Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/34352e3134312e32302e302f32332d3234203d3e20383334.roa
File:                     34352e3134312e32302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          iFz9vHyrdXkS1G2J8BCywl16ce9jxh6CH6NvR9VX9Mg=
Subject key identifier:   B8:8E:DB:0F:D7:89:6E:F7:BD:BC:05:3D:8B:58:9B:24:12:E1:2A:D3
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       1715A62CFD84A4D02F57CC9A41C36107FAD419E3
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/34352e3134312e32302e302f32332d3234203d3e20383334.roa
Signing time:             Wed 01 Apr 2026 12:00:48 +0000
ROA not before:           Wed 01 Apr 2026 11:55:48 +0000
ROA not after:            Wed 31 Mar 2027 12:00:48 +0000
asID:                     834
IP address blocks:        45.141.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:13:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:15:a6:2c:fd:84:a4:d0:2f:57:cc:9a:41:c3:61:07:fa:d4:19:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Apr  1 11:55:48 2026 GMT
            Not After : Mar 31 12:00:48 2027 GMT
        Subject: CN=B88EDB0FD7896EF7BDBC053D8B589B2412E12AD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:23:2d:6c:e7:00:c8:c7:f0:65:b2:fe:bb:3d:
                    93:b3:ac:9e:56:b8:20:6e:1f:32:31:1a:90:b9:31:
                    10:a6:4c:3d:2e:92:79:32:bf:a6:01:cd:fa:6b:a1:
                    85:bd:cd:5c:c8:5d:76:97:15:9b:72:1a:1e:22:5f:
                    f3:b8:be:69:fa:b3:b9:f0:0e:ef:41:67:8b:39:89:
                    c3:b8:30:ac:b9:d4:51:e0:81:50:a5:c9:7e:8d:9f:
                    11:50:0b:e7:8c:36:f8:be:01:2d:7f:13:58:dc:9b:
                    41:31:9f:9f:41:96:05:9a:64:e9:57:e4:c3:51:5b:
                    64:a1:da:03:78:5d:35:65:bb:c8:38:da:aa:6c:3c:
                    84:c3:2b:10:a8:0e:12:bc:7e:f1:87:a3:5d:d6:56:
                    ab:9e:c2:4a:3c:be:f1:21:10:71:57:63:e2:50:e1:
                    2f:ec:da:03:56:14:50:05:53:4e:32:e3:ea:96:81:
                    2a:0b:5c:68:78:3e:95:06:80:42:9e:0e:9d:d8:db:
                    3d:ef:15:b3:33:67:d8:99:87:47:cd:54:4f:51:2c:
                    80:fd:d8:eb:cc:64:af:07:95:2b:2e:92:93:46:68:
                    bc:10:3f:96:74:96:65:54:1b:07:29:57:d0:f7:f1:
                    30:b9:e7:b0:d8:62:2c:0b:9b:66:e2:9c:b3:8c:9e:
                    fb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8E:DB:0F:D7:89:6E:F7:BD:BC:05:3D:8B:58:9B:24:12:E1:2A:D3
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/34352e3134312e32302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:26:3a:7a:eb:76:1a:db:5a:01:3b:cc:a7:62:19:35:e6:4d:
         6b:98:e8:7c:2a:a5:48:93:72:ac:f8:66:76:5c:1a:2f:13:cf:
         8a:c6:60:b4:57:39:8a:aa:6a:3e:d0:8e:72:08:09:37:0f:cb:
         6e:3f:92:b8:cc:c5:ee:d7:b4:15:83:6f:50:42:5f:cf:5c:37:
         6f:8f:76:c1:67:8b:4b:aa:73:61:33:da:6d:2d:10:d9:f8:21:
         31:89:bc:10:6e:f0:ff:62:12:27:5f:f7:1e:cf:3d:4c:c8:08:
         7f:92:8a:2c:71:3d:92:ee:90:42:83:f3:d0:d0:fa:5c:72:4c:
         e4:13:e4:17:5b:d0:4f:09:97:18:54:9b:ea:d1:1b:3f:4c:39:
         53:66:35:a3:83:3e:1d:22:4f:b0:99:50:a8:e8:90:b1:4a:59:
         01:85:97:47:a6:f2:4a:72:db:bc:88:cc:af:aa:67:fe:b9:81:
         65:bb:23:0e:45:89:f7:9a:74:ad:fd:02:85:d8:1f:98:08:b2:
         c9:b2:82:98:9b:22:3a:e7:67:62:53:1a:47:dd:cc:cc:9d:42:
         c7:39:39:58:8e:17:b0:63:43:d1:6e:22:aa:d5:cf:c3:f4:6e:
         fa:e5:65:2e:8b:41:57:b7:13:df:73:6f:b1:b7:4e:30:59:1d:
         1c:2b:e5:df
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUFxWmLP2EpNAvV8yaQcNhB/rUGeMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNjA0MDExMTU1NDhaFw0yNzAzMzExMjAwNDhaMDMxMTAvBgNV
BAMTKEI4OEVEQjBGRDc4OTZFRjdCREJDMDUzRDhCNTg5QjI0MTJFMTJBRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhIy1s5wDIx/Blsv67PZOzrJ5W
uCBuHzIxGpC5MRCmTD0uknkyv6YBzfproYW9zVzIXXaXFZtyGh4iX/O4vmn6s7nw
Du9BZ4s5icO4MKy51FHggVClyX6NnxFQC+eMNvi+AS1/E1jcm0Exn59BlgWaZOlX
5MNRW2Sh2gN4XTVlu8g42qpsPITDKxCoDhK8fvGHo13WVquewko8vvEhEHFXY+JQ
4S/s2gNWFFAFU04y4+qWgSoLXGh4PpUGgEKeDp3Y2z3vFbMzZ9iZh0fNVE9RLID9
2OvMZK8HlSsukpNGaLwQP5Z0lmVUGwcpV9D38TC557DYYiwLm2binLOMnvtVAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUuI7bD9eJbve9vAU9i1ibJBLhKtMwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zNDM1MmUzMTM0MzEy
ZTMyMzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEt
jRQwDQYJKoZIhvcNAQELBQADggEBAIImOnrrdhrbWgE7zKdiGTXmTWuY6HwqpUiT
cqz4ZnZcGi8Tz4rGYLRXOYqqaj7QjnIICTcPy24/krjMxe7XtBWDb1BCX89cN2+P
dsFni0uqc2Ez2m0tENn4ITGJvBBu8P9iEidf9x7PPUzICH+SiixxPZLukEKD89DQ
+lxyTOQT5Bdb0E8JlxhUm+rRGz9MOVNmNaODPh0iT7CZUKjokLFKWQGFl0em8kpy
27yIzK+qZ/65gWW7Iw5FifeadK39AoXYH5gIssmygpibIjrnZ2JTGkfdzMydQsc5
OViOF7BjQ9FuIqrVz8P0bvrlZS6LQVe3E99zb7G3TjBZHRwr5d8=
-----END CERTIFICATE-----