51:
                    5e:02:3f:ef:6a:a1:08:ea:b5:18:ba:90:ae:24:d9:
                    0c:cb:74:0b:13:12:0b:1f:32:ba:dc:ab:be:95:3c:
                    d8:b6:4b:6e:67:03:af:f3:a7:a6:0c:11:34:5a:62:
                    cd:bb:bf:2d:81:ea:e4:61:1d:84:e3:32:a9:17:af:
                    07:c1:b3:a0:6b:94:ed:13:ef:ca:d9:83:ac:12:5c:
                    8f:19:2f:5a:ac:eb:a0:5d:6a:25:7f:c8:67:74:ca:
                    8f:70:88:36:1a:f7:4f:6a:d5:60:cf:ae:87:af:fc:
                    ef:65:c5:5f:b3:60:3e:0c:ac:65:2f:8c:8c:52:b9:
                    07:c8:5b:e9:fc:e3:f6:b4:96:4f:00:89:04:16:ac:
                    b0:3f:2b:64:6d:e6:5c:4a:fa:81:70:a5:56:9e:3e:
                    ff:cf:89:05:6c:70:67:6a:fd:16:e4:c9:a5:8e:00:
                    88:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:98:80:E4:0A:D1:24:21:81:51:15:38:8E:7B:75:BA:97:5F:DB:A4
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/34352e31312e3139312e302f32342d3234203d3e203236373339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:af:5f:fe:3a:22:49:ba:f6:6b:a6:31:dd:4f:14:0f:8d:04:
         f5:25:fd:b9:ba:37:30:ac:25:5c:d4:e6:60:a9:21:38:a8:12:
         a3:92:d1:bf:49:8c:2c:28:48:65:2c:bb:d2:06:22:7c:59:4a:
         53:d3:f5:6b:fa:79:c8:1d:74:e2:55:b1:6d:90:29:fa:f8:41:
         cb:f1:51:09:91:b1:c3:1c:b5:d4:8c:19:72:18:8b:28:a6:54:
         0e:52:6a:10:91:c8:25:1d:96:6b:96:4d:67:6c:11:2a:9f:d4:
         f0:5b:3b:5a:b5:62:b1:47:77:35:e0:6c:d4:bb:7b:37:4a:9f:
         d7:84:4d:d4:d4:12:3c:4f:83:a5:a1:e4:5e:aa:47:5d:fc:b9:
         b1:22:d7:7c:99:b6:8e:33:9f:89:32:88:2d:34:fc:f9:66:ff:
         73:d2:de:b1:df:22:be:34:4e:0b:3c:6f:5d:6d:0d:bd:b4:52:
         ea:47:7f:cf:3f:cb:30:9b:69:9c:de:9c:49:af:fe:c5:9e:a6:
         27:0a:03:4b:73:62:c5:ad:02:f9:32:cf:a9:e0:5a:1d:50:e3:
         f3:27:87:e7:df:1e:35:0e:93:eb:e1:cc:5f:aa:2c:1b:3a:5b:
         8a:3a:08:09:39:b1:35:8d:00:17:43:f1:66:d2:aa:96:88:62:
         82:da:45:df
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVUD9i5gqDhP3GcTv8IZvq1Lk3FowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjA2MTIxMzIxNDFaFw0yNzA2MTExMzI2NDFaMDMxMTAvBgNV
BAMTKEIyOTg4MEU0MEFEMTI0MjE4MTUxMTUzODhFN0I3NUJBOTc1RkRCQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1GqylQN9NqsRckjIXGyIfA61O
Fu+RKZcKhnt3v9RbIGM/aMy+clhSF2AbjAJ1QMu2gyAPChPj1KdGr+22R2pRBorS
O1J1P/4EfgBDRyjC/7qX0JbKJ+s5UV4CP+9qoQjqtRi6kK4k2QzLdAsTEgsfMrrc
q76VPNi2S25nA6/zp6YMETRaYs27vy2B6uRhHYTjMqkXrwfBs6BrlO0T78rZg6wS
XI8ZL1qs66BdaiV/yGd0yo9wiDYa909q1WDProev/O9lxV+zYD4MrGUvjIxSuQfI
W+n84/a0lk8AiQQWrLA/K2Rt5lxK+oFwpVaePv/PiQVscGdq/RbkyaWOAIhjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUspiA5ArRJCGBURU4jnt1updf26QwHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzQzNTJlMzEzMTJlMzEzOTMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjM3MzMzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0L
vzANBgkqhkiG9w0BAQsFAAOCAQEAvq9f/joiSbr2a6Yx3U8UD40E9SX9ubo3MKwl
XNTmYKkhOKgSo5LRv0mMLChIZSy70gYifFlKU9P1a/p5yB104lWxbZAp+vhBy/FR
CZGxwxy11IwZchiLKKZUDlJqEJHIJR2Wa5ZNZ2wRKp/U8Fs7WrVisUd3NeBs1Lt7
N0qf14RN1NQSPE+DpaHkXqpHXfy5sSLXfJm2jjOfiTKILTT8+Wb/c9Lesd8ivjRO
CzxvXW0NvbRS6kd/zz/LMJtpnN6cSa/+xZ6mJwoDS3Nixa0C+TLPqeBaHVDj8yeH
598eNQ6T6+HMX6osGzpbijoICTmxNY0AF0PxZtKqlohigtpF3w==
-----END CERTIFICATE-----