Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/092d16f2-9b46-4a11-ac59-42b3ddee1106/2/326130663a316363363a623232303a3a2f34342d3438203d3e20313439353133.roa
File:                     326130663a316363363a623232303a3a2f34342d3438203d3e20313439353133.roa (raw, json)
Hash identifier:          +hLyO2byVr3CI7RxU47nKmJbK198DWDlst7nIi5HHww=
Subject key identifier:   68:99:E8:6F:B6:CF:9A:87:BB:D1:CE:D9:8E:18:88:EF:62:34:B1:CF
Certificate issuer:       /CN=529BFC6DD306B2C49629AA6CEB313194CAA5D33F
Certificate serial:       7254AB580F01B8D7A2A5B45124B500CF1D229135
Authority key identifier: 52:9B:FC:6D:D3:06:B2:C4:96:29:AA:6C:EB:31:31:94:CA:A5:D3:3F
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/529BFC6DD306B2C49629AA6CEB313194CAA5D33F.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/092d16f2-9b46-4a11-ac59-42b3ddee1106/2/326130663a316363363a623232303a3a2f34342d3438203d3e20313439353133.roa
Signing time:             Fri 26 Jun 2026 11:44:33 +0000
ROA not before:           Fri 26 Jun 2026 11:39:33 +0000
ROA not after:            Fri 25 Jun 2027 11:44:33 +0000
asID:                     149513
IP address blocks:        2a0f:1cc6:b220::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/092d16f2-9b46-4a11-ac59-42b3ddee1106/2/529BFC6DD306B2C49629AA6CEB313194CAA5D33F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/092d16f2-9b46-4a11-ac59-42b3ddee1106/2/529BFC6DD306B2C49629AA6CEB313194CAA5D33F.mft
                          rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/529BFC6DD306B2C49629AA6CEB313194CAA5D33F.cer
                          rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/1BE240021A287F298973D9EA28DFC80735FD5800.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G-JAAhoofymJc9nqKN_IBzX9WAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Jul 2026 05:10:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:54:ab:58:0f:01:b8:d7:a2:a5:b4:51:24:b5:00:cf:1d:22:91:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=529BFC6DD306B2C49629AA6CEB313194CAA5D33F
        Validity
            Not Before: Jun 26 11:39:33 2026 GMT
            Not After : Jun 25 11:44:33 2027 GMT
        Subject: CN=6899E86FB6CF9A87BBD1CED98E1888EF6234B1CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:58:d4:ea:3d:96:77:b1:03:51:2c:67:2d:8d:
                    ec:f6:ab:e1:63:fa:36:ac:55:0d:b0:15:02:fc:70:
                    19:9d:31:6c:77:8e:5e:24:38:4c:0f:ea:33:19:fb:
                    c9:74:1d:4f:44:52:2d:0d:11:c6:1c:e3:bf:6b:27:
                    a3:ff:7e:4e:6e:fd:6b:a6:f3:b0:4b:97:fb:54:fe:
                    50:85:a1:19:d1:59:25:ba:17:62:fa:14:af:4c:7a:
                    bd:6b:2e:cb:91:87:85:f9:36:65:3c:5b:a7:1d:8f:
                    e2:26:31:64:3a:5a:32:e0:5a:96:e9:ca:cb:2e:b4:
                    cd:18:e8:aa:5b:a3:e9:a2:a5:76:ba:7e:eb:ac:e6:
                    c2:96:c3:07:d5:a3:8a:d0:a0:41:19:e5:91:7a:68:
                    6b:79:41:ac:48:ee:76:95:16:92:d9:66:3f:17:d7:
                    d6:c4:da:d5:53:b7:46:18:ac:fb:a7:26:3a:32:a3:
                    82:c9:5b:11:38:fc:3a:22:2f:8c:e1:a6:a6:0b:d1:
                    87:41:97:4e:77:f1:96:49:ba:0c:65:94:62:13:06:
                    be:6c:5d:59:9e:8f:6c:a0:b8:12:e8:3f:aa:3d:6c:
                    d6:11:e8:13:c9:87:78:b5:15:bc:04:0a:62:d7:6c:
                    31:43:56:d5:1c:46:90:de:47:82:59:5d:c5:71:55:
                    92:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:99:E8:6F:B6:CF:9A:87:BB:D1:CE:D9:8E:18:88:EF:62:34:B1:CF
            X509v3 Authority Key Identifier:
                keyid:52:9B:FC:6D:D3:06:B2:C4:96:29:AA:6C:EB:31:31:94:CA:A5:D3:3F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/092d16f2-9b46-4a11-ac59-42b3ddee1106/2/529BFC6DD306B2C49629AA6CEB313194CAA5D33F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/8afb5fe2-3c2a-4939-95e9-0077b80b4f0e/0/529BFC6DD306B2C49629AA6CEB313194CAA5D33F.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/092d16f2-9b46-4a11-ac59-42b3ddee1106/2/326130663a316363363a623232303a3a2f34342d3438203d3e20313439353133.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1cc6:b220::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:e4:4f:ce:b3:79:d2:a0:ce:f7:d4:a8:7a:7d:96:20:a7:2f:
         90:1a:0a:6d:32:b0:b3:40:b8:82:37:4d:1a:a5:de:6c:90:07:
         63:cf:e2:3d:52:2b:f7:c1:50:5c:6a:b3:39:9b:f9:ca:0b:c4:
         19:93:0a:af:b7:c0:2d:a3:58:2f:a7:a9:e1:b3:76:50:36:8b:
         23:42:2e:54:0f:6d:01:e0:71:ad:b3:4b:3b:77:1a:c6:10:71:
         a5:38:10:a1:32:58:21:a0:d5:1c:1e:75:77:33:e2:36:b0:7a:
         07:e3:ed:3e:26:3d:73:e4:49:40:e8:93:e7:d9:2c:e5:e6:15:
         13:af:e2:af:43:ad:11:da:aa:b6:1f:b0:25:04:90:dd:38:79:
         23:ec:49:2e:c0:a4:75:ef:7d:a9:17:9e:3c:2b:5e:0d:a8:fc:
         06:d9:03:83:90:da:3b:32:09:d9:77:00:23:ad:9a:36:ab:2f:
         88:29:94:51:d4:04:8d:e8:d5:44:13:84:f5:68:e4:72:2f:fc:
         6e:db:b6:bc:82:47:a0:1f:d1:4b:68:86:cd:56:29:09:a1:cb:
         ab:65:9a:49:ea:ec:46:96:46:13:8a:fa:17:56:73:87:bd:7a:
         bd:91:32:c0:c5:58:fa:38:cf:63:5f:ea:c6:77:47:9d:6b:28:
         e7:f1:6a:0d
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgIUclSrWA8BuNeipbRRJLUAzx0ikTUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNTI5QkZDNkREMzA2QjJDNDk2MjlBQTZDRUIzMTMxOTRD
QUE1RDMzRjAeFw0yNjA2MjYxMTM5MzNaFw0yNzA2MjUxMTQ0MzNaMDMxMTAvBgNV
BAMTKDY4OTlFODZGQjZDRjlBODdCQkQxQ0VEOThFMTg4OEVGNjIzNEIxQ0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSWNTqPZZ3sQNRLGctjez2q+Fj
+jasVQ2wFQL8cBmdMWx3jl4kOEwP6jMZ+8l0HU9EUi0NEcYc479rJ6P/fk5u/Wum
87BLl/tU/lCFoRnRWSW6F2L6FK9Mer1rLsuRh4X5NmU8W6cdj+ImMWQ6WjLgWpbp
yssutM0Y6Kpbo+mipXa6fuus5sKWwwfVo4rQoEEZ5ZF6aGt5QaxI7naVFpLZZj8X
19bE2tVTt0YYrPunJjoyo4LJWxE4/DoiL4zhpqYL0YdBl0538ZZJugxllGITBr5s
XVmej2yguBLoP6o9bNYR6BPJh3i1FbwECmLXbDFDVtUcRpDeR4JZXcVxVZKZAgMB
AAGjggKFMIICgTAdBgNVHQ4EFgQUaJnob7bPmoe70c7ZjhiI72I0sc8wHwYDVR0j
BBgwFoAUUpv8bdMGssSWKaps6zExlMql0z8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDkyZDE2ZjItOWI0Ni00YTExLWFjNTktNDJiM2RkZWUx
MTA2LzIvNTI5QkZDNkREMzA2QjJDNDk2MjlBQTZDRUIzMTMxOTRDQUE1RDMzRi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84YWZiNWZlMi0zYzJhLTQ5
MzktOTVlOS0wMDc3YjgwYjRmMGUvMC81MjlCRkM2REQzMDZCMkM0OTYyOUFBNkNF
QjMxMzE5NENBQTVEMzNGLmNlcjCBtwYIKwYBBQUHAQsEgaowgacwgaQGCCsGAQUF
BzALhoGXcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8wOTJkMTZmMi05YjQ2LTRhMTEtYWM1OS00MmIzZGRlZTExMDYvMi8zMjYxMzA2
NjNhMzE2MzYzMzYzYTYyMzIzMjMwM2EzYTJmMzQzNDJkMzQzODIwM2QzZTIwMzEz
NDM5MzUzMTMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcEKg8cxrIgMA0GCSqGSIb3DQEBCwUAA4IBAQBh
5E/Os3nSoM731Kh6fZYgpy+QGgptMrCzQLiCN00apd5skAdjz+I9Uiv3wVBcarM5
m/nKC8QZkwqvt8Ato1gvp6nhs3ZQNosjQi5UD20B4HGts0s7dxrGEHGlOBChMlgh
oNUcHnV3M+I2sHoH4+0+Jj1z5ElA6JPn2Szl5hUTr+KvQ60R2qq2H7AlBJDdOHkj
7EkuwKR1732pF548K14NqPwG2QODkNo7MgnZdwAjrZo2qy+IKZRR1ASN6NVEE4T1
aORyL/xu27a8gkegH9FLaIbNVikJocurZZpJ6uxGlkYTivoXVnOHvXq9kTLAxVj6
OM9jX+rGd0edayjn8WoN
-----END CERTIFICATE-----
Generated at Sun Jul 5 10:20:42 2026 by rpki-client