Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e2035303635.roa
File:                     34352e382e3133352e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          UsWXwl+5By8WCFUxwKdsSgtsJheLq/xNqa9GvZYC4C4=
Subject key identifier:   BA:32:A7:8F:E8:4D:B9:0F:DD:A4:F7:52:54:5F:8D:3C:CB:EF:3D:70
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       031459DFC2B0453056E67A344C26374EE8E91445
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e2035303635.roa
Signing time:             Thu 09 Apr 2026 07:23:35 +0000
ROA not before:           Thu 09 Apr 2026 07:18:35 +0000
ROA not after:            Thu 08 Apr 2027 07:23:35 +0000
asID:                     5065
IP address blocks:        45.8.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:14:59:df:c2:b0:45:30:56:e6:7a:34:4c:26:37:4e:e8:e9:14:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr  9 07:18:35 2026 GMT
            Not After : Apr  8 07:23:35 2027 GMT
        Subject: CN=BA32A78FE84DB90FDDA4F752545F8D3CCBEF3D70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:12:a4:ae:c9:73:c8:7f:89:5f:ca:cc:0b:4c:
                    fa:42:af:07:aa:c8:e2:91:c6:c4:8d:bb:8e:0c:83:
                    c6:8c:52:5a:65:d2:0f:30:8c:4b:8f:6c:7d:8a:13:
                    9e:45:5f:91:ce:ae:79:f7:89:a6:6a:8d:6c:66:fa:
                    5e:74:91:ca:b8:a4:9a:55:49:90:a0:2f:70:09:e1:
                    2d:a3:74:1a:32:ae:95:a9:4e:b7:62:eb:8d:85:0f:
                    6a:62:b9:b3:08:61:b3:44:4a:ce:dc:9f:b5:d5:52:
                    aa:49:19:4a:c5:05:d6:87:b4:9d:f9:dc:57:6c:5d:
                    41:67:ed:23:fa:21:18:ef:33:e6:3b:a5:27:2d:d2:
                    dc:3f:62:b5:79:3a:82:2c:f0:c8:43:b2:b2:81:39:
                    42:ca:c2:db:26:90:1c:84:52:03:c8:d5:db:aa:41:
                    38:fa:1a:97:88:d9:42:b0:ce:a6:ab:a7:67:54:d1:
                    77:1b:1d:b4:79:2e:0c:2c:7d:d8:94:e2:c5:a4:90:
                    c6:f6:a8:5b:13:b9:bf:b6:ac:1e:21:19:1c:34:57:
                    e9:eb:60:4c:13:84:4d:be:14:04:33:03:e5:81:3c:
                    8f:d5:6f:0f:43:80:b1:35:e2:64:17:39:1d:05:a1:
                    21:50:b8:69:41:c7:de:4c:fb:a7:0c:24:b1:d2:d6:
                    72:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:32:A7:8F:E8:4D:B9:0F:DD:A4:F7:52:54:5F:8D:3C:CB:EF:3D:70
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/34352e382e3133352e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:d7:06:fd:95:f4:bd:cd:44:a8:ba:91:5c:f2:ae:71:9c:53:
         01:a1:15:ed:b0:b1:29:16:ff:88:2c:28:ff:19:ac:7f:d0:52:
         e1:87:4e:e4:4b:3e:b4:75:bd:bd:c1:10:93:8f:b3:eb:b6:47:
         89:d3:57:d5:67:fe:f4:87:d9:d0:83:3f:cb:0b:39:be:85:a8:
         a9:47:49:e1:db:19:ca:85:c2:cd:9c:69:70:c1:5d:bf:dd:99:
         a4:ba:e8:d4:0e:2b:10:d8:5c:f3:cf:06:97:ac:7f:54:a3:83:
         48:71:87:8c:d4:77:14:ed:e2:70:07:08:12:05:3d:99:77:95:
         23:57:2d:8c:90:f9:66:ff:7c:22:e0:b0:7c:d1:4e:4a:37:8a:
         bd:46:73:3d:e9:af:b8:48:d0:5a:a0:b9:ca:1d:4a:88:50:f1:
         d8:ec:ed:82:88:c1:9b:ac:50:14:e0:0e:2c:9d:8a:79:6d:ec:
         80:68:8f:9f:6d:ea:94:cf:ae:6e:81:75:d8:6d:ac:5b:93:32:
         0d:49:5e:62:e6:e5:98:04:c3:4b:29:57:aa:ee:52:0a:36:4f:
         0e:c3:01:b6:44:6d:d3:16:cd:47:3d:81:09:74:b4:e2:e3:ed:
         a5:10:3a:e5:84:70:29:99:c7:fd:3f:98:a0:66:a7:63:7c:99:
         31:6f:3e:21
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUAxRZ38KwRTBW5no0TCY3TujpFEUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA0MDkwNzE4MzVaFw0yNzA0MDgwNzIzMzVaMDMxMTAvBgNV
BAMTKEJBMzJBNzhGRTg0REI5MEZEREE0Rjc1MjU0NUY4RDNDQ0JFRjNENzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVEqSuyXPIf4lfyswLTPpCrweq
yOKRxsSNu44Mg8aMUlpl0g8wjEuPbH2KE55FX5HOrnn3iaZqjWxm+l50kcq4pJpV
SZCgL3AJ4S2jdBoyrpWpTrdi642FD2piubMIYbNESs7cn7XVUqpJGUrFBdaHtJ35
3FdsXUFn7SP6IRjvM+Y7pSct0tw/YrV5OoIs8MhDsrKBOULKwtsmkByEUgPI1duq
QTj6GpeI2UKwzqarp2dU0XcbHbR5LgwsfdiU4sWkkMb2qFsTub+2rB4hGRw0V+nr
YEwThE2+FAQzA+WBPI/Vbw9DgLE14mQXOR0FoSFQuGlBx95M+6cMJLHS1nI1AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUujKnj+hNuQ/dpPdSVF+NPMvvPXAwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzQzNTJlMzgyZTMxMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzAzNjM1LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQiHMA0G
CSqGSIb3DQEBCwUAA4IBAQB21wb9lfS9zUSoupFc8q5xnFMBoRXtsLEpFv+ILCj/
Gax/0FLhh07kSz60db29wRCTj7PrtkeJ01fVZ/70h9nQgz/LCzm+haipR0nh2xnK
hcLNnGlwwV2/3ZmkuujUDisQ2FzzzwaXrH9Uo4NIcYeM1HcU7eJwBwgSBT2Zd5Uj
Vy2MkPlm/3wi4LB80U5KN4q9RnM96a+4SNBaoLnKHUqIUPHY7O2CiMGbrFAU4A4s
nYp5beyAaI+fbeqUz65ugXXYbaxbkzINSV5i5uWYBMNLKVeq7lIKNk8OwwG2RG3T
Fs1HPYEJdLTi4+2lEDrlhHApmcf9P5igZqdjfJkxbz4h
-----END CERTIFICATE-----