Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e20313938303837.roa
File:                     3139332e32342e312e302f32342d3234203d3e20313938303837.roa (raw, json)
Hash identifier:          xqDNmc2DsmlGnt/1Pyc+CoYv437wXLEjNSBfRTcYo48=
Subject key identifier:   A1:69:3B:49:D2:CF:9C:FF:3B:27:B2:FB:26:34:08:7F:8C:CB:73:92
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       6461B5BE604C072B1132DD7E17450DF62629FB93
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e20313938303837.roa
Signing time:             Wed 18 Mar 2026 10:02:11 +0000
ROA not before:           Wed 18 Mar 2026 09:57:11 +0000
ROA not after:            Wed 17 Mar 2027 10:02:11 +0000
asID:                     198087
IP address blocks:        193.24.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:61:b5:be:60:4c:07:2b:11:32:dd:7e:17:45:0d:f6:26:29:fb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: Mar 18 09:57:11 2026 GMT
            Not After : Mar 17 10:02:11 2027 GMT
        Subject: CN=A1693B49D2CF9CFF3B27B2FB2634087F8CCB7392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c5:4a:d3:67:7c:c1:bc:39:1f:37:ca:cf:4e:
                    7f:84:d4:14:ef:c2:9f:96:a9:d9:0e:58:a8:b6:fe:
                    c5:b6:2d:b8:87:4b:3d:2d:d8:3a:f0:00:5c:a5:2e:
                    d9:e5:68:68:75:a1:e5:0b:24:5f:a4:c9:d5:d3:63:
                    12:83:5d:28:c0:89:3e:2f:91:2c:62:d9:a7:31:18:
                    4f:fc:b7:60:f4:e0:41:27:04:e8:6f:24:b9:a0:9c:
                    04:4d:0e:a8:10:c8:64:61:8d:8e:a3:13:24:6a:13:
                    2d:5d:1c:3f:4e:f1:46:b6:f1:3d:55:3b:4e:10:05:
                    7b:d1:1e:5d:ff:cc:39:20:12:72:82:78:07:a6:d8:
                    65:21:67:70:f4:81:ea:14:11:2d:9e:01:6b:bd:5b:
                    05:39:0b:26:dc:20:6f:56:a5:84:33:59:05:ba:ec:
                    78:85:d8:3f:9a:70:6d:5a:e0:82:99:2d:90:4c:69:
                    4a:15:d3:7f:74:f2:96:59:66:5e:42:37:25:71:86:
                    9e:86:d1:89:1e:89:f9:47:9b:f7:04:b1:b3:68:9f:
                    12:93:b6:36:2c:9f:31:f5:f8:65:ea:b8:e9:9d:e4:
                    aa:12:93:1a:d0:d7:da:81:a7:a3:76:db:e2:9b:59:
                    3a:e8:2c:47:f0:92:70:b6:51:0e:e1:60:bc:3e:73:
                    62:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:69:3B:49:D2:CF:9C:FF:3B:27:B2:FB:26:34:08:7F:8C:CB:73:92
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e20313938303837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:1d:52:32:5e:dd:e0:9f:55:77:b8:64:eb:93:ac:d2:d0:52:
         8a:70:48:3b:ae:9e:bb:38:ad:77:4b:4b:af:25:50:89:dc:03:
         78:41:65:ed:cd:f2:9a:39:d4:fb:11:74:ae:21:89:28:aa:38:
         f7:f4:84:bb:84:a2:ef:6e:57:49:4e:8e:00:6a:71:6e:3c:43:
         38:e1:8e:c5:b7:c1:4d:55:86:a5:ae:6e:14:10:9e:59:a2:6c:
         3d:a3:45:e5:dd:66:be:71:24:ed:ef:8d:f1:d4:e1:66:54:1b:
         27:fd:40:25:1c:6a:ea:06:e2:bb:63:8e:49:10:fa:b5:5d:f0:
         3b:96:6f:b3:79:ce:e8:97:71:6a:4b:6c:fc:6c:8b:54:9d:f5:
         87:cf:4b:0f:0e:c6:7c:2c:7c:2d:12:df:59:5c:bf:a7:85:2f:
         f9:85:bd:68:f7:4c:bb:df:9d:18:bd:5f:8f:86:fc:69:bb:ed:
         46:2e:c0:5f:c2:fd:26:4d:fc:43:df:7c:a5:3c:26:17:64:0c:
         8f:9b:9d:51:a7:6b:45:c4:2f:f7:4f:a6:9a:8d:d9:77:0d:dd:
         1b:0d:e6:45:2c:5d:d1:ba:7c:16:53:70:de:12:a0:be:00:df:
         e0:00:24:6c:ba:46:38:58:b0:b9:85:3d:4c:0d:2d:0f:f5:04:
         d0:7a:09:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUZGG1vmBMBysRMt1+F0UN9iYp+5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjAzMTgwOTU3MTFaFw0yNzAzMTcxMDAyMTFaMDMxMTAvBgNV
BAMTKEExNjkzQjQ5RDJDRjlDRkYzQjI3QjJGQjI2MzQwODdGOENDQjczOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfxUrTZ3zBvDkfN8rPTn+E1BTv
wp+WqdkOWKi2/sW2LbiHSz0t2DrwAFylLtnlaGh1oeULJF+kydXTYxKDXSjAiT4v
kSxi2acxGE/8t2D04EEnBOhvJLmgnARNDqgQyGRhjY6jEyRqEy1dHD9O8Ua28T1V
O04QBXvRHl3/zDkgEnKCeAem2GUhZ3D0geoUES2eAWu9WwU5CybcIG9WpYQzWQW6
7HiF2D+acG1a4IKZLZBMaUoV03908pZZZl5CNyVxhp6G0YkeiflHm/cEsbNonxKT
tjYsnzH1+GXquOmd5KoSkxrQ19qBp6N22+KbWTroLEfwknC2UQ7hYLw+c2LpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUoWk7SdLPnP87J7L7JjQIf4zLc5IwHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzODMwMzgzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEY
ATANBgkqhkiG9w0BAQsFAAOCAQEAtx1SMl7d4J9Vd7hk65Os0tBSinBIO66euzit
d0tLryVQidwDeEFl7c3ymjnU+xF0riGJKKo49/SEu4Si725XSU6OAGpxbjxDOOGO
xbfBTVWGpa5uFBCeWaJsPaNF5d1mvnEk7e+N8dThZlQbJ/1AJRxq6gbiu2OOSRD6
tV3wO5Zvs3nO6Jdxakts/GyLVJ31h89LDw7GfCx8LRLfWVy/p4Uv+YW9aPdMu9+d
GL1fj4b8abvtRi7AX8L9Jk38Q998pTwmF2QMj5udUadrRcQv90+mmo3Zdw3dGw3m
RSxd0bp8FlNw3hKgvgDf4AAkbLpGOFiwuYU9TA0tD/UE0HoJLA==
-----END CERTIFICATE-----