Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3135302e302f32332d3234203d3e2038383831.roa
File:                     35312e3134362e3135302e302f32332d3234203d3e2038383831.roa (raw, json)
Hash identifier:          VWFVCyObFm5qgcRCHXys85+qwWZp0/OPXVFNWmz1dkI=
Subject key identifier:   3F:D6:09:43:22:74:E7:C3:22:A5:6D:A8:65:13:75:24:5A:90:FD:F8
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       311CDB8755F0ACE1E15BF31C4E85D965672A7504
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3135302e302f32332d3234203d3e2038383831.roa
Signing time:             Tue 03 Mar 2026 12:51:54 +0000
ROA not before:           Tue 03 Mar 2026 12:46:54 +0000
ROA not after:            Tue 02 Mar 2027 12:51:54 +0000
asID:                     8881
IP address blocks:        51.146.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:1c:db:87:55:f0:ac:e1:e1:5b:f3:1c:4e:85:d9:65:67:2a:75:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar  3 12:46:54 2026 GMT
            Not After : Mar  2 12:51:54 2027 GMT
        Subject: CN=3FD609432274E7C322A56DA8651375245A90FDF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:25:ed:3f:73:d9:f6:94:6f:da:d4:dd:86:3e:
                    b5:57:15:db:7d:4c:e4:cb:03:3c:8f:98:96:93:db:
                    8f:84:cc:2a:57:8a:a9:b7:79:d3:60:41:c7:df:4a:
                    00:70:ba:e2:88:19:02:9a:06:cf:c8:56:40:08:03:
                    9d:0f:ca:37:66:54:d0:25:f2:97:fc:ac:02:8c:e8:
                    70:a9:5d:68:06:5c:d9:d4:32:f0:93:7b:fa:98:32:
                    d1:80:5b:a9:24:40:b0:d6:0d:a1:cc:45:1c:ba:10:
                    3e:84:f3:15:2a:93:d5:e7:f3:b9:67:17:93:05:92:
                    77:ab:26:e5:a8:0c:5a:99:ec:54:ab:09:33:b4:0f:
                    cb:15:ef:3b:d0:2c:95:2d:75:07:6e:8c:62:5b:02:
                    51:53:bc:5c:22:a1:e2:d9:81:8f:cc:63:b0:3d:30:
                    f2:c4:38:9f:9b:d0:c0:ea:99:4d:f1:e9:25:40:b7:
                    68:01:5b:30:94:6c:b6:71:99:12:75:fc:93:68:34:
                    c4:e1:ec:d2:43:46:91:0d:8f:52:1e:fb:99:85:b7:
                    18:d0:d3:3e:9b:bb:dc:ff:a0:4c:4a:b8:92:4d:49:
                    0a:e4:18:9c:ba:52:3c:04:41:51:4e:0a:ff:25:c7:
                    aa:fd:11:49:78:54:fe:52:be:7b:0e:73:4a:a0:b7:
                    71:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D6:09:43:22:74:E7:C3:22:A5:6D:A8:65:13:75:24:5A:90:FD:F8
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3135302e302f32332d3234203d3e2038383831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:8d:94:a3:34:07:5a:97:41:bd:59:62:73:f2:58:e8:37:fb:
         9f:73:4c:cc:7f:7a:1a:57:97:2e:56:79:ae:08:d2:56:4d:48:
         c6:6c:eb:77:f6:38:98:9b:14:59:e1:49:1e:3e:79:e0:72:6c:
         33:7f:24:47:41:15:bf:5a:82:02:af:9d:ec:02:d8:97:59:e7:
         a1:15:09:b9:0d:2f:b7:34:88:50:b7:46:ef:6d:22:23:a3:0a:
         db:8a:7a:f1:97:56:f2:00:bd:2c:c1:74:52:a8:a2:bd:09:87:
         ec:cb:9f:5e:62:96:f3:df:69:34:23:e2:c6:22:33:20:d1:2c:
         39:6b:41:cd:eb:25:16:22:2e:04:1e:e0:d1:47:90:c7:57:a8:
         7a:9e:7a:10:49:99:f0:21:58:28:81:a3:fe:cb:45:d4:89:3d:
         c3:a4:f4:71:9a:fb:1d:55:13:7d:6f:fd:6d:e9:21:f8:5c:dd:
         79:64:69:16:60:77:8b:60:94:8a:2f:91:3f:5b:3b:26:e7:c1:
         00:47:b8:dc:53:07:40:2d:02:83:fb:62:6d:94:e0:61:be:db:
         a9:0f:05:de:77:13:40:be:31:4b:94:66:dc:3d:44:a6:f2:9a:
         7f:7e:72:14:1a:26:e3:32:c9:30:0e:e3:90:0a:a6:5a:75:3c:
         97:9c:dd:f1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMRzbh1XwrOHhW/McToXZZWcqdQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMDMxMjQ2NTRaFw0yNzAzMDIxMjUxNTRaMDMxMTAvBgNV
BAMTKDNGRDYwOTQzMjI3NEU3QzMyMkE1NkRBODY1MTM3NTI0NUE5MEZERjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJe0/c9n2lG/a1N2GPrVXFdt9
TOTLAzyPmJaT24+EzCpXiqm3edNgQcffSgBwuuKIGQKaBs/IVkAIA50PyjdmVNAl
8pf8rAKM6HCpXWgGXNnUMvCTe/qYMtGAW6kkQLDWDaHMRRy6ED6E8xUqk9Xn87ln
F5MFknerJuWoDFqZ7FSrCTO0D8sV7zvQLJUtdQdujGJbAlFTvFwioeLZgY/MY7A9
MPLEOJ+b0MDqmU3x6SVAt2gBWzCUbLZxmRJ1/JNoNMTh7NJDRpENj1Ie+5mFtxjQ
0z6bu9z/oExKuJJNSQrkGJy6UjwEQVFOCv8lx6r9EUl4VP5SvnsOc0qgt3EfAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUP9YJQyJ058MipW2oZRN1JFqQ/fgwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM1
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODM4MzgzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATOS
ljANBgkqhkiG9w0BAQsFAAOCAQEAQo2UozQHWpdBvVlic/JY6Df7n3NMzH96GleX
LlZ5rgjSVk1Ixmzrd/Y4mJsUWeFJHj554HJsM38kR0EVv1qCAq+d7ALYl1nnoRUJ
uQ0vtzSIULdG720iI6MK24p68ZdW8gC9LMF0UqiivQmH7MufXmKW899pNCPixiIz
INEsOWtBzeslFiIuBB7g0UeQx1eoep56EEmZ8CFYKIGj/stF1Ik9w6T0cZr7HVUT
fW/9bekh+FzdeWRpFmB3i2CUii+RP1s7JufBAEe43FMHQC0Cg/tibZTgYb7bqQ8F
3ncTQL4xS5Rm3D1EpvKaf35yFBom4zLJMA7jkAqmWnU8l5zd8Q==
-----END CERTIFICATE-----