Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232302e302f32342d3234203d3e203630393439.roa
File:                     3138352e342e3232302e302f32342d3234203d3e203630393439.roa (raw, json)
Hash identifier:          xzKCbRRymoWmTb+EPXggGoAZftG3xKTDF0Epi2YVu64=
Subject key identifier:   C6:F3:72:24:5D:50:42:DB:A4:77:06:81:59:98:93:71:C3:4A:BB:73
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       2BD8D0B337DE8A6298322737E40D4BA19D26172F
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232302e302f32342d3234203d3e203630393439.roa
Signing time:             Mon 02 Mar 2026 07:54:56 +0000
ROA not before:           Mon 02 Mar 2026 07:49:56 +0000
ROA not after:            Mon 01 Mar 2027 07:54:56 +0000
asID:                     60949
IP address blocks:        185.4.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Mar 2026 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:d8:d0:b3:37:de:8a:62:98:32:27:37:e4:0d:4b:a1:9d:26:17:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Mar  2 07:49:56 2026 GMT
            Not After : Mar  1 07:54:56 2027 GMT
        Subject: CN=C6F372245D5042DBA477068159989371C34ABB73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:71:17:dc:7d:31:72:94:46:4e:9c:e9:c3:8b:
                    d4:d0:6a:9c:3b:d4:ba:73:e0:4a:5d:93:3e:aa:76:
                    78:db:a9:0a:73:ce:f4:86:ee:bb:aa:cc:ae:8a:7d:
                    94:f3:b9:e8:97:98:c9:5c:bd:48:4e:bb:06:88:62:
                    ce:f1:9e:77:ce:f9:1e:d0:80:8a:74:5d:44:fa:ec:
                    bd:44:ab:26:bb:12:60:50:e7:12:92:6b:c1:a1:3a:
                    ac:e4:a1:03:90:49:ac:48:72:67:c4:d5:40:2d:a8:
                    ce:c4:82:52:4f:02:91:e1:de:9b:93:fa:79:86:ef:
                    92:6f:b1:40:67:21:ff:a8:5b:b3:94:2d:a8:19:93:
                    25:fc:b2:89:de:4f:b7:09:2a:c3:01:da:97:5b:7a:
                    63:fc:ac:94:51:8c:ec:c5:cf:0e:17:9c:db:d6:1f:
                    ba:36:99:d9:57:ad:08:e3:04:fb:8d:6b:65:28:1e:
                    04:f6:13:94:bd:5a:87:2d:1a:ab:ec:96:f9:f5:23:
                    f8:34:90:2f:51:53:91:28:66:c2:25:f2:e2:5e:cd:
                    70:63:22:c6:0f:35:37:d2:66:b3:a8:88:32:24:b7:
                    25:e3:5a:3c:80:1c:90:90:a3:ee:c2:b2:cd:40:dc:
                    c7:aa:2d:b1:15:ae:92:55:19:45:a9:9a:16:18:ba:
                    da:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F3:72:24:5D:50:42:DB:A4:77:06:81:59:98:93:71:C3:4A:BB:73
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3138352e342e3232302e302f32342d3234203d3e203630393439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:fe:0e:58:4e:6f:4c:59:14:f5:f3:56:75:d9:1a:73:a8:e4:
         98:49:27:1f:14:8a:db:89:4b:ba:1e:47:55:3a:01:b6:b4:27:
         b0:62:f3:4c:be:f5:9a:97:34:91:28:b6:18:fc:64:b5:40:3d:
         07:02:4a:27:19:b9:64:96:fe:04:72:ed:74:9e:03:8d:21:1a:
         5b:74:af:80:f9:0f:f9:eb:63:d8:89:30:d2:da:91:85:d3:0e:
         7e:71:b8:db:6f:63:8a:c5:ac:2e:a1:e8:f8:84:11:9f:88:3b:
         cf:6f:8d:ec:9b:ea:be:f0:a4:69:5b:50:dc:e6:31:44:ef:72:
         f1:39:1e:37:dd:47:78:d7:e2:d6:e1:79:27:93:f2:d7:57:45:
         b3:5f:cf:b2:7d:53:f9:a8:bf:cb:81:c0:e8:31:70:66:68:d5:
         06:81:2a:76:4a:b9:c5:d2:f3:57:d7:15:54:01:f7:27:0a:ac:
         b0:cb:1f:9d:7e:3d:39:62:86:6b:34:60:61:aa:76:43:31:31:
         a9:53:9f:04:4a:1e:34:3e:e0:5b:5b:a6:27:27:6d:7e:1f:2f:
         41:cd:c0:69:10:3a:40:26:29:66:a6:18:c5:0c:f0:3b:7c:47:
         f5:94:f0:59:c9:e0:c3:46:af:dc:e5:36:3d:37:cd:41:c6:bb:
         ed:5a:90:3b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK9jQszfeimKYMic35A1LoZ0mFy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjAzMDIwNzQ5NTZaFw0yNzAzMDEwNzU0NTZaMDMxMTAvBgNV
BAMTKEM2RjM3MjI0NUQ1MDQyREJBNDc3MDY4MTU5OTg5MzcxQzM0QUJCNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1cRfcfTFylEZOnOnDi9TQapw7
1Lpz4Epdkz6qdnjbqQpzzvSG7ruqzK6KfZTzueiXmMlcvUhOuwaIYs7xnnfO+R7Q
gIp0XUT67L1Eqya7EmBQ5xKSa8GhOqzkoQOQSaxIcmfE1UAtqM7EglJPApHh3puT
+nmG75JvsUBnIf+oW7OULagZkyX8soneT7cJKsMB2pdbemP8rJRRjOzFzw4XnNvW
H7o2mdlXrQjjBPuNa2UoHgT2E5S9WoctGqvslvn1I/g0kC9RU5EoZsIl8uJezXBj
IsYPNTfSZrOoiDIktyXjWjyAHJCQo+7Css1A3MeqLbEVrpJVGUWpmhYYutrtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxvNyJF1QQtukdwaBWZiTccNKu3MwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzODM1MmUzNDJlMzIzMjMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM5MzQzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALkE
3DANBgkqhkiG9w0BAQsFAAOCAQEAj/4OWE5vTFkU9fNWddkac6jkmEknHxSK24lL
uh5HVToBtrQnsGLzTL71mpc0kSi2GPxktUA9BwJKJxm5ZJb+BHLtdJ4DjSEaW3Sv
gPkP+etj2Ikw0tqRhdMOfnG4229jisWsLqHo+IQRn4g7z2+N7JvqvvCkaVtQ3OYx
RO9y8TkeN91HeNfi1uF5J5Py11dFs1/Psn1T+ai/y4HA6DFwZmjVBoEqdkq5xdLz
V9cVVAH3JwqssMsfnX49OWKGazRgYap2QzExqVOfBEoeND7gW1umJydtfh8vQc3A
aRA6QCYpZqYYxQzwO3xH9ZTwWcngw0av3OU2PTfNQca77VqQOw==
-----END CERTIFICATE-----