Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3133312e302f32342d3234203d3e20383334.roa
File:                     3139352e35382e3133312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          3riXW5g+If6nLeM5+vyQcBGf3rq2KuDOXDJcz/N+O2o=
Subject key identifier:   51:0F:4B:81:8E:9E:EE:7F:45:FB:98:F9:B6:29:3B:23:AD:0D:4B:C2
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       38FD2D6031B4D2F5753077C2FCD4373CC9983370
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3133312e302f32342d3234203d3e20383334.roa
Signing time:             Fri 27 Mar 2026 07:15:18 +0000
ROA not before:           Fri 27 Mar 2026 07:10:18 +0000
ROA not after:            Fri 26 Mar 2027 07:15:18 +0000
asID:                     834
IP address blocks:        195.58.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 13:18:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:fd:2d:60:31:b4:d2:f5:75:30:77:c2:fc:d4:37:3c:c9:98:33:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Mar 27 07:10:18 2026 GMT
            Not After : Mar 26 07:15:18 2027 GMT
        Subject: CN=510F4B818E9EEE7F45FB98F9B6293B23AD0D4BC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:06:6c:8c:bd:b6:a2:41:f8:8d:a7:c1:86:48:
                    bf:92:56:a9:b7:e3:92:80:96:a2:91:c8:93:72:ac:
                    cf:8f:63:f1:a6:c1:72:ad:f7:96:92:f7:e7:28:e9:
                    7a:78:bb:b1:22:97:9d:ba:79:02:f5:7e:03:50:0d:
                    e7:3d:1f:ba:07:50:c7:7e:4d:a7:e5:c8:1f:cb:4a:
                    fd:44:5f:e0:23:e3:57:15:07:a7:87:39:1a:ea:d0:
                    e4:d3:a9:c9:15:b2:f3:15:0c:6c:65:88:90:58:c4:
                    7c:ca:78:43:05:2f:9b:fd:99:99:6a:5a:37:47:23:
                    e3:31:de:94:1f:c0:5c:68:05:72:d8:46:1f:e3:df:
                    63:8b:a0:9c:75:68:54:6d:15:20:c6:39:c6:65:a2:
                    b8:16:08:26:a8:9f:14:4e:6e:96:c4:1b:2d:30:01:
                    99:05:0f:14:4e:43:b7:35:ff:06:42:c6:35:3b:07:
                    f6:c6:c5:50:66:39:d7:86:4c:ab:02:03:d1:65:b6:
                    6a:8b:bd:61:8c:be:fe:32:b5:51:6d:83:bc:42:b8:
                    f2:46:38:ef:79:13:05:06:38:a9:cb:27:4c:98:83:
                    78:80:b8:a4:16:e0:a3:e1:46:fb:1a:6e:3f:e0:36:
                    c4:75:3f:a7:81:a5:d1:fd:59:e0:83:19:9d:24:b6:
                    49:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:0F:4B:81:8E:9E:EE:7F:45:FB:98:F9:B6:29:3B:23:AD:0D:4B:C2
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3133312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:3a:8a:7c:6e:4b:68:3f:a7:ea:fd:bb:98:d5:23:fb:93:23:
         b1:79:46:10:6c:eb:3d:66:9e:a8:32:8f:64:46:1c:13:4d:e5:
         fa:63:25:df:c5:35:37:fc:df:26:09:51:ee:23:ff:a0:38:4a:
         35:c9:b9:73:f8:01:58:ce:8e:50:b1:1c:f0:c7:87:40:42:12:
         a6:51:c8:f0:e6:ed:95:f3:34:39:33:e3:f0:4f:0b:a4:0f:51:
         1b:d3:94:9d:f2:da:2d:6b:a6:8f:db:3c:f7:30:e3:dd:b6:74:
         c7:98:71:f8:c2:f2:a2:13:39:2f:80:5c:ee:6d:56:3d:e0:a8:
         6c:09:03:12:3d:6a:2e:58:68:9e:93:5b:ba:e4:6a:fb:8b:29:
         f5:14:69:f2:4f:fc:3b:9c:b7:0a:26:91:15:2e:20:1d:a2:90:
         3a:a7:76:8f:25:57:8f:1d:30:28:aa:9e:27:1f:44:2c:8a:69:
         93:cf:e5:c2:5d:68:1c:9b:aa:db:cb:f9:39:4e:e6:e2:25:29:
         87:42:fd:53:f4:6d:c4:4e:08:78:a9:b3:a0:96:5a:21:04:69:
         7d:5e:ef:84:8b:f2:4d:25:7b:f1:ca:81:62:4d:d3:3a:f9:4a:
         14:7c:14:86:1d:15:01:5f:21:bb:ef:01:b2:8c:2d:8e:bc:d5:
         1c:ae:85:61
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOP0tYDG00vV1MHfC/NQ3PMmYM3AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAzMjcwNzEwMThaFw0yNzAzMjYwNzE1MThaMDMxMTAvBgNV
BAMTKDUxMEY0QjgxOEU5RUVFN0Y0NUZCOThGOUI2MjkzQjIzQUQwRDRCQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpBmyMvbaiQfiNp8GGSL+SVqm3
45KAlqKRyJNyrM+PY/GmwXKt95aS9+co6Xp4u7Eil526eQL1fgNQDec9H7oHUMd+
TaflyB/LSv1EX+Aj41cVB6eHORrq0OTTqckVsvMVDGxliJBYxHzKeEMFL5v9mZlq
WjdHI+Mx3pQfwFxoBXLYRh/j32OLoJx1aFRtFSDGOcZlorgWCCaonxRObpbEGy0w
AZkFDxROQ7c1/wZCxjU7B/bGxVBmOdeGTKsCA9FltmqLvWGMvv4ytVFtg7xCuPJG
OO95EwUGOKnLJ0yYg3iAuKQW4KPhRvsabj/gNsR1P6eBpdH9WeCDGZ0ktklJAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUUQ9LgY6e7n9F+5j5tik7I60NS8IwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTMz
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOoMw
DQYJKoZIhvcNAQELBQADggEBAHE6inxuS2g/p+r9u5jVI/uTI7F5RhBs6z1mnqgy
j2RGHBNN5fpjJd/FNTf83yYJUe4j/6A4SjXJuXP4AVjOjlCxHPDHh0BCEqZRyPDm
7ZXzNDkz4/BPC6QPURvTlJ3y2i1rpo/bPPcw4922dMeYcfjC8qITOS+AXO5tVj3g
qGwJAxI9ai5YaJ6TW7rkavuLKfUUafJP/DuctwomkRUuIB2ikDqndo8lV48dMCiq
nicfRCyKaZPP5cJdaBybqtvL+TlO5uIlKYdC/VP0bcROCHips6CWWiEEaX1e74SL
8k0le/HKgWJN0zr5ShR8FIYdFQFfIbvvAbKMLY681RyuhWE=
-----END CERTIFICATE-----