Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203332383738.roa
File:                     3139332e32342e312e302f32342d3234203d3e203332383738.roa (raw, json)
Hash identifier:          jrRiDyxuR6Y4UYjX7YX3ahpfr+PzoLBKEUrFS+P5Bgw=
Subject key identifier:   27:2B:A9:19:CF:C6:24:EB:34:69:5D:6C:C4:1D:5E:F9:F4:37:6F:4C
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       60083C9891C04677256BCCAC0891B1221B368A6C
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203332383738.roa
Signing time:             Fri 13 Mar 2026 08:17:13 +0000
ROA not before:           Fri 13 Mar 2026 08:12:13 +0000
ROA not after:            Fri 12 Mar 2027 08:17:13 +0000
asID:                     32878
IP address blocks:        193.24.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 10:57:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:08:3c:98:91:c0:46:77:25:6b:cc:ac:08:91:b1:22:1b:36:8a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: Mar 13 08:12:13 2026 GMT
            Not After : Mar 12 08:17:13 2027 GMT
        Subject: CN=272BA919CFC624EB34695D6CC41D5EF9F4376F4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:90:06:dd:d1:34:60:b8:e2:81:06:11:95:5c:
                    e4:67:de:e7:37:72:a9:6b:23:74:1f:b0:2a:82:dc:
                    21:d2:96:2e:53:a9:16:6b:14:35:59:0f:84:76:0f:
                    f0:2b:9e:23:78:8e:80:bb:41:4e:53:71:e1:2a:1f:
                    f8:a6:bc:83:28:0e:d5:03:07:54:c3:cf:55:9f:ae:
                    2f:a0:2b:d6:63:69:94:03:f0:dc:b7:9a:25:55:22:
                    c4:b2:49:20:e3:03:aa:bd:58:de:56:66:29:b1:41:
                    24:8f:81:c7:e0:ab:7c:d2:e1:8f:47:ca:04:b3:21:
                    90:10:c2:67:10:56:81:d4:6f:bf:60:f0:c7:23:fa:
                    78:11:c6:43:90:30:ca:4f:19:58:c4:ac:4b:cc:86:
                    da:f5:34:ad:79:e0:fb:a2:60:80:02:a7:45:91:3a:
                    3b:3d:c7:d8:9c:b6:3a:4d:e3:71:15:1b:9d:ce:3b:
                    69:09:de:bd:96:5e:6b:b6:2f:82:ce:11:cd:42:8f:
                    cf:62:8e:96:38:00:65:93:e5:4a:21:8a:0e:99:40:
                    27:c2:dc:85:80:2b:b9:f7:49:01:81:98:ec:7d:b1:
                    45:d4:f1:e2:53:0c:ca:fc:e2:33:8a:df:5e:54:0b:
                    0f:1c:83:bf:5f:c5:af:2a:d1:8e:16:af:7e:06:0d:
                    c0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:2B:A9:19:CF:C6:24:EB:34:69:5D:6C:C4:1D:5E:F9:F4:37:6F:4C
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203332383738.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:c9:8f:2a:34:6a:bc:e8:d5:21:58:54:cb:ca:17:e5:f4:5a:
         e5:c0:59:06:00:93:32:29:3f:20:eb:1a:fc:d0:7b:a2:04:34:
         63:12:ff:76:76:2a:47:fc:dc:1e:42:77:30:36:e9:6b:db:7a:
         93:e7:5e:76:8b:c0:9a:8d:43:58:39:b6:e5:f1:8c:62:66:39:
         60:36:ca:06:aa:dc:35:7f:d2:5c:fa:27:86:95:d0:98:4a:19:
         7c:97:fa:ae:0c:42:91:87:1a:ab:8c:ce:3d:ea:d6:e1:d7:4f:
         6b:f9:42:d8:c5:32:cf:d7:e7:76:b9:b9:16:e2:9d:27:3f:c5:
         fd:44:a7:75:ef:51:66:7c:65:bc:55:f5:75:69:be:f0:9a:00:
         a7:9d:78:f1:df:25:27:40:3f:78:d8:5b:b3:0d:36:0e:9b:e8:
         56:58:a0:df:fe:b3:a1:ba:5d:aa:9b:30:33:22:79:82:d1:11:
         14:1a:b6:bb:a4:b0:fa:0a:63:a7:d6:c8:a1:9b:ec:ff:98:23:
         a1:02:1e:c0:06:87:1e:63:27:97:1b:68:2c:7d:fc:8a:13:e6:
         1f:08:f8:fb:27:36:5b:2e:3f:09:ea:71:59:55:54:2c:40:7b:
         15:c2:9d:53:1d:22:f2:5e:43:82:a2:4b:dc:a7:b9:ce:c3:c2:
         76:0b:9d:f1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYAg8mJHARncla8ysCJGxIhs2imwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjAzMTMwODEyMTNaFw0yNzAzMTIwODE3MTNaMDMxMTAvBgNV
BAMTKDI3MkJBOTE5Q0ZDNjI0RUIzNDY5NUQ2Q0M0MUQ1RUY5RjQzNzZGNEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdkAbd0TRguOKBBhGVXORn3uc3
cqlrI3QfsCqC3CHSli5TqRZrFDVZD4R2D/ArniN4joC7QU5TceEqH/imvIMoDtUD
B1TDz1Wfri+gK9ZjaZQD8Ny3miVVIsSySSDjA6q9WN5WZimxQSSPgcfgq3zS4Y9H
ygSzIZAQwmcQVoHUb79g8Mcj+ngRxkOQMMpPGVjErEvMhtr1NK154PuiYIACp0WR
Ojs9x9ictjpN43EVG53OO2kJ3r2WXmu2L4LOEc1Cj89ijpY4AGWT5Uohig6ZQCfC
3IWAK7n3SQGBmOx9sUXU8eJTDMr84jOK315UCw8cg79fxa8q0Y4Wr34GDcCpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJyupGc/GJOs0aV1sxB1e+fQ3b0wwHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzIzODM3Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBGAEw
DQYJKoZIhvcNAQELBQADggEBAL/Jjyo0arzo1SFYVMvKF+X0WuXAWQYAkzIpPyDr
GvzQe6IENGMS/3Z2Kkf83B5CdzA26WvbepPnXnaLwJqNQ1g5tuXxjGJmOWA2ygaq
3DV/0lz6J4aV0JhKGXyX+q4MQpGHGquMzj3q1uHXT2v5QtjFMs/X53a5uRbinSc/
xf1Ep3XvUWZ8ZbxV9XVpvvCaAKedePHfJSdAP3jYW7MNNg6b6FZYoN/+s6G6Xaqb
MDMieYLRERQatruksPoKY6fWyKGb7P+YI6ECHsAGhx5jJ5cbaCx9/IoT5h8I+Psn
NlsuPwnqcVlVVCxAexXCnVMdIvJeQ4KiS9ynuc7DwnYLnfE=
-----END CERTIFICATE-----