Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203432383331.roa
File:                     34352e3135302e342e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          JDtWvcwkcFwfS8VCb1zy7YF8Zp2kwnagm9OMk367GN0=
Subject key identifier:   B6:A3:40:E2:78:3C:AE:4C:83:54:D5:3E:83:A8:65:EB:CF:3E:C8:81
Certificate issuer:       /CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
Certificate serial:       3CB9A5FC5A0EBFAAC670BA418737E2358BC16274
Authority key identifier: 64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203432383331.roa
Signing time:             Tue 10 Feb 2026 01:55:38 +0000
ROA not before:           Tue 10 Feb 2026 01:50:38 +0000
ROA not after:            Tue 09 Feb 2027 01:55:38 +0000
asID:                     42831
IP address blocks:        45.150.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:30:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b9:a5:fc:5a:0e:bf:aa:c6:70:ba:41:87:37:e2:35:8b:c1:62:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64af15419bd5fe6c8f97e224a86a4917a2e6fefe
        Validity
            Not Before: Feb 10 01:50:38 2026 GMT
            Not After : Feb  9 01:55:38 2027 GMT
        Subject: CN=B6A340E2783CAE4C8354D53E83A865EBCF3EC881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:bc:08:0b:cd:5c:50:1c:a2:fb:11:b5:a8:
                    0d:69:fd:6a:ca:6d:14:57:59:eb:5d:42:35:51:b4:
                    27:4e:3d:87:c2:cc:66:15:db:97:31:c7:34:fb:22:
                    98:d0:22:21:6d:9a:83:ea:d2:0e:d3:74:e8:35:20:
                    0a:7e:e8:21:c5:7d:0a:b2:2d:dd:b5:39:3d:11:c2:
                    a9:91:1b:4e:c1:78:0d:6e:53:86:f0:fc:4e:f6:c8:
                    6c:fa:e9:20:62:6e:c7:63:44:15:9e:4e:e1:c0:d1:
                    a4:df:b7:d8:7f:e4:68:e4:8e:55:1f:5a:65:ab:86:
                    42:90:bb:6d:54:84:e9:6f:a0:70:8d:88:9f:04:0f:
                    f9:34:92:78:df:76:bc:e0:a7:78:6c:ae:f7:b7:59:
                    8e:83:6c:dd:a1:16:e0:97:82:c4:8b:fa:43:c3:e3:
                    3d:98:d2:da:fb:9d:20:38:61:52:ca:62:c2:ab:db:
                    4b:07:61:b0:69:93:6e:88:f7:99:35:ae:9e:37:fd:
                    ef:d1:11:92:e2:69:78:a5:c3:f3:db:0f:b0:0b:ec:
                    1d:da:0e:01:0a:0e:95:a0:f4:7b:99:df:cc:66:e7:
                    dc:d4:36:5b:34:74:fb:df:e3:0e:96:75:e3:2e:9b:
                    3c:df:b1:ca:a1:4f:b4:1f:46:8f:2a:8f:ce:43:d9:
                    1d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A3:40:E2:78:3C:AE:4C:83:54:D5:3E:83:A8:65:EB:CF:3E:C8:81
            X509v3 Authority Key Identifier:
                keyid:64:AF:15:41:9B:D5:FE:6C:8F:97:E2:24:A8:6A:49:17:A2:E6:FE:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/64AF15419BD5FE6C8F97E224A86A4917A2E6FEFE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZK8VQZvV_myPl-IkqGpJF6Lm_v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fc9aa95f-7b38-426a-9966-5441939fe031/0/34352e3135302e342e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:17:85:f7:57:db:53:fc:26:74:51:9b:fc:b0:ec:49:f2:ef:
         3b:d9:d4:82:85:d9:02:f2:0d:94:9e:60:7a:a1:29:b9:b1:7e:
         83:2f:fc:bb:c9:b1:2a:1a:7a:2d:27:44:4f:44:43:4e:08:bf:
         50:5d:89:91:dc:c4:83:e8:c7:6f:05:c9:6f:0f:b3:b8:bb:aa:
         fd:35:39:b7:67:68:37:6f:10:f7:8e:88:8c:29:9c:11:3a:8e:
         4d:5f:17:76:4a:c0:05:6b:76:8b:63:f7:9d:ff:bf:3d:e1:a5:
         bc:70:ae:58:ec:86:ee:6b:42:0b:e4:58:12:bb:72:6e:cf:17:
         49:f7:1a:e3:5d:a2:be:21:df:ba:ed:d7:72:b2:93:f9:80:06:
         dc:74:6a:24:15:e9:d0:dd:18:23:92:9f:84:f2:4c:e6:bf:3c:
         78:99:0c:71:ec:18:d4:6f:41:ff:7f:09:71:be:f3:9e:08:af:
         1a:e4:f1:b2:2f:f4:24:d3:fe:0e:26:32:1b:46:46:f7:51:5d:
         72:6e:3d:e8:22:34:2a:14:5c:e4:f1:24:ce:8d:f9:7d:b8:01:
         b5:cd:0f:6e:e6:4e:1f:40:83:03:8b:9a:eb:41:90:07:b3:4c:
         9d:a0:0e:dd:51:84:ae:aa:da:b1:b0:92:85:c9:ce:e1:76:be:
         ed:71:6b:5c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUPLml/FoOv6rGcLpBhzfiNYvBYnQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjRhZjE1NDE5YmQ1ZmU2YzhmOTdlMjI0YTg2YTQ5MTdh
MmU2ZmVmZTAeFw0yNjAyMTAwMTUwMzhaFw0yNzAyMDkwMTU1MzhaMDMxMTAvBgNV
BAMTKEI2QTM0MEUyNzgzQ0FFNEM4MzU0RDUzRTgzQTg2NUVCQ0YzRUM4ODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAfrwIC81cUByi+xG1qA1p/WrK
bRRXWetdQjVRtCdOPYfCzGYV25cxxzT7IpjQIiFtmoPq0g7TdOg1IAp+6CHFfQqy
Ld21OT0RwqmRG07BeA1uU4bw/E72yGz66SBibsdjRBWeTuHA0aTft9h/5GjkjlUf
WmWrhkKQu21UhOlvoHCNiJ8ED/k0knjfdrzgp3hsrve3WY6DbN2hFuCXgsSL+kPD
4z2Y0tr7nSA4YVLKYsKr20sHYbBpk26I95k1rp43/e/REZLiaXilw/PbD7AL7B3a
DgEKDpWg9HuZ38xm59zUNls0dPvf4w6WdeMumzzfscqhT7QfRo8qj85D2R3zAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtqNA4ng8rkyDVNU+g6hl688+yIEwHwYDVR0j
BBgwFoAUZK8VQZvV/myPl+IkqGpJF6Lm/v4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYtN2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZl
MDMxLzAvNjRBRjE1NDE5QkQ1RkU2QzhGOTdFMjI0QTg2QTQ5MTdBMkU2RkVGRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1pLOFZRWnZWX215UGwtSWtxR3BKRjZM
bV92NC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmM5YWE5NWYt
N2IzOC00MjZhLTk5NjYtNTQ0MTkzOWZlMDMxLzAvMzQzNTJlMzEzNTMwMmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzIzODMzMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtlgQw
DQYJKoZIhvcNAQELBQADggEBAB4XhfdX21P8JnRRm/yw7Eny7zvZ1IKF2QLyDZSe
YHqhKbmxfoMv/LvJsSoaei0nRE9EQ04Iv1BdiZHcxIPox28FyW8Ps7i7qv01Obdn
aDdvEPeOiIwpnBE6jk1fF3ZKwAVrdotj953/vz3hpbxwrljshu5rQgvkWBK7cm7P
F0n3GuNdor4h37rt13Kyk/mABtx0aiQV6dDdGCOSn4TyTOa/PHiZDHHsGNRvQf9/
CXG+854Irxrk8bIv9CTT/g4mMhtGRvdRXXJuPegiNCoUXOTxJM6N+X24AbXND27m
Th9AgwOLmutBkAezTJ2gDt1RhK6q2rGwkoXJzuF2vu1xa1w=
-----END CERTIFICATE-----