Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3135302e302f32342d3234203d3e20383334.roa
File:                     3139352e35382e3135302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          dPmPtzuQSfYV8X4g3kOZYwkc6KRuUux7TAC1IzkWif4=
Subject key identifier:   8E:47:AF:CC:18:DF:F7:A7:C2:84:4C:2C:D5:AC:13:F3:15:CA:65:61
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       7ED0F7E76965BCC5B44736D1E4AF60022B666A42
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3135302e302f32342d3234203d3e20383334.roa
Signing time:             Sat 28 Mar 2026 12:39:55 +0000
ROA not before:           Sat 28 Mar 2026 12:34:55 +0000
ROA not after:            Sat 27 Mar 2027 12:39:55 +0000
asID:                     834
IP address blocks:        195.58.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 13:18:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d0:f7:e7:69:65:bc:c5:b4:47:36:d1:e4:af:60:02:2b:66:6a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Mar 28 12:34:55 2026 GMT
            Not After : Mar 27 12:39:55 2027 GMT
        Subject: CN=8E47AFCC18DFF7A7C2844C2CD5AC13F315CA6561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c8:c0:41:25:83:1c:8e:a1:ba:88:27:58:2c:
                    84:93:78:86:52:78:11:fe:c8:b7:07:e8:3b:2b:70:
                    e0:a2:ea:38:4f:b9:86:a1:82:5f:2b:c7:a9:a4:1a:
                    7c:c8:2b:08:3a:30:6a:fb:48:a2:11:bc:42:c6:a9:
                    2b:d5:24:86:3d:ea:dd:48:71:ac:ef:96:a3:c9:45:
                    11:04:04:aa:a1:df:69:0d:a3:8d:3c:76:9f:69:e1:
                    4d:fa:30:93:ec:60:02:fb:69:1a:f2:2f:11:d9:dc:
                    a6:90:27:c6:75:fb:a3:c3:84:f9:3b:26:8f:26:09:
                    15:ee:fc:ef:07:41:68:04:18:13:f8:67:cf:ce:a4:
                    75:ad:75:2d:a7:59:2e:c0:df:dc:c4:55:c1:11:78:
                    f1:82:a9:b9:10:6c:11:78:5c:e9:c3:4d:23:3d:6b:
                    03:53:22:8b:25:35:1d:a3:d2:d2:15:bf:e0:ab:2d:
                    75:ce:4f:c3:27:96:d0:43:56:64:e6:b9:8e:a1:9a:
                    48:df:c4:c9:30:5c:c4:97:9f:e6:ca:e8:cf:26:5e:
                    8d:4b:e4:ac:6a:3a:17:35:12:cb:18:6f:87:99:fc:
                    39:d4:a2:8c:60:1c:4a:4a:6e:e6:59:4a:05:92:f7:
                    6b:b7:4d:7a:17:cb:94:44:30:77:8f:ea:73:49:71:
                    44:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:47:AF:CC:18:DF:F7:A7:C2:84:4C:2C:D5:AC:13:F3:15:CA:65:61
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3135302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b3:a1:db:2b:5c:8e:25:f1:04:1f:d7:1e:81:4a:4c:21:fc:
         6c:3d:ff:6a:2d:e7:ed:4d:ff:52:92:80:80:4d:48:d7:86:d9:
         1d:0b:a2:93:64:ff:9e:f7:de:a7:06:79:e5:43:47:20:72:32:
         02:bc:f3:af:f5:bb:f3:dd:45:6d:26:96:7e:c1:be:61:7f:d9:
         07:e4:c7:0b:03:72:ef:4a:9b:b8:f1:6b:aa:03:83:cb:80:2d:
         9b:96:37:ec:48:e9:e7:b5:98:ef:f5:b3:8b:de:db:1c:ec:2d:
         cc:83:3a:12:1a:ec:db:dc:63:9a:fa:a2:20:cb:2b:fd:50:ef:
         dc:5c:5d:a7:bd:e1:2d:c1:40:21:76:e8:75:d6:d3:c7:ad:ac:
         23:0a:37:f8:b3:08:33:a4:3c:00:9e:73:e0:7e:13:20:58:f8:
         94:c3:1e:86:51:5b:3b:9f:93:e1:15:fc:78:74:27:a9:e6:78:
         12:30:78:cc:d0:37:cc:e8:66:bf:a4:16:4e:89:6b:e7:39:83:
         52:02:1c:75:ec:6d:a6:de:c6:4d:ed:53:8c:9d:ed:78:9f:68:
         f6:b4:d8:a0:35:a3:d9:b7:c3:cd:78:9d:a1:92:ec:27:0a:49:
         da:0c:2b:06:bf:09:25:11:5f:64:c8:4c:cf:46:b7:10:c6:12:
         6b:17:57:01
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUftD352llvMW0RzbR5K9gAitmakIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAzMjgxMjM0NTVaFw0yNzAzMjcxMjM5NTVaMDMxMTAvBgNV
BAMTKDhFNDdBRkNDMThERkY3QTdDMjg0NEMyQ0Q1QUMxM0YzMTVDQTY1NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtyMBBJYMcjqG6iCdYLISTeIZS
eBH+yLcH6DsrcOCi6jhPuYahgl8rx6mkGnzIKwg6MGr7SKIRvELGqSvVJIY96t1I
cazvlqPJRREEBKqh32kNo408dp9p4U36MJPsYAL7aRryLxHZ3KaQJ8Z1+6PDhPk7
Jo8mCRXu/O8HQWgEGBP4Z8/OpHWtdS2nWS7A39zEVcERePGCqbkQbBF4XOnDTSM9
awNTIoslNR2j0tIVv+CrLXXOT8MnltBDVmTmuY6hmkjfxMkwXMSXn+bK6M8mXo1L
5KxqOhc1EssYb4eZ/DnUooxgHEpKbuZZSgWS92u3TXoXy5REMHeP6nNJcUTXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUjkevzBjf96fChEws1awT8xXKZWEwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTM1
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOpYw
DQYJKoZIhvcNAQELBQADggEBABqzodsrXI4l8QQf1x6BSkwh/Gw9/2ot5+1N/1KS
gIBNSNeG2R0LopNk/5733qcGeeVDRyByMgK886/1u/PdRW0mln7BvmF/2QfkxwsD
cu9Km7jxa6oDg8uALZuWN+xI6ee1mO/1s4ve2xzsLcyDOhIa7NvcY5r6oiDLK/1Q
79xcXae94S3BQCF26HXW08etrCMKN/izCDOkPACec+B+EyBY+JTDHoZRWzufk+EV
/Hh0J6nmeBIweMzQN8zoZr+kFk6Ja+c5g1ICHHXsbabexk3tU4yd7XifaPa02KA1
o9m3w814naGS7CcKSdoMKwa/CSURX2TITM9GtxDGEmsXVwE=
-----END CERTIFICATE-----