Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e2039333034.roa
File:                     3139332e32342e312e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          oj2cVXUcP5WPxhMAcQa5yBD7BSGBjPhZ1RQF8He2c7c=
Subject key identifier:   9E:85:95:C3:B6:CB:68:1E:49:A9:4A:5E:85:10:0F:A3:F0:89:15:48
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       33DC394F2C391ED50376EFF2C8D6ED446BCB98B7
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e2039333034.roa
Signing time:             Mon 25 May 2026 12:16:53 +0000
ROA not before:           Mon 25 May 2026 12:11:53 +0000
ROA not after:            Mon 24 May 2027 12:16:53 +0000
asID:                     9304
IP address blocks:        193.24.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 03:52:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:dc:39:4f:2c:39:1e:d5:03:76:ef:f2:c8:d6:ed:44:6b:cb:98:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: May 25 12:11:53 2026 GMT
            Not After : May 24 12:16:53 2027 GMT
        Subject: CN=9E8595C3B6CB681E49A94A5E85100FA3F0891548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a2:af:67:db:8d:ea:2f:e1:45:9a:6f:e3:86:
                    89:e2:26:bc:c5:00:aa:05:48:10:7c:4c:53:a5:ed:
                    fd:bc:63:24:0f:96:19:99:5a:f7:86:d5:a6:8c:ff:
                    44:7a:27:4b:50:6a:79:96:10:ae:19:55:49:54:71:
                    ee:91:59:35:11:15:ad:70:f9:80:92:49:a3:6d:71:
                    ff:96:93:79:b0:4b:16:59:97:00:41:ae:f3:81:0c:
                    43:54:c6:44:d6:93:c2:a1:4d:31:37:d5:a9:79:55:
                    33:a3:0b:6f:4c:21:ef:84:a3:6b:81:e3:40:7c:fc:
                    38:0e:67:51:36:e3:56:a8:5d:d0:1b:7d:af:70:4f:
                    bc:bf:86:d0:2e:06:48:76:da:3b:0b:cf:8c:5f:36:
                    e2:d8:33:d1:de:80:60:23:fe:a8:46:54:c4:01:df:
                    d9:b0:b4:c7:4c:7c:9d:61:0c:70:96:41:a4:30:48:
                    9f:1d:5f:37:91:75:0f:06:33:f1:ba:fb:33:7a:c6:
                    d8:aa:59:13:7f:11:06:cf:dd:d5:72:7c:40:59:cd:
                    1e:f2:78:c1:2c:93:55:22:ef:13:81:a4:10:8d:41:
                    f4:94:31:62:28:8b:26:e8:67:55:5c:5a:4c:94:ac:
                    7b:ef:86:0a:44:3c:1a:b4:9c:b6:c9:02:72:f0:db:
                    de:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:85:95:C3:B6:CB:68:1E:49:A9:4A:5E:85:10:0F:A3:F0:89:15:48
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:ac:8b:44:bc:f7:00:fb:64:d6:cd:e6:21:aa:27:d4:65:20:
         04:ae:64:d5:73:4a:69:92:fb:b7:53:47:71:5f:c3:4a:52:a7:
         29:85:34:b3:e3:41:69:01:e8:88:28:9a:c5:7c:2d:b2:8c:15:
         b7:d2:02:8a:86:d8:90:be:89:be:9a:3c:d5:d3:60:63:6a:d0:
         c8:f4:8f:f9:dd:a6:46:95:86:19:b7:4f:20:12:2f:fa:2c:14:
         88:a5:ca:9b:bb:31:b7:9d:7a:4e:9d:8c:07:60:8e:14:fb:ca:
         98:4a:16:98:26:82:d9:0c:29:9c:b8:60:7f:01:84:c9:76:06:
         fd:8d:ea:f5:2f:3d:31:79:c2:8c:0e:b9:11:79:c6:94:4d:ca:
         62:78:0f:72:98:38:e8:10:04:d9:2e:8f:1e:78:90:78:27:45:
         fb:0d:6d:b2:3d:98:8c:c0:a8:61:71:38:15:62:d1:51:1c:2e:
         a0:a3:29:a7:de:bf:90:bd:a4:32:02:a5:98:30:a4:98:48:18:
         4a:ea:d4:2b:02:5f:6a:f7:38:85:cb:27:2e:05:67:c6:11:c6:
         66:80:c5:a7:85:e7:a0:bf:99:8c:bc:ac:97:5f:0d:65:33:23:
         df:b0:d1:70:da:1f:59:ad:85:98:b2:29:a5:39:0a:1b:3a:ae:
         fc:f0:9b:e3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUM9w5Tyw5HtUDdu/yyNbtRGvLmLcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjA1MjUxMjExNTNaFw0yNzA1MjQxMjE2NTNaMDMxMTAvBgNV
BAMTKDlFODU5NUMzQjZDQjY4MUU0OUE5NEE1RTg1MTAwRkEzRjA4OTE1NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoq9n243qL+FFmm/jhoniJrzF
AKoFSBB8TFOl7f28YyQPlhmZWveG1aaM/0R6J0tQanmWEK4ZVUlUce6RWTURFa1w
+YCSSaNtcf+Wk3mwSxZZlwBBrvOBDENUxkTWk8KhTTE31al5VTOjC29MIe+Eo2uB
40B8/DgOZ1E241aoXdAbfa9wT7y/htAuBkh22jsLz4xfNuLYM9HegGAj/qhGVMQB
39mwtMdMfJ1hDHCWQaQwSJ8dXzeRdQ8GM/G6+zN6xtiqWRN/EQbP3dVyfEBZzR7y
eMEsk1Ui7xOBpBCNQfSUMWIoiyboZ1VcWkyUrHvvhgpEPBq0nLbJAnLw294vAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUnoWVw7bLaB5JqUpehRAPo/CJFUgwHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzMzMDM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRgBMA0G
CSqGSIb3DQEBCwUAA4IBAQC9rItEvPcA+2TWzeYhqifUZSAErmTVc0ppkvu3U0dx
X8NKUqcphTSz40FpAeiIKJrFfC2yjBW30gKKhtiQvom+mjzV02BjatDI9I/53aZG
lYYZt08gEi/6LBSIpcqbuzG3nXpOnYwHYI4U+8qYShaYJoLZDCmcuGB/AYTJdgb9
jer1Lz0xecKMDrkRecaUTcpieA9ymDjoEATZLo8eeJB4J0X7DW2yPZiMwKhhcTgV
YtFRHC6goymn3r+QvaQyAqWYMKSYSBhK6tQrAl9q9ziFyycuBWfGEcZmgMWnheeg
v5mMvKyXXw1lMyPfsNFw2h9ZrYWYsimlOQobOq788Jvj
-----END CERTIFICATE-----