Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e35322e302f32322d3234203d3e2038383831.roa
File:                     35312e3134362e35322e302f32322d3234203d3e2038383831.roa (raw, json)
Hash identifier:          4G7fdFFa+4PFYTefn7gwfDi6WhQF6i+3aj4x1cqSfxY=
Subject key identifier:   57:A2:78:12:E8:9E:AB:91:C2:F5:5D:ED:C1:E7:E3:84:B9:65:34:0A
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6CD68F72F3031A1910DAD0C3006A0E235F2B1E16
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e35322e302f32322d3234203d3e2038383831.roa
Signing time:             Tue 03 Mar 2026 12:51:51 +0000
ROA not before:           Tue 03 Mar 2026 12:46:51 +0000
ROA not after:            Tue 02 Mar 2027 12:51:51 +0000
asID:                     8881
IP address blocks:        51.146.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:d6:8f:72:f3:03:1a:19:10:da:d0:c3:00:6a:0e:23:5f:2b:1e:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar  3 12:46:51 2026 GMT
            Not After : Mar  2 12:51:51 2027 GMT
        Subject: CN=57A27812E89EAB91C2F55DEDC1E7E384B965340A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:88:96:80:7b:ff:6c:00:eb:0f:d1:e1:08:88:
                    8e:31:b6:70:30:63:80:55:8e:20:62:a0:25:3b:cf:
                    e8:e7:b7:c5:65:a0:86:e2:e8:94:49:7b:ee:2b:d4:
                    c8:07:bc:b3:db:7a:d9:a5:6c:fa:5f:71:9a:3a:31:
                    3b:3c:2d:3f:9a:78:e6:3f:2d:29:ac:ca:3c:f0:87:
                    a1:ad:f9:f5:16:fe:a5:6c:65:f1:94:f9:1c:6e:d7:
                    20:ff:e9:cc:5c:13:b1:46:68:e5:9c:ba:23:5c:c2:
                    a5:15:51:94:78:49:f9:b3:05:90:a0:fe:63:dd:1f:
                    df:95:52:be:52:ab:d0:47:14:61:46:e1:1d:ed:d7:
                    27:d2:9c:39:de:07:61:6d:01:3a:24:72:9e:49:82:
                    8a:78:1e:7c:0c:6d:df:e6:1e:bd:dc:b2:ec:6c:1e:
                    f7:68:73:35:34:56:5f:32:f6:49:23:02:b2:ba:38:
                    94:2e:75:f9:a9:92:f2:ef:85:fb:cd:03:9e:ab:c6:
                    61:ff:9e:eb:1d:91:a6:0e:53:73:79:f0:ad:a0:72:
                    d3:04:e1:25:03:d4:ce:d4:fd:17:d3:56:88:37:bc:
                    53:e4:1b:ca:4a:e5:da:cc:80:75:15:95:d1:e4:63:
                    05:17:c2:bb:bc:63:ca:3c:a3:0e:4b:0e:7a:06:c6:
                    fa:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:A2:78:12:E8:9E:AB:91:C2:F5:5D:ED:C1:E7:E3:84:B9:65:34:0A
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e35322e302f32322d3234203d3e2038383831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:36:8a:b6:04:1f:66:c0:e0:59:ab:4a:91:09:6b:60:5f:ab:
         dc:99:18:32:8f:24:4d:da:dd:a4:80:ba:9d:a4:13:89:c5:ed:
         4e:10:a8:2c:fc:ce:12:e9:d9:25:0f:67:61:38:8b:74:09:45:
         ca:d2:2d:b3:6c:a7:b7:6f:b4:fd:8e:70:6a:dd:2e:34:89:0d:
         b0:88:b2:43:44:9f:12:c8:d6:4c:c1:4a:c6:39:9b:87:a0:44:
         84:9d:a2:d6:30:b0:7d:29:b0:e3:84:8b:f1:a8:3a:a3:95:90:
         1b:55:9f:22:77:1a:ab:3d:90:9d:40:d6:46:69:19:de:d4:b7:
         03:9d:c8:1b:7b:14:95:63:c6:6c:b3:93:9e:33:2f:11:f5:97:
         f0:ec:e7:cf:44:09:b0:d1:20:57:33:b5:01:c7:bf:13:13:8f:
         34:20:54:39:2b:ae:f7:9f:73:50:8a:71:25:91:77:4b:15:26:
         5b:44:55:c9:01:ac:d8:77:b8:01:09:57:19:56:26:1c:e3:53:
         8e:4f:77:45:d8:7e:b8:49:c0:96:d1:75:9f:27:44:5d:33:d5:
         50:ba:8b:d2:e2:79:6e:dc:ec:e4:78:b5:3d:aa:86:df:96:bd:
         e0:e6:93:bb:12:1f:6c:dd:4f:c5:9f:d9:91:98:f1:30:d3:fe:
         1e:29:20:91
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbNaPcvMDGhkQ2tDDAGoOI18rHhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMDMxMjQ2NTFaFw0yNzAzMDIxMjUxNTFaMDMxMTAvBgNV
BAMTKDU3QTI3ODEyRTg5RUFCOTFDMkY1NURFREMxRTdFMzg0Qjk2NTM0MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsiJaAe/9sAOsP0eEIiI4xtnAw
Y4BVjiBioCU7z+jnt8VloIbi6JRJe+4r1MgHvLPbetmlbPpfcZo6MTs8LT+aeOY/
LSmsyjzwh6Gt+fUW/qVsZfGU+Rxu1yD/6cxcE7FGaOWcuiNcwqUVUZR4SfmzBZCg
/mPdH9+VUr5Sq9BHFGFG4R3t1yfSnDneB2FtATokcp5Jgop4HnwMbd/mHr3csuxs
HvdoczU0Vl8y9kkjArK6OJQudfmpkvLvhfvNA56rxmH/nusdkaYOU3N58K2gctME
4SUD1M7U/RfTVog3vFPkG8pK5drMgHUVldHkYwUXwru8Y8o8ow5LDnoGxvq/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUV6J4Euieq5HC9V3twefjhLllNAowHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzNTMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzgzODM4MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIzkjQw
DQYJKoZIhvcNAQELBQADggEBAIE2irYEH2bA4FmrSpEJa2Bfq9yZGDKPJE3a3aSA
up2kE4nF7U4QqCz8zhLp2SUPZ2E4i3QJRcrSLbNsp7dvtP2OcGrdLjSJDbCIskNE
nxLI1kzBSsY5m4egRISdotYwsH0psOOEi/GoOqOVkBtVnyJ3Gqs9kJ1A1kZpGd7U
twOdyBt7FJVjxmyzk54zLxH1l/Ds589ECbDRIFcztQHHvxMTjzQgVDkrrvefc1CK
cSWRd0sVJltEVckBrNh3uAEJVxlWJhzjU45Pd0XYfrhJwJbRdZ8nRF0z1VC6i9Li
eW7c7OR4tT2qht+WveDmk7sSH2zdT8Wf2ZGY8TDT/h4pIJE=
-----END CERTIFICATE-----