Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203633313939.roa
File:                     3139332e32342e312e302f32342d3234203d3e203633313939.roa (raw, json)
Hash identifier:          1Lzj3CDpDvCfZvv2HFemfqnFSTbx9h8ExNHpj1MEQno=
Subject key identifier:   ED:77:56:DC:F0:C4:7F:CA:1F:2F:8D:67:C8:24:20:F4:AB:27:0D:76
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       556E74554D9BC91DF8197950C479AC2B04B8743C
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203633313939.roa
Signing time:             Mon 02 Mar 2026 10:10:17 +0000
ROA not before:           Mon 02 Mar 2026 10:05:17 +0000
ROA not after:            Mon 01 Mar 2027 10:10:17 +0000
asID:                     63199
IP address blocks:        193.24.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 13:23:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:6e:74:55:4d:9b:c9:1d:f8:19:79:50:c4:79:ac:2b:04:b8:74:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: Mar  2 10:05:17 2026 GMT
            Not After : Mar  1 10:10:17 2027 GMT
        Subject: CN=ED7756DCF0C47FCA1F2F8D67C82420F4AB270D76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:05:46:21:ce:d6:9f:30:dd:29:94:c2:2e:9b:
                    89:58:f2:cd:37:df:42:92:d8:92:68:28:49:9e:0b:
                    81:3c:d3:21:7b:ed:8d:b3:6b:ec:5e:e8:1b:d9:a5:
                    f9:2e:cd:d6:fc:f0:15:a5:88:29:77:a1:f7:6f:f2:
                    6d:d4:a9:47:19:fb:b5:96:e9:5a:0d:c8:ca:19:81:
                    6c:c0:93:62:31:ae:98:c5:de:df:02:7a:20:c5:c8:
                    19:aa:d7:cf:e4:64:0b:13:50:ed:e2:cb:e4:6c:02:
                    12:f7:12:e4:b9:35:45:f8:d9:e7:71:dc:35:16:db:
                    5d:fd:6b:98:c6:c2:96:3e:dd:e6:b3:f4:42:89:ca:
                    0d:dc:54:9f:9b:05:c3:78:76:67:19:08:79:de:12:
                    b9:8d:d5:7d:03:00:92:49:5c:6e:76:12:93:f7:76:
                    20:49:60:01:de:a8:64:9b:73:76:75:74:9f:d1:b8:
                    50:95:26:7e:aa:ab:f5:eb:89:8f:d3:87:b7:a2:6b:
                    5a:5c:51:00:b5:a9:b6:05:5e:fa:a2:e4:be:10:33:
                    65:49:44:c1:74:99:7e:15:54:0a:46:21:6b:f7:2b:
                    9d:5e:33:a9:f6:7e:2e:2d:4e:ba:29:fa:b4:5d:82:
                    87:80:77:8e:d8:9c:f3:ce:17:e0:36:b2:be:b8:0d:
                    55:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:77:56:DC:F0:C4:7F:CA:1F:2F:8D:67:C8:24:20:F4:AB:27:0D:76
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e203633313939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:85:2a:47:38:b8:5c:09:aa:45:24:33:eb:a8:8b:36:61:e1:
         41:b7:95:ed:63:58:dc:85:f0:4f:e3:65:c2:40:9a:22:b5:00:
         46:86:0f:2d:49:e9:e9:98:19:a6:3d:26:0d:0d:cf:88:af:1f:
         89:28:90:bf:c4:a3:04:ab:c0:4b:cb:60:46:49:34:2e:bd:dc:
         8d:23:65:b0:42:d3:22:05:b7:c3:fb:d8:ad:50:6a:34:09:6b:
         7f:54:60:ba:9b:fe:fb:fb:23:86:03:bb:79:ff:04:3b:76:4e:
         39:4c:9f:5e:a8:02:b0:f1:e2:40:64:94:91:fd:74:a2:b1:6a:
         98:7e:c8:ac:ee:14:3b:f6:d3:f5:a0:9b:c6:68:45:ea:87:af:
         71:b9:56:2f:05:79:4b:b3:26:d7:47:63:6f:49:17:2a:f8:14:
         87:2d:4b:31:a2:d2:53:5d:e8:60:72:25:30:cf:3d:3a:a3:c8:
         e9:9c:1d:28:f5:f5:ce:91:d8:fa:13:38:7e:bd:88:be:c6:dd:
         5e:96:da:8d:62:63:83:a9:13:2f:1c:2d:88:5c:20:c0:82:28:
         9b:68:72:b1:b0:7d:ce:7a:80:08:76:25:a1:93:11:61:5a:81:
         db:61:c5:ed:73:4d:84:b0:0c:5b:09:07:e9:2f:8b:6a:88:47:
         2a:3b:0a:58
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVW50VU2byR34GXlQxHmsKwS4dDwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjAzMDIxMDA1MTdaFw0yNzAzMDExMDEwMTdaMDMxMTAvBgNV
BAMTKEVENzc1NkRDRjBDNDdGQ0ExRjJGOEQ2N0M4MjQyMEY0QUIyNzBENzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8BUYhztafMN0plMIum4lY8s03
30KS2JJoKEmeC4E80yF77Y2za+xe6BvZpfkuzdb88BWliCl3ofdv8m3UqUcZ+7WW
6VoNyMoZgWzAk2IxrpjF3t8CeiDFyBmq18/kZAsTUO3iy+RsAhL3EuS5NUX42edx
3DUW2139a5jGwpY+3eaz9EKJyg3cVJ+bBcN4dmcZCHneErmN1X0DAJJJXG52EpP3
diBJYAHeqGSbc3Z1dJ/RuFCVJn6qq/XriY/Th7eia1pcUQC1qbYFXvqi5L4QM2VJ
RMF0mX4VVApGIWv3K51eM6n2fi4tTrop+rRdgoeAd47YnPPOF+A2sr64DVXtAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7XdW3PDEf8ofL41nyCQg9KsnDXYwHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzMzMTM5Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBGAEw
DQYJKoZIhvcNAQELBQADggEBALeFKkc4uFwJqkUkM+uoizZh4UG3le1jWNyF8E/j
ZcJAmiK1AEaGDy1J6emYGaY9Jg0Nz4ivH4kokL/EowSrwEvLYEZJNC693I0jZbBC
0yIFt8P72K1QajQJa39UYLqb/vv7I4YDu3n/BDt2TjlMn16oArDx4kBklJH9dKKx
aph+yKzuFDv20/Wgm8ZoReqHr3G5Vi8FeUuzJtdHY29JFyr4FIctSzGi0lNd6GBy
JTDPPTqjyOmcHSj19c6R2PoTOH69iL7G3V6W2o1iY4OpEy8cLYhcIMCCKJtocrGw
fc56gAh2JaGTEWFagdthxe1zTYSwDFsJB+kvi2qIRyo7Clg=
-----END CERTIFICATE-----