Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203236373639.roa
File:                     3139332e32342e312e302f32342d3234203d3e203236373639.roa (raw, json)
Hash identifier:          hWxkzR8ONtTYSmmBfJjY2JeiO+vwIeT6zjeMYES2dHU=
Subject key identifier:   2D:78:FF:75:59:99:AA:98:78:CA:49:AE:E4:AA:35:88:FB:78:65:44
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       69F6A4BF9B07E33F44335C348E842675DD186641
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203236373639.roa
Signing time:             Fri 13 Mar 2026 05:54:55 +0000
ROA not before:           Fri 13 Mar 2026 05:49:55 +0000
ROA not after:            Fri 12 Mar 2027 05:54:55 +0000
asID:                     26769
IP address blocks:        193.24.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Mar 2026 08:16:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:f6:a4:bf:9b:07:e3:3f:44:33:5c:34:8e:84:26:75:dd:18:66:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: Mar 13 05:49:55 2026 GMT
            Not After : Mar 12 05:54:55 2027 GMT
        Subject: CN=2D78FF755999AA9878CA49AEE4AA3588FB786544
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:46:38:51:37:5c:5b:7a:c9:99:0e:41:79:c0:
                    18:88:b6:f2:16:14:64:b5:73:26:40:d4:e9:a2:15:
                    e0:a4:7f:0c:2d:a7:a5:73:7b:35:e5:e2:01:0c:b5:
                    73:14:f7:6f:6a:74:81:a5:0a:05:b5:84:61:2a:f2:
                    2e:a6:a0:b1:e6:76:5b:7e:0a:1d:5f:5a:2b:ff:a5:
                    05:ae:d9:b5:2a:e4:7e:58:ec:90:3b:c7:28:2a:43:
                    e9:4e:bb:60:79:38:cd:38:2e:18:4e:f9:fd:0b:42:
                    cc:ff:36:bb:fe:70:97:bd:db:bd:07:be:94:b1:c4:
                    a7:08:cb:5f:78:cd:72:36:93:7c:0c:bc:e9:d4:0f:
                    de:e9:87:f2:1b:f2:fe:23:e5:2e:4d:21:85:d0:61:
                    91:cd:af:b5:20:fd:20:52:46:f9:a8:a9:66:d8:03:
                    e3:5f:b5:9f:e3:9e:4e:88:06:ec:aa:d0:57:c6:a6:
                    59:93:9a:67:d0:e0:9d:30:72:9d:04:e0:45:80:0a:
                    15:42:5d:36:b2:2b:c5:c3:f0:17:ce:e8:4a:a1:3b:
                    5b:7f:b4:fa:5d:f2:c3:22:bc:5a:03:ce:bf:c7:ba:
                    36:f3:20:88:af:27:ec:1c:fb:8a:8a:bf:f0:53:df:
                    87:22:45:b2:6e:87:94:3f:fa:5d:04:2b:88:cf:ce:
                    a4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:78:FF:75:59:99:AA:98:78:CA:49:AE:E4:AA:35:88:FB:78:65:44
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203236373639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:95:56:6e:74:2a:7b:79:ba:ac:d2:63:63:6c:20:40:bb:fa:
         d4:0b:7d:6a:25:50:33:e1:6e:36:8b:4b:90:3d:a5:55:6c:e5:
         12:da:4e:f6:63:82:20:b6:6c:a8:07:11:e3:77:6b:68:ac:61:
         8c:ea:ab:a7:4a:ec:61:a2:05:bd:cd:b1:31:88:7d:22:a9:58:
         78:a4:62:7f:23:83:70:47:f9:bb:78:75:71:3d:19:19:e6:0a:
         4a:a4:7b:5e:98:a5:2b:fd:3f:bb:bb:3e:ee:49:6d:49:53:d7:
         b7:00:03:ba:23:52:00:7c:9d:e5:75:79:56:ca:6e:e5:cc:85:
         ce:f3:5c:bc:76:f8:e7:0a:75:2e:b9:6e:0e:62:af:38:19:67:
         40:9e:25:6e:d6:58:3c:88:dc:93:46:ff:cd:28:4c:10:52:82:
         6c:7b:24:e6:5b:e1:1c:19:05:52:12:7d:fb:db:5b:84:97:da:
         89:a0:de:8a:65:f1:a4:28:90:37:86:aa:0b:cc:fc:a7:f6:da:
         8d:ec:3d:91:a0:2f:08:37:15:e4:65:0a:42:4d:f4:1c:bd:08:
         37:12:01:24:66:12:b3:40:22:f9:2e:72:4c:7e:81:5d:89:2a:
         95:ce:22:3e:27:50:74:24:31:60:e2:9d:ee:56:0a:0f:05:e5:
         37:cb:65:09
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUafakv5sH4z9EM1w0joQmdd0YZkEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjAzMTMwNTQ5NTVaFw0yNzAzMTIwNTU0NTVaMDMxMTAvBgNV
BAMTKDJENzhGRjc1NTk5OUFBOTg3OENBNDlBRUU0QUEzNTg4RkI3ODY1NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCURjhRN1xbesmZDkF5wBiItvIW
FGS1cyZA1OmiFeCkfwwtp6VzezXl4gEMtXMU929qdIGlCgW1hGEq8i6moLHmdlt+
Ch1fWiv/pQWu2bUq5H5Y7JA7xygqQ+lOu2B5OM04LhhO+f0LQsz/Nrv+cJe9270H
vpSxxKcIy194zXI2k3wMvOnUD97ph/Ib8v4j5S5NIYXQYZHNr7Ug/SBSRvmoqWbY
A+NftZ/jnk6IBuyq0FfGplmTmmfQ4J0wcp0E4EWAChVCXTayK8XD8BfO6EqhO1t/
tPpd8sMivFoDzr/HujbzIIivJ+wc+4qKv/BT34ciRbJuh5Q/+l0EK4jPzqSxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQULXj/dVmZqph4ykmu5Ko1iPt4ZUQwHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzYzNzM2Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBGAEw
DQYJKoZIhvcNAQELBQADggEBAGKVVm50Knt5uqzSY2NsIEC7+tQLfWolUDPhbjaL
S5A9pVVs5RLaTvZjgiC2bKgHEeN3a2isYYzqq6dK7GGiBb3NsTGIfSKpWHikYn8j
g3BH+bt4dXE9GRnmCkqke16YpSv9P7u7Pu5JbUlT17cAA7ojUgB8neV1eVbKbuXM
hc7zXLx2+OcKdS65bg5irzgZZ0CeJW7WWDyI3JNG/80oTBBSgmx7JOZb4RwZBVIS
ffvbW4SX2omg3opl8aQokDeGqgvM/Kf22o3sPZGgLwg3FeRlCkJN9By9CDcSASRm
ErNAIvkuckx+gV2JKpXOIj4nUHQkMWDine5WCg8F5TfLZQk=
-----END CERTIFICATE-----