Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134382e302f32332d3234203d3e2038383831.roa
File:                     35312e3134362e3134382e302f32332d3234203d3e2038383831.roa (raw, json)
Hash identifier:          Z3lr+uaIqAuEM212bqhMw8x344CK998TptR/krIUILQ=
Subject key identifier:   69:10:C4:3B:7D:D3:62:3C:25:A4:42:E8:AB:52:18:EC:9D:CB:CC:0B
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5902EBFA85195A6C4FB8587465D1EA66F90EAEB9
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134382e302f32332d3234203d3e2038383831.roa
Signing time:             Tue 03 Mar 2026 12:51:53 +0000
ROA not before:           Tue 03 Mar 2026 12:46:53 +0000
ROA not after:            Tue 02 Mar 2027 12:51:53 +0000
asID:                     8881
IP address blocks:        51.146.148.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:02:eb:fa:85:19:5a:6c:4f:b8:58:74:65:d1:ea:66:f9:0e:ae:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar  3 12:46:53 2026 GMT
            Not After : Mar  2 12:51:53 2027 GMT
        Subject: CN=6910C43B7DD3623C25A442E8AB5218EC9DCBCC0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b6:48:d5:33:08:8d:bc:23:02:ba:3e:ce:d0:
                    68:02:36:1b:83:bc:48:48:a0:45:95:de:e8:0e:e6:
                    1a:c7:52:50:40:35:a8:5f:ac:c1:a6:9b:00:ad:e4:
                    08:06:c0:a7:76:98:e2:35:70:81:99:a0:30:5c:6c:
                    7e:81:3f:10:d2:33:e7:b1:7e:07:f7:c7:12:94:e0:
                    27:39:bf:cc:67:81:e3:af:18:6a:8c:d3:68:4c:e8:
                    4a:fd:98:78:e9:f8:ca:30:13:fd:aa:db:e9:96:7a:
                    66:89:85:7d:86:d1:90:58:81:f3:42:11:fe:f8:3b:
                    58:21:44:09:d1:8d:ff:79:41:14:16:87:88:50:56:
                    30:51:ee:23:83:a5:b9:6c:20:5e:41:a5:4e:d1:57:
                    fe:3c:53:d0:87:ce:fc:14:a2:f1:63:d0:92:19:00:
                    3a:89:aa:ad:35:52:84:25:d4:bd:c7:1b:35:22:b3:
                    f1:ac:4e:a2:67:70:1c:cf:46:eb:80:85:1f:87:2a:
                    c6:d1:06:0e:1e:1e:dd:3f:25:94:cf:bb:59:d3:cf:
                    29:80:85:2f:f4:d8:e7:fe:fd:bf:b5:61:ab:1b:aa:
                    de:d4:b3:8c:75:74:48:49:bb:ee:0d:aa:92:cf:06:
                    ed:cb:44:79:51:75:6f:35:db:f9:5d:1c:16:75:0c:
                    da:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:10:C4:3B:7D:D3:62:3C:25:A4:42:E8:AB:52:18:EC:9D:CB:CC:0B
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134382e302f32332d3234203d3e2038383831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:fc:4c:da:6d:03:a8:3b:c2:0c:a1:09:b6:7a:92:62:70:74:
         82:a5:6e:a9:c8:6a:0a:14:ef:8c:ca:ef:44:1b:b6:e4:19:de:
         cc:0b:51:fc:b7:45:a3:21:1d:17:9d:1c:6d:76:3c:c7:9f:31:
         42:51:e4:87:12:50:9e:9d:65:3f:5a:78:ad:71:df:f6:9d:c5:
         fa:e5:04:52:d8:06:d2:a8:30:7d:34:ab:9a:65:fa:e5:0f:f7:
         de:fe:dc:dc:96:0f:53:ec:dc:d0:81:29:be:0a:f7:ce:4b:46:
         ce:02:fe:84:1b:dd:69:9d:d9:b2:ba:d5:05:d1:17:5e:8d:25:
         88:9b:47:22:7d:b8:d7:55:a2:07:92:68:41:0b:4f:4f:78:88:
         da:71:e7:1e:b8:e0:c2:12:33:40:a7:f2:89:70:8c:49:ba:1b:
         47:a3:2f:60:92:07:54:85:f3:53:51:d2:48:44:13:78:e8:44:
         d5:91:0c:5a:bb:88:48:c6:ca:d8:59:ce:23:80:e5:17:3f:c6:
         50:04:9a:7b:d3:91:43:17:98:92:ca:57:18:41:d0:db:51:03:
         71:4f:a5:2b:70:70:b1:f4:d5:9e:60:29:59:78:a6:d4:70:f0:
         5d:7c:59:82:a4:c0:80:27:7d:15:28:d2:57:59:60:67:49:fb:
         dc:71:21:21
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUWQLr+oUZWmxPuFh0ZdHqZvkOrrkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMDMxMjQ2NTNaFw0yNzAzMDIxMjUxNTNaMDMxMTAvBgNV
BAMTKDY5MTBDNDNCN0REMzYyM0MyNUE0NDJFOEFCNTIxOEVDOURDQkNDMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhtkjVMwiNvCMCuj7O0GgCNhuD
vEhIoEWV3ugO5hrHUlBANahfrMGmmwCt5AgGwKd2mOI1cIGZoDBcbH6BPxDSM+ex
fgf3xxKU4Cc5v8xngeOvGGqM02hM6Er9mHjp+MowE/2q2+mWemaJhX2G0ZBYgfNC
Ef74O1ghRAnRjf95QRQWh4hQVjBR7iODpblsIF5BpU7RV/48U9CHzvwUovFj0JIZ
ADqJqq01UoQl1L3HGzUis/GsTqJncBzPRuuAhR+HKsbRBg4eHt0/JZTPu1nTzymA
hS/02Of+/b+1Yasbqt7Us4x1dEhJu+4NqpLPBu3LRHlRdW812/ldHBZ1DNonAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaRDEO33TYjwlpELoq1IY7J3LzAswHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM0
MzgyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODM4MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATOS
lDANBgkqhkiG9w0BAQsFAAOCAQEAg/xM2m0DqDvCDKEJtnqSYnB0gqVuqchqChTv
jMrvRBu25BnezAtR/LdFoyEdF50cbXY8x58xQlHkhxJQnp1lP1p4rXHf9p3F+uUE
UtgG0qgwfTSrmmX65Q/33v7c3JYPU+zc0IEpvgr3zktGzgL+hBvdaZ3ZsrrVBdEX
Xo0liJtHIn2411WiB5JoQQtPT3iI2nHnHrjgwhIzQKfyiXCMSbobR6MvYJIHVIXz
U1HSSEQTeOhE1ZEMWruISMbK2FnOI4DlFz/GUASae9ORQxeYkspXGEHQ21EDcU+l
K3BwsfTVnmApWXim1HDwXXxZgqTAgCd9FSjSV1lgZ0n73HEhIQ==
-----END CERTIFICATE-----