Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33342e302f32342d3234203d3e20323031303330.roa
File:                     352e3138322e33342e302f32342d3234203d3e20323031303330.roa (raw, json)
Hash identifier:          L5m35swnWwSnEsTKRx21wFBE5kswQYxLvhrkfJj9+NA=
Subject key identifier:   AC:1C:B6:CD:4D:D0:BC:2C:0B:2C:65:85:D9:EF:BD:B8:F8:D7:05:5B
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       7AF723B7DCB0E24641DBBF87601537C11FA0D0AE
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33342e302f32342d3234203d3e20323031303330.roa
Signing time:             Fri 03 Apr 2026 12:08:59 +0000
ROA not before:           Fri 03 Apr 2026 12:03:59 +0000
ROA not after:            Fri 02 Apr 2027 12:08:59 +0000
asID:                     201030
IP address blocks:        5.182.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:f7:23:b7:dc:b0:e2:46:41:db:bf:87:60:15:37:c1:1f:a0:d0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr  3 12:03:59 2026 GMT
            Not After : Apr  2 12:08:59 2027 GMT
        Subject: CN=AC1CB6CD4DD0BC2C0B2C6585D9EFBDB8F8D7055B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:93:34:c7:81:4e:94:cf:e6:5d:11:e8:01:aa:
                    e4:06:50:8a:5e:e7:f3:06:9a:00:3a:9b:b8:11:e9:
                    58:d6:fa:4d:49:cf:b0:f3:55:f4:80:0e:e6:77:7a:
                    86:af:e7:9e:2d:bc:62:4a:3b:ea:4e:77:7a:52:2a:
                    ef:0f:d5:fd:8d:16:53:37:b0:46:a9:7f:58:0a:72:
                    cc:7a:29:a0:68:43:7a:70:de:a7:4f:4e:47:b9:10:
                    6e:ee:51:b5:4e:9c:3e:24:23:69:f8:fd:36:1f:ba:
                    25:3b:4a:b8:76:3c:ea:11:bb:46:4b:9e:7d:2f:db:
                    cb:f2:ae:fd:5b:3b:ae:b3:c9:35:79:90:c6:cf:4f:
                    c1:71:7c:49:f6:c1:99:63:8c:09:be:6e:0d:b1:aa:
                    56:de:72:54:72:b3:b6:14:f2:b6:a9:a2:a4:07:66:
                    5b:04:7b:9e:32:c7:ae:25:d4:45:04:75:e2:be:1d:
                    67:40:0c:11:eb:03:93:8a:96:e3:c3:17:cc:99:26:
                    be:a8:18:a5:54:c9:f8:f6:17:80:88:2f:0a:9f:9e:
                    97:7a:39:c6:21:f2:c0:98:fa:cd:9b:aa:e3:c2:35:
                    00:a8:2c:cb:f9:78:bf:cb:17:67:5b:be:9f:a7:64:
                    a1:7f:01:6e:f0:31:ca:d0:f2:d9:77:ea:15:2c:cb:
                    3d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:1C:B6:CD:4D:D0:BC:2C:0B:2C:65:85:D9:EF:BD:B8:F8:D7:05:5B
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/352e3138322e33342e302f32342d3234203d3e20323031303330.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:60:30:4e:0a:a8:8c:5f:7e:32:5c:7b:2f:c8:2d:88:50:cb:
         0e:2d:ca:08:01:d3:43:95:df:44:56:21:d1:fc:08:a5:79:a7:
         d0:99:a8:64:f0:96:ba:61:ee:81:8a:a8:82:94:eb:31:3d:df:
         ea:34:96:69:1f:1d:1f:e2:59:03:25:71:71:fc:7b:d1:22:58:
         cb:a7:29:4e:21:c8:56:f4:41:50:e3:89:86:a5:eb:34:89:1e:
         f4:54:31:f6:81:94:5c:c3:bd:72:16:ff:e9:1e:45:eb:63:8e:
         eb:28:5d:6a:e0:a8:40:53:bb:70:17:6c:5b:9f:06:16:a6:ee:
         8e:36:7c:2a:f1:4b:01:56:b6:d6:cf:68:1a:56:71:25:0f:26:
         d8:d5:1a:e1:2f:8d:d9:4b:31:78:f6:c7:37:db:61:b4:95:52:
         64:fc:54:df:65:60:b4:d8:af:ff:64:4f:3d:6a:c9:44:d4:5f:
         8d:d1:5d:e0:bc:41:1a:d9:1e:1e:9a:09:cc:63:8b:3a:23:8a:
         89:a6:3e:8d:9e:7a:d3:db:50:20:24:62:20:81:33:ac:de:50:
         66:29:3f:e9:c2:61:e6:78:da:41:76:28:1d:e5:d3:e9:2e:8e:
         51:bd:93:ba:f7:4d:6d:5c:31:0e:f3:33:42:56:ea:a0:11:fb:
         da:47:9d:52
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUevcjt9yw4kZB27+HYBU3wR+g0K4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA0MDMxMjAzNTlaFw0yNzA0MDIxMjA4NTlaMDMxMTAvBgNV
BAMTKEFDMUNCNkNENEREMEJDMkMwQjJDNjU4NUQ5RUZCREI4RjhENzA1NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOkzTHgU6Uz+ZdEegBquQGUIpe
5/MGmgA6m7gR6VjW+k1Jz7DzVfSADuZ3eoav554tvGJKO+pOd3pSKu8P1f2NFlM3
sEapf1gKcsx6KaBoQ3pw3qdPTke5EG7uUbVOnD4kI2n4/TYfuiU7Srh2POoRu0ZL
nn0v28vyrv1bO66zyTV5kMbPT8FxfEn2wZljjAm+bg2xqlbeclRys7YU8rapoqQH
ZlsEe54yx64l1EUEdeK+HWdADBHrA5OKluPDF8yZJr6oGKVUyfj2F4CILwqfnpd6
OcYh8sCY+s2bquPCNQCoLMv5eL/LF2dbvp+nZKF/AW7wMcrQ8tl36hUsyz39AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrBy2zU3QvCwLLGWF2e+9uPjXBVswHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzUyZTMxMzgzMjJlMzMzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzAzMTMwMzMzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAW2
IjANBgkqhkiG9w0BAQsFAAOCAQEAJ2AwTgqojF9+Mlx7L8gtiFDLDi3KCAHTQ5Xf
RFYh0fwIpXmn0JmoZPCWumHugYqogpTrMT3f6jSWaR8dH+JZAyVxcfx70SJYy6cp
TiHIVvRBUOOJhqXrNIke9FQx9oGUXMO9chb/6R5F62OO6yhdauCoQFO7cBdsW58G
FqbujjZ8KvFLAVa21s9oGlZxJQ8m2NUa4S+N2UsxePbHN9thtJVSZPxU32VgtNiv
/2RPPWrJRNRfjdFd4LxBGtkeHpoJzGOLOiOKiaY+jZ5609tQICRiIIEzrN5QZik/
6cJh5njaQXYoHeXT6S6OUb2TuvdNbVwxDvMzQlbqoBH72kedUg==
-----END CERTIFICATE-----