Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3234302e302f32302d3234203d3e20383334.roa
File:                     35312e3134362e3234302e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          vWANpmM8KOMFtoVS+ExsmN9fLxPlcrsYEdxx1T+wdtI=
Subject key identifier:   83:70:0C:03:FA:21:87:FF:08:D2:C8:E5:51:4B:CB:34:26:A8:B3:A1
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5CDD6A21F45683EC28C5ED6DA79BDD5BF504B6B5
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3234302e302f32302d3234203d3e20383334.roa
Signing time:             Thu 26 Mar 2026 16:05:58 +0000
ROA not before:           Thu 26 Mar 2026 16:00:58 +0000
ROA not after:            Thu 25 Mar 2027 16:05:58 +0000
asID:                     834
IP address blocks:        51.146.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 31 Mar 2026 13:25:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:dd:6a:21:f4:56:83:ec:28:c5:ed:6d:a7:9b:dd:5b:f5:04:b6:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 26 16:00:58 2026 GMT
            Not After : Mar 25 16:05:58 2027 GMT
        Subject: CN=83700C03FA2187FF08D2C8E5514BCB3426A8B3A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:93:ef:17:0a:99:50:e9:f7:4f:70:f1:ce:
                    f9:bf:c1:61:76:ed:f4:9f:97:d2:d7:d7:d9:e9:c8:
                    fa:b5:3d:a8:f1:94:c4:87:c9:4f:08:f3:8f:e7:41:
                    5b:88:f4:fb:93:b1:2d:7b:98:3f:f7:f0:aa:d8:56:
                    02:b7:91:db:25:5d:fb:38:a3:63:a7:73:45:80:0d:
                    16:dd:de:c5:54:6b:8d:47:68:ab:03:3f:11:e3:a9:
                    b3:c5:0c:e9:24:1c:fb:7e:30:bb:9b:32:51:a7:ff:
                    c8:45:16:15:1b:ef:81:8b:4e:09:77:4f:4d:e6:76:
                    f6:41:3f:cd:3b:98:7b:db:e9:f0:4a:1c:7b:79:38:
                    c2:38:f0:68:2e:a3:63:59:fd:21:0f:bf:c2:84:7f:
                    a6:f2:86:12:5c:c4:70:f2:d5:e6:1e:9f:1c:d0:c3:
                    78:e9:80:80:75:99:68:6c:77:ec:49:86:ba:c1:9e:
                    32:51:62:72:01:ce:93:f6:a7:d7:74:5c:56:7c:07:
                    55:e7:16:48:2c:33:8f:e8:0d:7c:f6:d1:c6:e9:35:
                    b2:43:f5:79:7f:1d:3e:27:00:53:f5:ec:a3:2a:f6:
                    23:ea:53:a7:71:8d:f3:ab:b3:f5:3e:c5:5a:fd:5b:
                    11:25:53:bf:0b:cc:bc:ce:4a:24:c8:3a:55:ba:fe:
                    37:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:70:0C:03:FA:21:87:FF:08:D2:C8:E5:51:4B:CB:34:26:A8:B3:A1
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3234302e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         54:95:7d:48:bc:96:b5:df:18:c2:85:0b:a7:de:01:66:c4:05:
         ac:de:5f:9d:60:ce:09:91:72:bd:4d:1a:99:22:48:66:9e:ca:
         dd:33:a2:9d:04:93:c9:fd:a6:d5:6e:0f:59:37:71:72:76:fa:
         17:ac:98:f1:0b:de:50:d6:b2:76:8d:72:dc:0e:34:62:a0:4c:
         88:59:c5:67:30:31:02:fe:47:9f:58:ef:f0:d4:66:59:7c:5a:
         14:41:7f:cf:94:c0:ef:6c:53:2a:f0:c0:36:de:29:cc:36:70:
         2e:55:2d:6d:ac:2d:10:3b:c1:3d:7a:eb:e5:14:0d:14:dd:ef:
         58:38:14:08:f7:c2:30:48:2a:85:3d:71:17:28:db:30:ab:b8:
         dd:97:49:c3:e7:df:ca:6e:49:f3:ec:39:01:25:f3:91:ac:ca:
         df:93:7b:5a:8b:3f:74:4b:4f:2b:05:34:37:c6:fc:1e:c3:17:
         ab:2d:d5:98:39:d0:7d:12:56:99:f8:91:13:8f:ad:85:5e:b3:
         1a:3f:96:42:0e:75:76:35:2e:45:5d:49:ca:3d:e2:f8:e1:4e:
         bc:37:dc:b3:b2:ab:a4:b1:5c:43:f7:cf:ca:d3:88:29:5c:23:
         77:87:b7:c7:27:05:de:b3:a6:08:da:9a:cb:70:db:0c:20:86:
         5a:88:1a:b5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUXN1qIfRWg+woxe1tp5vdW/UEtrUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjYxNjAwNThaFw0yNzAzMjUxNjA1NThaMDMxMTAvBgNV
BAMTKDgzNzAwQzAzRkEyMTg3RkYwOEQyQzhFNTUxNEJDQjM0MjZBOEIzQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpEpPvFwqZUOn3T3Dxzvm/wWF2
7fSfl9LX19npyPq1PajxlMSHyU8I84/nQVuI9PuTsS17mD/38KrYVgK3kdslXfs4
o2Onc0WADRbd3sVUa41HaKsDPxHjqbPFDOkkHPt+MLubMlGn/8hFFhUb74GLTgl3
T03mdvZBP807mHvb6fBKHHt5OMI48Gguo2NZ/SEPv8KEf6byhhJcxHDy1eYenxzQ
w3jpgIB1mWhsd+xJhrrBnjJRYnIBzpP2p9d0XFZ8B1XnFkgsM4/oDXz20cbpNbJD
9Xl/HT4nAFP17KMq9iPqU6dxjfOrs/U+xVr9WxElU78LzLzOSiTIOlW6/jfpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUg3AMA/ohh/8I0sjlUUvLNCaos6EwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMjM0
MzAyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQzkvAw
DQYJKoZIhvcNAQELBQADggEBAFSVfUi8lrXfGMKFC6feAWbEBazeX51gzgmRcr1N
GpkiSGaeyt0zop0Ek8n9ptVuD1k3cXJ2+hesmPEL3lDWsnaNctwONGKgTIhZxWcw
MQL+R59Y7/DUZll8WhRBf8+UwO9sUyrwwDbeKcw2cC5VLW2sLRA7wT166+UUDRTd
71g4FAj3wjBIKoU9cRco2zCruN2XScPn38puSfPsOQEl85Gsyt+Te1qLP3RLTysF
NDfG/B7DF6st1Zg50H0SVpn4kROPrYVesxo/lkIOdXY1LkVdSco94vjhTrw33LOy
q6SxXEP3z8rTiClcI3eHt8cnBd6zpgjamstw2wwghlqIGrU=
-----END CERTIFICATE-----