Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa
File:                     3231332e352e3133322e302f32342d3234203d3e203530333931.roa (raw, json)
Hash identifier:          1JgLxR+OQSkQVCiOGQd3j5792m7vr3LICIO6LfAUqCs=
Subject key identifier:   2F:FA:24:E0:16:C7:C6:B7:88:93:FF:F8:1D:93:FD:AD:01:6E:3C:EE
Certificate issuer:       /CN=e96d85996e9354d1005e44c781d38adcf1082873
Certificate serial:       49C37D939D158E0489D36F09165D5272DA679082
Authority key identifier: E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa
Signing time:             Wed 22 Apr 2026 14:22:50 +0000
ROA not before:           Wed 22 Apr 2026 14:17:50 +0000
ROA not after:            Wed 21 Apr 2027 14:22:50 +0000
asID:                     50391
IP address blocks:        213.5.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 20:56:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:c3:7d:93:9d:15:8e:04:89:d3:6f:09:16:5d:52:72:da:67:90:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e96d85996e9354d1005e44c781d38adcf1082873
        Validity
            Not Before: Apr 22 14:17:50 2026 GMT
            Not After : Apr 21 14:22:50 2027 GMT
        Subject: CN=2FFA24E016C7C6B78893FFF81D93FDAD016E3CEE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:07:83:96:ff:b5:a3:21:ac:bc:89:9c:7c:e4:
                    0e:aa:73:69:dd:c4:72:95:92:3d:c6:e3:6c:4a:07:
                    35:dc:7c:c0:1c:f7:a2:07:2d:b2:eb:7b:6d:95:b4:
                    9f:6c:4e:2f:b0:ea:08:00:c3:83:c6:b1:e1:a9:34:
                    b3:c6:b5:f1:5b:88:47:16:2c:ce:21:0b:af:4d:89:
                    ee:43:21:56:e4:c6:a6:82:d1:c2:e6:11:e5:72:65:
                    31:8c:be:f0:e2:61:28:20:da:0b:03:a7:2d:a5:99:
                    c4:52:1d:8c:ee:13:a2:08:f8:bc:7d:69:f5:4a:ee:
                    39:28:56:16:2d:bb:79:06:cb:86:e2:c5:81:90:00:
                    b7:a9:af:4b:5d:72:c5:54:42:4a:df:88:0c:a3:77:
                    a2:62:d9:fb:58:bd:44:f8:05:0f:22:ae:3c:20:14:
                    83:2e:f3:94:3d:52:a3:81:cb:5e:e6:8a:c8:4e:ab:
                    4a:d8:1e:39:d6:f5:c3:70:e9:42:82:90:f6:52:e2:
                    6c:f7:e1:b9:10:23:f6:58:c0:e1:c8:db:22:e8:96:
                    a4:df:28:f0:36:ff:21:8b:f7:f8:25:59:c4:b9:3f:
                    54:fa:10:49:ad:24:e9:2c:15:b4:0c:e2:f7:6f:9c:
                    6d:43:52:b1:62:11:ad:da:73:cc:3d:08:f1:77:59:
                    ff:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:FA:24:E0:16:C7:C6:B7:88:93:FF:F8:1D:93:FD:AD:01:6E:3C:EE
            X509v3 Authority Key Identifier:
                keyid:E9:6D:85:99:6E:93:54:D1:00:5E:44:C7:81:D3:8A:DC:F1:08:28:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/E96D85996E9354D1005E44C781D38ADCF1082873.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6W2FmW6TVNEAXkTHgdOK3PEIKHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/3231332e352e3133322e302f32342d3234203d3e203530333931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.5.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:ae:56:2e:f0:74:4e:42:4e:42:b2:d4:c6:0b:3e:3f:8e:c8:
         9f:60:34:ee:d9:94:72:b4:7d:0a:c6:3b:4e:16:48:af:11:1b:
         6b:bc:fe:8b:d9:cd:af:b1:36:78:cc:ff:49:d6:22:9f:f8:59:
         86:6f:25:19:8b:5b:27:0f:da:f1:cb:1b:03:60:65:05:5a:19:
         75:60:4b:18:1b:2e:70:d8:55:9c:5f:28:18:6c:a2:3e:67:60:
         0f:14:38:f7:3e:8b:f0:f7:86:81:5a:fd:77:00:e9:1f:06:fe:
         6e:52:8e:48:41:26:a9:aa:9d:34:b5:a4:69:ac:f0:a1:6b:1d:
         2f:7e:ac:f4:e3:76:1c:0d:23:7e:4d:cf:6d:52:df:cc:37:af:
         49:56:58:05:66:53:2f:10:77:49:f8:67:87:59:c5:74:12:3d:
         ea:c6:22:4c:17:b9:dd:c9:c8:58:f5:12:9e:45:97:90:49:63:
         5b:33:18:aa:cc:56:6f:16:04:6a:e4:c9:95:72:9c:d0:0d:ac:
         a9:73:4a:f8:1d:b8:4b:a7:b4:b7:ed:69:2c:09:8e:0b:50:28:
         1f:d5:aa:eb:95:c1:1d:0e:5e:ba:f3:be:03:f7:96:fd:02:1f:
         e4:9e:f7:a0:9a:28:b7:73:d3:e1:df:6f:f0:d7:d7:2c:ef:5f:
         3a:bc:d5:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUScN9k50VjgSJ028JFl1SctpnkIIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTk2ZDg1OTk2ZTkzNTRkMTAwNWU0NGM3ODFkMzhhZGNm
MTA4Mjg3MzAeFw0yNjA0MjIxNDE3NTBaFw0yNzA0MjExNDIyNTBaMDMxMTAvBgNV
BAMTKDJGRkEyNEUwMTZDN0M2Qjc4ODkzRkZGODFEOTNGREFEMDE2RTNDRUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGB4OW/7WjIay8iZx85A6qc2nd
xHKVkj3G42xKBzXcfMAc96IHLbLre22VtJ9sTi+w6ggAw4PGseGpNLPGtfFbiEcW
LM4hC69Nie5DIVbkxqaC0cLmEeVyZTGMvvDiYSgg2gsDpy2lmcRSHYzuE6II+Lx9
afVK7jkoVhYtu3kGy4bixYGQALepr0tdcsVUQkrfiAyjd6Ji2ftYvUT4BQ8irjwg
FIMu85Q9UqOBy17mishOq0rYHjnW9cNw6UKCkPZS4mz34bkQI/ZYwOHI2yLolqTf
KPA2/yGL9/glWcS5P1T6EEmtJOksFbQM4vdvnG1DUrFiEa3ac8w9CPF3Wf/3AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUL/ok4BbHxreIk//4HZP9rQFuPO4wHwYDVR0j
BBgwFoAU6W2FmW6TVNEAXkTHgdOK3PEIKHMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExMTViYzYtMTBmNi00YWYzLWJhMDktOGI2ODdhNTZm
YmY1LzAvRTk2RDg1OTk2RTkzNTREMTAwNUU0NEM3ODFEMzhBRENGMTA4Mjg3My5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZXMkZtVzZUVk5FQVhrVEhnZE9LM1BF
SUtITS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExMTViYzYt
MTBmNi00YWYzLWJhMDktOGI2ODdhNTZmYmY1LzAvMzIzMTMzMmUzNTJlMzEzMzMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDMzMzkzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANUF
hDANBgkqhkiG9w0BAQsFAAOCAQEAOq5WLvB0TkJOQrLUxgs+P47In2A07tmUcrR9
CsY7ThZIrxEba7z+i9nNr7E2eMz/SdYin/hZhm8lGYtbJw/a8csbA2BlBVoZdWBL
GBsucNhVnF8oGGyiPmdgDxQ49z6L8PeGgVr9dwDpHwb+blKOSEEmqaqdNLWkaazw
oWsdL36s9ON2HA0jfk3PbVLfzDevSVZYBWZTLxB3Sfhnh1nFdBI96sYiTBe53cnI
WPUSnkWXkEljWzMYqsxWbxYEauTJlXKc0A2sqXNK+B24S6e0t+1pLAmOC1AoH9Wq
65XBHQ5euvO+A/eW/QIf5J73oJoot3PT4d9v8NfXLO9fOrzV8Q==
-----END CERTIFICATE-----