Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa
File:                     326131343a366634353a3a2f33362d3438203d3e203530323234.roa (raw, json)
Hash identifier:          kqSGmokeRNHiOXY/O90wYU4CsNCOAt7W6V1eg7KCHuM=
Subject key identifier:   DC:7C:73:12:EA:E8:02:99:00:99:89:F5:0F:B6:E3:E2:58:2D:C4:24
Certificate issuer:       /CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
Certificate serial:       1C4416F3729547F0EE78A7A84D9FF7F280B522B2
Authority key identifier: 3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa
Signing time:             Fri 19 Jun 2026 17:50:40 +0000
ROA not before:           Fri 19 Jun 2026 17:45:40 +0000
ROA not after:            Fri 18 Jun 2027 17:50:40 +0000
asID:                     50224
IP address blocks:        2a14:6f45::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Jun 2026 05:55:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:44:16:f3:72:95:47:f0:ee:78:a7:a8:4d:9f:f7:f2:80:b5:22:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eeebb946a8d21d4083c93dc09cee557bb2ac32e
        Validity
            Not Before: Jun 19 17:45:40 2026 GMT
            Not After : Jun 18 17:50:40 2027 GMT
        Subject: CN=DC7C7312EAE80299009989F50FB6E3E2582DC424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:32:68:53:96:8e:95:17:50:a4:ea:60:d8:92:
                    77:7c:ba:8c:c9:38:66:16:d0:7b:fb:61:73:ba:6c:
                    f8:e0:bb:bb:dc:a3:71:c0:dd:28:9a:39:d9:1b:4b:
                    49:ee:2a:e9:da:ba:9c:38:60:95:41:f4:32:d2:41:
                    65:3f:71:e3:f8:00:ca:9f:49:b9:32:42:8b:68:79:
                    45:a6:95:e8:de:e0:15:51:0c:53:cc:32:16:b4:d7:
                    bf:dc:57:0e:e5:d6:98:76:bd:91:76:0d:f0:be:75:
                    c2:42:38:74:6d:cc:e8:02:3b:53:01:ac:01:77:7f:
                    86:7b:ad:56:ac:8a:0f:01:2c:54:1f:5d:ab:8e:bf:
                    64:0d:71:64:87:aa:48:6a:50:c4:22:4f:dd:9a:06:
                    b8:96:9e:ad:ed:bd:a4:fd:0a:ed:88:df:23:75:c0:
                    e5:c5:43:ff:0b:d4:f5:aa:14:08:b3:75:9e:f8:34:
                    80:ca:dc:92:24:93:ad:cd:e6:29:42:55:35:7c:29:
                    e3:b1:47:b3:41:5e:3a:3d:a5:c2:b9:d6:7f:8e:50:
                    a7:37:4b:f0:64:43:5d:82:7e:8c:56:45:24:0c:cc:
                    95:63:20:8c:ef:d1:e5:da:bd:b5:0d:f1:68:b3:a3:
                    7e:92:d5:38:e4:49:7c:65:34:f2:5b:b4:36:d5:31:
                    d8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7C:73:12:EA:E8:02:99:00:99:89:F5:0F:B6:E3:E2:58:2D:C4:24
            X509v3 Authority Key Identifier:
                keyid:3E:EE:BB:94:6A:8D:21:D4:08:3C:93:DC:09:CE:E5:57:BB:2A:C3:2E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/3EEEBB946A8D21D4083C93DC09CEE557BB2AC32E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pu67lGqNIdQIPJPcCc7lV7sqwy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/6ff7a989-ecdf-43d6-86e1-f6c3935b9b3d/4/326131343a366634353a3a2f33362d3438203d3e203530323234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6f45::/36

    Signature Algorithm: sha256WithRSAEncryption
         04:99:5b:d4:33:34:1a:a5:29:a6:d5:ee:e6:2b:3d:c6:44:f8:
         fe:22:ce:3f:88:d3:95:16:40:8c:eb:1a:66:7a:47:b0:e0:d5:
         1b:4c:90:ed:93:e1:0c:28:07:14:03:a8:13:bf:88:1a:b9:e4:
         1c:e3:d8:77:c3:ac:7a:58:d4:be:55:ec:33:6c:87:35:5f:02:
         4e:76:77:e4:78:02:42:dd:b9:2f:34:60:d5:87:90:55:dd:b6:
         18:eb:4e:47:51:1e:b8:3f:6f:26:c4:8a:f2:a1:6b:a7:8e:97:
         2d:99:ba:c4:e5:12:21:97:c3:a6:05:02:8d:b1:ce:0a:fe:b2:
         99:b9:16:06:2b:fc:f8:85:92:66:d6:8c:34:51:84:1e:c3:42:
         b8:77:a9:e4:73:00:bd:b3:56:09:e1:72:8e:7c:87:e0:e4:1a:
         02:7f:e6:e8:bd:1d:f2:51:ac:43:c9:8d:43:2f:e3:66:eb:1b:
         63:c1:37:82:63:5d:05:14:53:8b:08:3f:e7:32:0d:18:d6:c6:
         7c:be:3f:ea:63:41:e0:b6:fc:a7:8e:70:1e:0a:52:c9:8d:28:
         0d:8c:25:7f:ff:c8:ff:12:b2:37:36:5a:03:99:cf:76:54:da:
         0a:f6:28:ec:cc:f0:ae:5a:7c:b0:4a:23:08:34:5b:33:0a:28:
         42:d9:69:f0
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIUHEQW83KVR/DueKeoTZ/38oC1IrIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2VlZWJiOTQ2YThkMjFkNDA4M2M5M2RjMDljZWU1NTdi
YjJhYzMyZTAeFw0yNjA2MTkxNzQ1NDBaFw0yNzA2MTgxNzUwNDBaMDMxMTAvBgNV
BAMTKERDN0M3MzEyRUFFODAyOTkwMDk5ODlGNTBGQjZFM0UyNTgyREM0MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5MmhTlo6VF1Ck6mDYknd8uozJ
OGYW0Hv7YXO6bPjgu7vco3HA3SiaOdkbS0nuKunaupw4YJVB9DLSQWU/ceP4AMqf
SbkyQotoeUWmleje4BVRDFPMMha017/cVw7l1ph2vZF2DfC+dcJCOHRtzOgCO1MB
rAF3f4Z7rVasig8BLFQfXauOv2QNcWSHqkhqUMQiT92aBriWnq3tvaT9Cu2I3yN1
wOXFQ/8L1PWqFAizdZ74NIDK3JIkk63N5ilCVTV8KeOxR7NBXjo9pcK51n+OUKc3
S/BkQ12CfoxWRSQMzJVjIIzv0eXavbUN8Wizo36S1TjkSXxlNPJbtDbVMdgLAgMB
AAGjggI9MIICOTAdBgNVHQ4EFgQU3HxzEuroApkAmYn1D7bj4lgtxCQwHwYDVR0j
BBgwFoAUPu67lGqNIdQIPJPcCc7lV7sqwy4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNmZmN2E5ODktZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5
YjNkLzQvM0VFRUJCOTQ2QThEMjFENDA4M0M5M0RDMDlDRUU1NTdCQjJBQzMyRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1B1NjdsR3FOSWRRSVBKUGNDYzdsVjdz
cXd5NC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNmZmN2E5ODkt
ZWNkZi00M2Q2LTg2ZTEtZjZjMzkzNWI5YjNkLzQvMzI2MTMxMzQzYTM2NjYzNDM1
M2EzYTJmMzMzNjJkMzQzODIwM2QzZTIwMzUzMDMyMzIzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoU
b0UAMA0GCSqGSIb3DQEBCwUAA4IBAQAEmVvUMzQapSmm1e7mKz3GRPj+Is4/iNOV
FkCM6xpmekew4NUbTJDtk+EMKAcUA6gTv4gaueQc49h3w6x6WNS+VewzbIc1XwJO
dnfkeAJC3bkvNGDVh5BV3bYY605HUR64P28mxIryoWunjpctmbrE5RIhl8OmBQKN
sc4K/rKZuRYGK/z4hZJm1ow0UYQew0K4d6nkcwC9s1YJ4XKOfIfg5BoCf+bovR3y
UaxDyY1DL+Nm6xtjwTeCY10FFFOLCD/nMg0Y1sZ8vj/qY0HgtvynjnAeClLJjSgN
jCV//8j/ErI3NloDmc92VNoK9ijszPCuWnywSiMINFszCihC2Wnw
-----END CERTIFICATE-----