Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20323134303235.roa
File:                     34352e382e3133342e302f32342d3234203d3e20323134303235.roa (raw, json)
Hash identifier:          BW+R+MvptyyQnNirK6i4ua20RBjuiSLktoXonA47UHQ=
Subject key identifier:   D5:2A:F2:6C:BC:D4:12:CC:B2:8A:05:D6:80:E5:FE:5E:AE:52:92:B9
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       2BA715E9FDBF1E27D7BF83E0CC242F59C0D13101
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20323134303235.roa
Signing time:             Fri 23 Jan 2026 12:40:58 +0000
ROA not before:           Fri 23 Jan 2026 12:35:58 +0000
ROA not after:            Fri 22 Jan 2027 12:40:58 +0000
asID:                     214025
IP address blocks:        45.8.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:a7:15:e9:fd:bf:1e:27:d7:bf:83:e0:cc:24:2f:59:c0:d1:31:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Jan 23 12:35:58 2026 GMT
            Not After : Jan 22 12:40:58 2027 GMT
        Subject: CN=D52AF26CBCD412CCB28A05D680E5FE5EAE5292B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:9d:e7:18:3b:19:ba:95:b7:86:42:71:8c:bf:
                    99:db:d8:49:e5:a9:69:0d:82:5f:77:1e:76:74:48:
                    ae:4c:aa:b3:7a:b9:ef:0e:bf:1a:85:28:e1:d0:29:
                    85:4c:9a:33:23:4a:9b:c9:4d:d6:14:9d:7c:99:3d:
                    0a:e9:52:2d:b4:69:3c:64:f4:7d:84:e8:bd:34:e4:
                    e8:06:9b:b4:29:b1:23:f9:eb:82:54:d6:82:7e:bc:
                    02:17:70:7d:1f:fa:2e:54:4a:d1:b3:86:c2:d4:69:
                    c2:36:4d:8d:b1:5c:cf:32:c2:06:84:3c:ad:4a:2d:
                    4a:30:29:06:92:4f:80:0b:c8:c7:be:29:0b:3e:9c:
                    a2:fe:31:8f:2a:a6:e1:1d:12:10:e6:f2:e9:13:b7:
                    cb:a4:19:73:6f:e6:32:62:22:af:68:09:8f:0a:a4:
                    fc:6e:92:00:73:3b:30:e9:6c:c8:e2:5a:83:b7:99:
                    70:e7:ab:d6:4c:82:ac:eb:86:2d:8a:80:ec:3f:ec:
                    04:7c:6a:24:60:8b:a8:d2:12:a4:8a:81:43:e0:ac:
                    92:e1:c5:54:ff:ec:4f:fe:6a:2a:c7:d5:54:72:4d:
                    95:14:7d:82:cf:ea:e3:08:20:6e:02:4d:b9:83:a5:
                    1e:4d:52:e4:07:7f:df:36:05:b2:06:33:8e:9b:6a:
                    24:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2A:F2:6C:BC:D4:12:CC:B2:8A:05:D6:80:E5:FE:5E:AE:52:92:B9
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133342e302f32342d3234203d3e20323134303235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:0b:cb:41:88:c6:c5:5d:92:79:ed:e7:f6:21:0a:fb:63:54:
         d6:bc:2b:98:8e:7b:cf:b8:02:f3:a6:bd:0d:40:d9:76:91:e9:
         a6:bf:b6:31:dd:e0:5e:eb:30:70:dd:65:e8:c7:a3:26:d1:37:
         e2:a6:5e:c6:7e:85:86:e6:a5:0a:ac:b6:85:ef:72:1d:87:4e:
         8f:4b:da:4f:b4:d3:0c:53:12:32:59:7b:5e:2d:59:77:03:6c:
         97:7e:7c:bd:e2:b3:0d:df:f0:45:fb:8c:db:2a:ba:02:97:aa:
         1f:9c:96:c5:d4:0f:9d:32:16:8e:8c:0d:60:b3:b4:6b:1b:59:
         3f:a8:9f:e6:78:81:50:99:84:a2:e8:45:c7:20:4b:f3:5c:eb:
         95:6f:15:bd:c9:d9:7d:42:63:99:5d:28:63:b6:58:c9:38:20:
         71:c7:f4:92:2a:bf:11:d0:d0:3b:bd:53:6c:bb:e5:9e:e5:d5:
         20:26:51:fd:17:14:ef:02:16:59:77:37:9e:7f:26:5e:62:0d:
         cd:2c:7a:77:19:5d:66:a2:f4:15:39:8b:24:68:a4:3f:5b:d3:
         7f:7a:3c:23:72:fd:1f:58:68:40:cc:19:6e:0a:4a:38:a8:8e:
         0b:09:ec:46:d4:14:de:a3:3d:a2:07:e1:34:55:cd:a8:8f:b2:
         27:1c:b0:3e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK6cV6f2/HifXv4PgzCQvWcDRMQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAxMjMxMjM1NThaFw0yNzAxMjIxMjQwNThaMDMxMTAvBgNV
BAMTKEQ1MkFGMjZDQkNENDEyQ0NCMjhBMDVENjgwRTVGRTVFQUU1MjkyQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsnecYOxm6lbeGQnGMv5nb2Enl
qWkNgl93HnZ0SK5MqrN6ue8OvxqFKOHQKYVMmjMjSpvJTdYUnXyZPQrpUi20aTxk
9H2E6L005OgGm7QpsSP564JU1oJ+vAIXcH0f+i5UStGzhsLUacI2TY2xXM8ywgaE
PK1KLUowKQaST4ALyMe+KQs+nKL+MY8qpuEdEhDm8ukTt8ukGXNv5jJiIq9oCY8K
pPxukgBzOzDpbMjiWoO3mXDnq9ZMgqzrhi2KgOw/7AR8aiRgi6jSEqSKgUPgrJLh
xVT/7E/+airH1VRyTZUUfYLP6uMIIG4CTbmDpR5NUuQHf982BbIGM46baiS7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU1SrybLzUEsyyigXWgOX+Xq5SkrkwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDMwMzIzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC0I
hjANBgkqhkiG9w0BAQsFAAOCAQEAiQvLQYjGxV2See3n9iEK+2NU1rwrmI57z7gC
86a9DUDZdpHppr+2Md3gXuswcN1l6MejJtE34qZexn6FhualCqy2he9yHYdOj0va
T7TTDFMSMll7Xi1ZdwNsl358veKzDd/wRfuM2yq6ApeqH5yWxdQPnTIWjowNYLO0
axtZP6if5niBUJmEouhFxyBL81zrlW8VvcnZfUJjmV0oY7ZYyTggccf0kiq/EdDQ
O71TbLvlnuXVICZR/RcU7wIWWXc3nn8mXmINzSx6dxldZqL0FTmLJGikP1vTf3o8
I3L9H1hoQMwZbgpKOKiOCwnsRtQU3qM9ogfhNFXNqI+yJxywPg==
-----END CERTIFICATE-----