Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/39312e3233332e382e302f32342d3234203d3e20323135313532.roa
File:                     39312e3233332e382e302f32342d3234203d3e20323135313532.roa (raw, json)
Hash identifier:          QjQW+ZHXaZZs5QWfyh6YzF1NV5fXTeQF/UMJGjS1emY=
Subject key identifier:   23:19:38:BA:ED:D8:01:A7:FB:0E:FA:30:F4:24:77:33:E1:7B:70:DF
Certificate issuer:       /CN=199cdd14c27fbf6b005a0ada004d53cbcb9667ff
Certificate serial:       78AE5631FF92FEFCCE6AA08AB2B984722D9E2D99
Authority key identifier: 19:9C:DD:14:C2:7F:BF:6B:00:5A:0A:DA:00:4D:53:CB:CB:96:67:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/39312e3233332e382e302f32342d3234203d3e20323135313532.roa
Signing time:             Tue 07 Apr 2026 09:08:20 +0000
ROA not before:           Tue 07 Apr 2026 09:03:20 +0000
ROA not after:            Tue 06 Apr 2027 09:08:20 +0000
asID:                     215152
IP address blocks:        91.233.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 09:49:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ae:56:31:ff:92:fe:fc:ce:6a:a0:8a:b2:b9:84:72:2d:9e:2d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=199cdd14c27fbf6b005a0ada004d53cbcb9667ff
        Validity
            Not Before: Apr  7 09:03:20 2026 GMT
            Not After : Apr  6 09:08:20 2027 GMT
        Subject: CN=231938BAEDD801A7FB0EFA30F4247733E17B70DF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:17:27:ee:3b:3f:10:cd:1f:b2:18:9f:94:d5:
                    1a:29:26:84:b7:2d:9c:b2:94:b1:c6:36:d2:93:87:
                    83:5d:e0:1a:ae:07:15:27:1e:a3:3f:6c:4c:c3:41:
                    49:1e:a8:14:02:81:38:2b:56:e8:9e:70:37:b7:43:
                    89:6d:13:02:df:2e:b0:64:22:cb:49:fd:ab:6f:96:
                    39:e4:83:2a:2e:c8:29:9b:52:61:8f:91:ba:43:01:
                    d1:f4:fc:eb:b7:67:81:d7:a0:a3:f3:25:b7:f9:8d:
                    74:4b:14:fb:2c:0a:a8:91:38:ec:d2:55:6b:7c:09:
                    b0:20:26:90:31:15:ad:5f:7b:35:51:cc:fa:c6:c7:
                    8e:7e:17:c8:80:ae:3b:d1:eb:7a:32:f0:21:40:c1:
                    a5:bf:56:42:33:6b:3f:22:0c:d9:61:fa:a2:87:95:
                    0b:88:c3:68:f9:d1:a3:f3:35:ba:2e:91:ba:5d:bc:
                    20:7a:cc:65:ae:94:bd:d6:6b:58:71:1a:6a:67:bf:
                    c1:20:63:ba:1e:25:e8:51:0a:c8:ba:2b:fc:5a:8a:
                    eb:ad:cc:78:86:1c:85:48:64:52:7e:5b:e5:60:62:
                    a0:91:9c:8c:9c:ad:46:0c:52:30:42:8e:a5:81:8d:
                    ef:4d:1f:3a:9d:a7:fb:ca:01:4f:4b:5a:c0:a6:b5:
                    1c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:19:38:BA:ED:D8:01:A7:FB:0E:FA:30:F4:24:77:33:E1:7B:70:DF
            X509v3 Authority Key Identifier:
                keyid:19:9C:DD:14:C2:7F:BF:6B:00:5A:0A:DA:00:4D:53:CB:CB:96:67:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/39312e3233332e382e302f32342d3234203d3e20323135313532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:19:39:42:b5:85:09:c4:3a:d8:b8:2b:b1:a6:d6:05:da:d4:
         43:56:a2:51:a7:8b:1e:c4:d6:fe:c0:6a:e6:57:00:0f:8d:cc:
         b6:68:d4:e3:88:4d:be:4b:d6:52:02:f2:a5:d3:5f:23:8d:09:
         1a:40:87:3b:91:0c:1b:ef:34:a4:9b:11:27:23:12:ea:66:e9:
         12:da:fc:87:f7:69:9b:ac:bb:e9:a1:3a:69:9e:bd:72:e7:56:
         75:60:e8:23:d5:a8:c5:3c:e4:a0:89:88:d0:c4:be:5b:47:28:
         75:23:f5:3d:50:7c:2d:8d:48:b6:cf:31:b6:f3:c7:92:f5:a5:
         2d:13:a7:77:9a:b0:38:a1:47:20:ea:90:1d:a0:bf:25:16:72:
         c5:38:08:93:8a:51:7b:65:f0:8d:5c:d7:77:25:80:55:cb:0d:
         d8:85:fe:e2:9b:14:6a:bb:0b:c1:5c:19:67:d6:68:65:13:d1:
         d3:6f:6a:ce:0b:c7:ee:b3:69:d8:85:02:6a:8c:c5:b8:3a:46:
         5d:29:65:a2:ca:4d:10:0b:d1:d7:d2:56:e8:08:3b:89:31:1d:
         5f:16:51:e3:6f:fe:34:a3:74:45:05:a8:c7:f9:9a:bb:96:bf:
         22:85:a2:ce:26:ff:c5:82:65:f1:45:f6:41:0c:bb:60:20:79:
         71:d6:29:31
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeK5WMf+S/vzOaqCKsrmEci2eLZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTk5Y2RkMTRjMjdmYmY2YjAwNWEwYWRhMDA0ZDUzY2Jj
Yjk2NjdmZjAeFw0yNjA0MDcwOTAzMjBaFw0yNzA0MDYwOTA4MjBaMDMxMTAvBgNV
BAMTKDIzMTkzOEJBRUREODAxQTdGQjBFRkEzMEY0MjQ3NzMzRTE3QjcwREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3FyfuOz8QzR+yGJ+U1RopJoS3
LZyylLHGNtKTh4Nd4BquBxUnHqM/bEzDQUkeqBQCgTgrVuiecDe3Q4ltEwLfLrBk
IstJ/atvljnkgyouyCmbUmGPkbpDAdH0/Ou3Z4HXoKPzJbf5jXRLFPssCqiROOzS
VWt8CbAgJpAxFa1fezVRzPrGx45+F8iArjvR63oy8CFAwaW/VkIzaz8iDNlh+qKH
lQuIw2j50aPzNboukbpdvCB6zGWulL3Wa1hxGmpnv8EgY7oeJehRCsi6K/xaiuut
zHiGHIVIZFJ+W+VgYqCRnIycrUYMUjBCjqWBje9NHzqdp/vKAU9LWsCmtRwFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUIxk4uu3YAaf7Dvow9CR3M+F7cN8wHwYDVR0j
BBgwFoAUGZzdFMJ/v2sAWgraAE1Ty8uWZ/8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzIwMjNjNTMtMTg0Yi00ODRiLWI2NzYtNTk4ZjY0ZDg4
ZjIyLzAvMTk5Q0REMTRDMjdGQkY2QjAwNUEwQURBMDA0RDUzQ0JDQjk2NjdGRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0daemRGTUpfdjJzQVdncmFBRTFUeTh1
V1pfOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzIwMjNjNTMt
MTg0Yi00ODRiLWI2NzYtNTk4ZjY0ZDg4ZjIyLzAvMzkzMTJlMzIzMzMzMmUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTMxMzUzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvp
CDANBgkqhkiG9w0BAQsFAAOCAQEAgRk5QrWFCcQ62LgrsabWBdrUQ1aiUaeLHsTW
/sBq5lcAD43MtmjU44hNvkvWUgLypdNfI40JGkCHO5EMG+80pJsRJyMS6mbpEtr8
h/dpm6y76aE6aZ69cudWdWDoI9WoxTzkoImI0MS+W0codSP1PVB8LY1Its8xtvPH
kvWlLROnd5qwOKFHIOqQHaC/JRZyxTgIk4pRe2XwjVzXdyWAVcsN2IX+4psUarsL
wVwZZ9ZoZRPR029qzgvH7rNp2IUCaozFuDpGXSllospNEAvR19JW6Ag7iTEdXxZR
42/+NKN0RQWox/mau5a/IoWizib/xYJl8UX2QQy7YCB5cdYpMQ==
-----END CERTIFICATE-----