Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa
File:                     34352e38302e342e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          npswCjhZwGUKkzdggvkjMlGfXXw2LDR0r8SW9RnhBIc=
Subject key identifier:   BA:39:75:EB:83:9E:FD:B4:77:1A:93:A2:F9:30:A9:F0:01:62:02:6D
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       0EAF2B25202059639C10314E04DC7129EC9AA369
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa
Signing time:             Thu 05 Feb 2026 11:55:37 +0000
ROA not before:           Thu 05 Feb 2026 11:50:37 +0000
ROA not after:            Thu 04 Feb 2027 11:55:37 +0000
asID:                     212238
IP address blocks:        45.80.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:30:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:af:2b:25:20:20:59:63:9c:10:31:4e:04:dc:71:29:ec:9a:a3:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  5 11:50:37 2026 GMT
            Not After : Feb  4 11:55:37 2027 GMT
        Subject: CN=BA3975EB839EFDB4771A93A2F930A9F00162026D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7a:88:aa:ab:69:52:41:b3:86:b5:07:cf:40:
                    a4:3a:b3:2a:2a:f0:b3:bb:c0:6c:93:bd:b0:c0:aa:
                    3b:03:28:b7:3b:9d:40:d8:79:f7:88:fc:ed:78:cf:
                    6b:7b:b8:a4:85:87:17:bc:38:56:66:48:b0:bb:fe:
                    e0:2b:6f:7e:6c:83:26:e9:b7:d6:95:13:4f:47:02:
                    96:af:29:ad:87:4c:98:88:9b:c9:8a:f6:d0:72:42:
                    19:42:9f:e8:2d:27:7a:f3:cc:6b:e6:86:d5:7e:92:
                    50:fc:99:ca:8b:57:b3:fd:ff:a5:56:de:4b:29:65:
                    8d:fc:49:d1:75:2d:b7:ac:a4:78:a1:1e:a6:fb:73:
                    05:1c:20:e9:5e:12:d1:b7:80:76:01:4d:3c:ec:69:
                    8a:dd:08:52:03:3f:61:0a:17:42:2a:db:0e:18:af:
                    99:4d:79:05:30:b2:e0:78:dd:a5:6c:57:f7:f7:90:
                    a5:43:5e:10:59:a4:40:04:b2:d2:7c:d8:15:b7:22:
                    1d:79:80:36:f1:6b:92:39:13:12:8f:30:de:21:35:
                    55:f5:42:58:49:47:35:87:fd:cc:08:57:44:b3:55:
                    98:91:b2:b3:b9:98:c7:8e:6e:75:b9:5f:c8:8d:7f:
                    0f:9b:85:6b:61:63:43:c5:7d:01:23:2a:6f:0c:bf:
                    76:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:39:75:EB:83:9E:FD:B4:77:1A:93:A2:F9:30:A9:F0:01:62:02:6D
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/34352e38302e342e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:dd:d1:d6:31:3b:9e:c1:92:9e:df:e4:a3:ce:1b:a4:56:b0:
         7a:a9:d4:25:e5:9f:44:3f:72:9b:a8:80:d5:82:8d:43:b5:5e:
         89:54:9f:74:a7:ab:a4:45:f7:81:f5:cc:5f:34:42:5b:a0:62:
         8a:79:cc:01:72:4f:e9:0d:aa:f0:13:38:e5:96:a9:da:2a:3c:
         76:2a:13:ca:64:3a:1a:28:19:88:83:98:61:b4:01:fc:61:66:
         37:5c:26:a0:a9:a3:93:1e:c9:47:46:83:f2:bc:09:47:b6:2d:
         06:38:69:c3:12:15:0e:a4:2c:26:de:bb:fb:b0:d3:94:6d:39:
         d9:0c:07:48:ca:2a:36:75:7e:04:40:da:11:5f:d6:a3:14:31:
         9d:e2:b2:09:eb:c4:5f:98:21:a8:49:20:0d:e6:5b:c9:2f:76:
         37:49:fd:41:68:40:24:02:53:2b:d4:f6:cf:69:3d:f8:cb:9f:
         ed:13:52:54:04:33:fd:2f:43:90:2a:6d:cd:b5:b0:63:f8:c3:
         c9:6d:d7:78:a1:08:0c:e9:6b:2d:d6:1c:13:22:a7:5e:7c:00:
         aa:ae:e0:4a:bc:be:60:c7:ba:40:3e:82:cb:f4:f5:de:27:15:
         ef:16:14:80:86:eb:81:b5:fb:b9:dd:59:85:01:f1:23:7a:5d:
         27:38:ee:2e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUDq8rJSAgWWOcEDFOBNxxKeyao2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzdaFw0yNzAyMDQxMTU1MzdaMDMxMTAvBgNV
BAMTKEJBMzk3NUVCODM5RUZEQjQ3NzFBOTNBMkY5MzBBOUYwMDE2MjAyNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8eoiqq2lSQbOGtQfPQKQ6syoq
8LO7wGyTvbDAqjsDKLc7nUDYefeI/O14z2t7uKSFhxe8OFZmSLC7/uArb35sgybp
t9aVE09HApavKa2HTJiIm8mK9tByQhlCn+gtJ3rzzGvmhtV+klD8mcqLV7P9/6VW
3kspZY38SdF1LbespHihHqb7cwUcIOleEtG3gHYBTTzsaYrdCFIDP2EKF0Iq2w4Y
r5lNeQUwsuB43aVsV/f3kKVDXhBZpEAEstJ82BW3Ih15gDbxa5I5ExKPMN4hNVX1
QlhJRzWH/cwIV0SzVZiRsrO5mMeObnW5X8iNfw+bhWthY0PFfQEjKm8Mv3YXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUujl164Oe/bR3GpOi+TCp8AFiAm0wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzQzNTJlMzgzMDJlMzQyZTMw
MmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMxMzIzMjMzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtUAQw
DQYJKoZIhvcNAQELBQADggEBALnd0dYxO57Bkp7f5KPOG6RWsHqp1CXln0Q/cpuo
gNWCjUO1XolUn3Snq6RF94H1zF80QlugYop5zAFyT+kNqvATOOWWqdoqPHYqE8pk
OhooGYiDmGG0AfxhZjdcJqCpo5MeyUdGg/K8CUe2LQY4acMSFQ6kLCbeu/uw05Rt
OdkMB0jKKjZ1fgRA2hFf1qMUMZ3isgnrxF+YIahJIA3mW8kvdjdJ/UFoQCQCUyvU
9s9pPfjLn+0TUlQEM/0vQ5Aqbc21sGP4w8lt13ihCAzpay3WHBMip158AKqu4Eq8
vmDHukA+gsv09d4nFe8WFICG64G1+7ndWYUB8SN6XSc47i4=
-----END CERTIFICATE-----