Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134342e302f32322d3234203d3e2038383831.roa
File:                     35312e3134362e3134342e302f32322d3234203d3e2038383831.roa (raw, json)
Hash identifier:          7E8OZCOTyNB5Bi/JswUx8+AQnoqjOsCfs6w0cQH+q3M=
Subject key identifier:   4E:4E:F6:13:77:79:27:D4:B1:E8:D9:A8:5E:78:CC:4A:72:85:E3:6A
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       29D92474D1089C2F37261E6BD0862F35845130C1
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134342e302f32322d3234203d3e2038383831.roa
Signing time:             Tue 03 Mar 2026 12:51:52 +0000
ROA not before:           Tue 03 Mar 2026 12:46:52 +0000
ROA not after:            Tue 02 Mar 2027 12:51:52 +0000
asID:                     8881
IP address blocks:        51.146.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:d9:24:74:d1:08:9c:2f:37:26:1e:6b:d0:86:2f:35:84:51:30:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar  3 12:46:52 2026 GMT
            Not After : Mar  2 12:51:52 2027 GMT
        Subject: CN=4E4EF613777927D4B1E8D9A85E78CC4A7285E36A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:66:fa:62:cb:78:ea:8c:a8:ad:81:ad:66:7e:
                    99:64:f3:4a:7b:10:3b:61:76:0a:ef:9b:4f:f7:7a:
                    91:98:21:b3:be:38:75:54:be:6b:6b:2e:a4:4a:0d:
                    b5:71:c8:bf:55:b8:0c:80:54:8e:95:c9:3e:43:68:
                    b1:22:d0:3b:7f:1a:2c:28:1f:11:e9:70:64:f7:8c:
                    57:42:2c:db:e4:ea:05:c5:65:ba:84:e1:eb:82:4a:
                    58:f1:de:e5:5d:c3:d4:74:13:48:3e:a4:64:7e:db:
                    df:3f:d6:00:ae:ba:c4:0a:1c:a9:cc:5d:e1:b8:92:
                    28:40:5f:19:b7:70:fc:3a:97:16:cb:b5:5a:97:27:
                    a0:8b:a1:2e:90:7d:ab:36:99:8e:39:b6:e8:7d:c2:
                    85:82:65:50:73:03:69:6d:30:1c:2b:6d:3e:1a:9c:
                    1c:ed:70:6b:8e:3e:23:81:fc:6b:8a:12:d5:7c:27:
                    c5:0b:2d:0f:60:41:6c:13:8d:45:15:ad:00:92:2f:
                    41:e1:06:79:df:a4:86:e9:8e:92:69:77:d3:09:d6:
                    cf:ec:30:44:98:45:35:ed:9c:80:23:db:ed:d4:85:
                    6c:99:c8:78:1b:a2:21:8d:90:0e:da:eb:6f:ff:41:
                    e9:b8:4a:42:bd:0b:85:c3:23:f5:aa:e4:bc:85:36:
                    97:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:4E:F6:13:77:79:27:D4:B1:E8:D9:A8:5E:78:CC:4A:72:85:E3:6A
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134342e302f32322d3234203d3e2038383831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:7f:38:6c:8e:1b:71:00:a9:40:e3:fd:82:6a:f2:87:b4:5f:
         f3:dd:29:94:9a:ca:bc:e9:77:53:ad:27:3d:e9:47:36:68:df:
         8c:25:d9:db:e8:65:23:29:c4:c9:4d:b9:be:ed:81:5b:b1:3e:
         6d:8a:a1:99:7f:ce:75:29:a8:65:81:4c:eb:d8:10:28:cc:91:
         e5:91:38:d1:cf:2a:93:64:29:60:96:61:2c:81:c0:b1:e3:10:
         db:78:37:f2:0a:67:83:2f:21:61:55:d4:af:33:ad:9e:fe:9a:
         81:b8:c6:64:25:c1:d1:16:e4:4e:0f:4f:f3:5f:0b:38:d9:9f:
         36:0f:bc:f4:d0:3c:a2:d7:9f:08:93:01:67:d1:c9:21:b5:76:
         b5:26:ed:2a:e1:94:24:a8:c4:be:46:20:30:eb:25:6b:c8:a4:
         39:4a:1b:73:5a:09:76:d0:aa:69:80:62:0f:f4:b0:80:b1:58:
         f2:ff:5e:b7:96:2e:75:bf:5b:55:08:48:6e:b8:57:59:5e:0b:
         3a:2e:8c:f5:d1:f2:38:40:de:9a:c9:7c:6a:d7:e8:bc:75:6d:
         9f:8e:cf:c0:a1:5a:f9:48:ae:72:57:f5:d9:e6:a4:81:d6:f1:
         7b:ea:aa:1c:b5:f9:44:66:6b:81:13:bd:40:52:0f:10:26:d6:
         a0:07:96:03
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKdkkdNEInC83Jh5r0IYvNYRRMMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMDMxMjQ2NTJaFw0yNzAzMDIxMjUxNTJaMDMxMTAvBgNV
BAMTKDRFNEVGNjEzNzc3OTI3RDRCMUU4RDlBODVFNzhDQzRBNzI4NUUzNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeZvpiy3jqjKitga1mfplk80p7
EDthdgrvm0/3epGYIbO+OHVUvmtrLqRKDbVxyL9VuAyAVI6VyT5DaLEi0Dt/Giwo
HxHpcGT3jFdCLNvk6gXFZbqE4euCSljx3uVdw9R0E0g+pGR+298/1gCuusQKHKnM
XeG4kihAXxm3cPw6lxbLtVqXJ6CLoS6Qfas2mY45tuh9woWCZVBzA2ltMBwrbT4a
nBztcGuOPiOB/GuKEtV8J8ULLQ9gQWwTjUUVrQCSL0HhBnnfpIbpjpJpd9MJ1s/s
MESYRTXtnIAj2+3UhWyZyHgboiGNkA7a62//Qem4SkK9C4XDI/Wq5LyFNpcJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTk72E3d5J9Sx6NmoXnjMSnKF42owHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM0
MzQyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODM4MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjOS
kDANBgkqhkiG9w0BAQsFAAOCAQEAQ384bI4bcQCpQOP9gmryh7Rf890plJrKvOl3
U60nPelHNmjfjCXZ2+hlIynEyU25vu2BW7E+bYqhmX/OdSmoZYFM69gQKMyR5ZE4
0c8qk2QpYJZhLIHAseMQ23g38gpngy8hYVXUrzOtnv6agbjGZCXB0RbkTg9P818L
ONmfNg+89NA8otefCJMBZ9HJIbV2tSbtKuGUJKjEvkYgMOsla8ikOUobc1oJdtCq
aYBiD/SwgLFY8v9et5Yudb9bVQhIbrhXWV4LOi6M9dHyOEDemsl8atfovHVtn47P
wKFa+Uiuclf12eakgdbxe+qqHLX5RGZrgRO9QFIPECbWoAeWAw==
-----END CERTIFICATE-----