Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134362e302f32342d3234203d3e20383334.roa
File:                     3139352e35382e3134362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          IIb9oDw0VgSWfjfbLqj6oyrKf0X4OmQNhm3mSSgtiM4=
Subject key identifier:   88:92:D3:50:07:B2:C2:2C:28:C4:07:B8:3F:30:86:18:6A:FA:F8:A0
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       121DF2C52FF3421F9D2111CED9795292C2586DE8
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134362e302f32342d3234203d3e20383334.roa
Signing time:             Mon 30 Mar 2026 03:00:24 +0000
ROA not before:           Mon 30 Mar 2026 02:55:24 +0000
ROA not after:            Mon 29 Mar 2027 03:00:24 +0000
asID:                     834
IP address blocks:        195.58.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 13:18:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:1d:f2:c5:2f:f3:42:1f:9d:21:11:ce:d9:79:52:92:c2:58:6d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Mar 30 02:55:24 2026 GMT
            Not After : Mar 29 03:00:24 2027 GMT
        Subject: CN=8892D35007B2C22C28C407B83F3086186AFAF8A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:cd:56:9d:e6:35:f7:8b:df:b4:c2:f8:fb:f9:
                    c0:bb:83:b6:96:9a:44:0f:2a:a3:85:ee:3f:17:19:
                    a7:93:dd:d9:44:33:23:d1:45:f6:6a:25:bb:28:e5:
                    1d:34:fa:c6:a4:3e:2a:65:90:2b:16:93:7d:74:66:
                    62:c0:b7:62:f2:95:a0:ab:1d:29:6e:7c:7c:07:bb:
                    18:97:73:04:83:da:13:ec:cc:e3:ec:88:60:cc:2f:
                    6d:5d:da:95:01:45:e3:de:27:cb:6d:29:b7:05:bd:
                    c7:05:ad:eb:06:a7:25:8a:b3:dd:22:ba:ef:c6:cc:
                    ed:77:36:14:60:11:a3:6b:80:bc:60:ca:a9:cc:b7:
                    af:0a:d2:6e:a5:c5:01:23:0e:de:6c:4a:7e:82:9e:
                    49:67:b0:33:58:c0:a4:77:8b:82:69:1e:87:d3:26:
                    7e:0f:22:b7:89:cd:1a:29:4f:cf:a7:80:15:77:7d:
                    9f:8b:b6:91:b5:7a:a4:c3:2e:82:40:b2:d5:51:e6:
                    08:00:b4:43:cf:9b:02:b4:b0:cd:c8:c1:45:34:39:
                    85:ef:0f:a5:6e:11:c2:da:9d:52:60:ce:cc:11:80:
                    77:99:21:28:17:c7:bf:dc:6d:15:99:c2:f4:55:63:
                    bf:f3:1a:d9:74:f5:9f:5b:88:a1:97:23:44:5e:18:
                    ab:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:92:D3:50:07:B2:C2:2C:28:C4:07:B8:3F:30:86:18:6A:FA:F8:A0
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:cd:38:6c:62:03:12:61:a8:d4:5e:2f:c3:e6:d1:6a:85:2f:
         33:c5:ec:29:82:a5:f0:dd:54:b1:2c:26:7b:81:a6:f1:ed:f7:
         ba:86:a9:95:9f:70:05:98:dd:05:40:a6:1f:58:fe:ac:83:3f:
         e2:88:ac:45:47:b7:92:12:38:17:50:6b:1a:c3:38:6c:9b:a6:
         92:18:11:b1:7d:ee:c7:a1:91:69:2e:9e:6b:63:a2:bb:75:df:
         10:4e:15:50:9b:01:4e:83:9c:af:c2:8d:d0:45:07:98:7c:6e:
         0c:c9:61:79:1a:87:f0:69:4c:d7:cf:42:52:8a:87:2d:05:f5:
         fc:cf:73:3a:d2:b2:16:35:68:6e:da:b2:fe:b0:77:59:51:6a:
         20:5b:85:8c:02:d1:24:29:e5:57:4a:32:bb:89:4f:dc:1c:b5:
         28:c9:19:73:90:4d:f9:13:4e:b1:69:ec:87:ed:21:ea:49:6a:
         aa:de:1c:ed:60:e8:94:62:d5:ac:64:8b:c1:fd:0d:53:34:5a:
         1e:5f:dc:14:86:2c:1b:9c:3c:43:ab:25:f3:2b:42:62:80:c9:
         77:01:cf:58:5e:bd:f3:21:b9:49:35:5a:a7:9d:89:0f:86:04:
         fa:81:73:48:72:1f:ac:fa:9e:89:bc:f2:dd:e7:6b:f0:2c:b8:
         d9:b6:58:7c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUEh3yxS/zQh+dIRHO2XlSksJYbegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAzMzAwMjU1MjRaFw0yNzAzMjkwMzAwMjRaMDMxMTAvBgNV
BAMTKDg4OTJEMzUwMDdCMkMyMkMyOEM0MDdCODNGMzA4NjE4NkFGQUY4QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7zVad5jX3i9+0wvj7+cC7g7aW
mkQPKqOF7j8XGaeT3dlEMyPRRfZqJbso5R00+sakPiplkCsWk310ZmLAt2LylaCr
HSlufHwHuxiXcwSD2hPszOPsiGDML21d2pUBRePeJ8ttKbcFvccFresGpyWKs90i
uu/GzO13NhRgEaNrgLxgyqnMt68K0m6lxQEjDt5sSn6CnklnsDNYwKR3i4JpHofT
Jn4PIreJzRopT8+ngBV3fZ+LtpG1eqTDLoJAstVR5ggAtEPPmwK0sM3IwUU0OYXv
D6VuEcLanVJgzswRgHeZISgXx7/cbRWZwvRVY7/zGtl09Z9biKGXI0ReGKs5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUiJLTUAeywiwoxAe4PzCGGGr6+KAwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTM0
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOpIw
DQYJKoZIhvcNAQELBQADggEBAE3NOGxiAxJhqNReL8Pm0WqFLzPF7CmCpfDdVLEs
JnuBpvHt97qGqZWfcAWY3QVAph9Y/qyDP+KIrEVHt5ISOBdQaxrDOGybppIYEbF9
7sehkWkunmtjort13xBOFVCbAU6DnK/CjdBFB5h8bgzJYXkah/BpTNfPQlKKhy0F
9fzPczrSshY1aG7asv6wd1lRaiBbhYwC0SQp5VdKMruJT9wctSjJGXOQTfkTTrFp
7IftIepJaqreHO1g6JRi1axki8H9DVM0Wh5f3BSGLBucPEOrJfMrQmKAyXcBz1he
vfMhuUk1WqediQ+GBPqBc0hyH6z6nom88t3na/AsuNm2WHw=
-----END CERTIFICATE-----