Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa
File:                     3138352e3130302e3231342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          /NLCwTDB1sOoBKKDUjJrCcq550Y2YJvVyuBgravCkmQ=
Subject key identifier:   31:2F:C9:0E:54:26:E4:87:BB:35:3B:6E:13:D2:D0:EB:29:2B:34:27
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       6BE9A9C31C94DD534E234B46618C901EE0E52AB9
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 13:35:28 +0000
ROA not before:           Mon 02 Mar 2026 13:30:28 +0000
ROA not after:            Mon 01 Mar 2027 13:35:28 +0000
asID:                     834
IP address blocks:        185.100.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 02:18:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:e9:a9:c3:1c:94:dd:53:4e:23:4b:46:61:8c:90:1e:e0:e5:2a:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: Mar  2 13:30:28 2026 GMT
            Not After : Mar  1 13:35:28 2027 GMT
        Subject: CN=312FC90E5426E487BB353B6E13D2D0EB292B3427
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:6c:78:7e:e4:d7:d2:a3:76:69:7c:df:1d:
                    c8:a4:88:00:4a:d9:1a:9d:77:38:b8:77:52:64:de:
                    d0:b1:7e:66:0b:ea:97:a4:5f:51:1a:0f:7f:3a:82:
                    7e:e5:c2:55:1e:21:c9:20:00:8b:7d:fc:ae:be:b4:
                    ef:8d:55:92:1e:4a:84:37:82:54:c9:cc:79:48:43:
                    42:6a:9c:92:3a:d5:17:d6:c7:de:c2:6a:f0:46:44:
                    a4:c2:e5:3f:03:99:7d:74:01:8b:e7:61:51:7f:71:
                    c0:d0:cf:7c:39:fd:f1:5a:d7:05:9e:49:e8:c7:bf:
                    1d:6b:9c:9e:e4:b7:57:ce:ca:fb:db:9f:95:1c:ab:
                    35:9c:71:4d:78:f6:93:92:56:96:c5:e2:7f:93:53:
                    1b:0c:2e:9b:b4:2a:b9:5a:72:ed:c6:3a:bd:6a:a9:
                    0c:2e:c2:ca:a4:b3:cf:37:27:78:ae:cd:40:79:28:
                    3b:93:c7:d4:1f:67:c5:7a:b7:85:ad:9c:c1:e8:ca:
                    0d:6d:24:24:4c:68:58:51:a2:df:3e:06:08:9e:26:
                    f3:11:89:28:10:7c:4e:96:e1:bc:53:5e:53:ef:6f:
                    b5:34:30:35:8d:ee:08:2b:b0:c0:aa:45:1b:bf:d4:
                    16:23:18:e7:50:40:5b:75:1c:25:89:fc:dc:17:29:
                    30:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2F:C9:0E:54:26:E4:87:BB:35:3B:6E:13:D2:D0:EB:29:2B:34:27
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3138352e3130302e3231342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:be:ef:c4:e2:a8:cc:1c:31:54:34:0a:a5:8c:eb:12:32:c0:
         a4:8a:05:fe:58:69:62:69:df:07:b4:fa:b9:e7:31:74:de:65:
         b2:b4:78:a6:92:a2:5c:b0:76:12:83:be:bb:23:46:3f:02:94:
         99:1f:f0:87:a6:79:95:5a:68:8e:8f:6e:02:4b:f1:a9:ad:6e:
         58:3e:5e:14:2e:8c:36:b6:7c:91:24:ee:f6:03:09:3c:e1:9e:
         c2:75:4b:0f:61:59:00:cd:de:65:5e:83:d6:c4:04:ab:56:45:
         de:01:b7:d3:75:13:32:4f:87:ff:51:4d:d1:59:ee:80:fe:2a:
         cc:92:51:9b:0b:47:d5:eb:06:02:d8:df:ce:f5:a8:2f:30:cd:
         ed:f8:50:cf:37:e8:64:38:7c:d0:5e:fc:85:aa:e7:bd:86:a9:
         83:c6:cb:f2:ec:c0:59:99:57:02:02:61:48:0f:7b:a4:43:80:
         80:f5:8e:c2:77:5a:fb:e1:0a:dc:01:ce:dc:50:82:44:d1:53:
         73:61:04:31:24:48:bd:86:68:61:3c:42:65:bf:b0:ee:57:d2:
         c1:d7:7f:4d:2f:02:d7:d0:52:72:5f:c1:34:8b:e4:a7:c6:8a:
         ce:e2:e8:1d:f5:3f:af:5d:8e:da:a1:4f:48:7f:6e:8b:b5:df:
         1e:11:02:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUa+mpwxyU3VNOI0tGYYyQHuDlKrkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAzMDIxMzMwMjhaFw0yNzAzMDExMzM1MjhaMDMxMTAvBgNV
BAMTKDMxMkZDOTBFNTQyNkU0ODdCQjM1M0I2RTEzRDJEMEVCMjkyQjM0MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzq2x4fuTX0qN2aXzfHcikiABK
2Rqddzi4d1Jk3tCxfmYL6pekX1EaD386gn7lwlUeIckgAIt9/K6+tO+NVZIeSoQ3
glTJzHlIQ0JqnJI61RfWx97CavBGRKTC5T8DmX10AYvnYVF/ccDQz3w5/fFa1wWe
SejHvx1rnJ7kt1fOyvvbn5UcqzWccU149pOSVpbF4n+TUxsMLpu0Krlacu3GOr1q
qQwuwsqks883J3iuzUB5KDuTx9QfZ8V6t4WtnMHoyg1tJCRMaFhRot8+BgieJvMR
iSgQfE6W4bxTXlPvb7U0MDWN7ggrsMCqRRu/1BYjGOdQQFt1HCWJ/NwXKTAvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUMS/JDlQm5Ie7NTtuE9LQ6ykrNCcwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzEzODM1MmUzMTMwMzAyZTMy
MzEzNDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALlk
1jANBgkqhkiG9w0BAQsFAAOCAQEAfb7vxOKozBwxVDQKpYzrEjLApIoF/lhpYmnf
B7T6uecxdN5lsrR4ppKiXLB2EoO+uyNGPwKUmR/wh6Z5lVpojo9uAkvxqa1uWD5e
FC6MNrZ8kSTu9gMJPOGewnVLD2FZAM3eZV6D1sQEq1ZF3gG303UTMk+H/1FN0Vnu
gP4qzJJRmwtH1esGAtjfzvWoLzDN7fhQzzfoZDh80F78harnvYapg8bL8uzAWZlX
AgJhSA97pEOAgPWOwnda++EK3AHO3FCCRNFTc2EEMSRIvYZoYTxCZb+w7lfSwdd/
TS8C19BScl/BNIvkp8aKzuLoHfU/r12O2qFPSH9ui7XfHhEC1g==
-----END CERTIFICATE-----