Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e31302e302f32342d3234203d3e2037343838.roa
File:                     3139332e33392e31302e302f32342d3234203d3e2037343838.roa (raw, json)
Hash identifier:          TWPDt0qkxAQDcYJMBXTg16JTVcEH3EpntB5MTb5kzSc=
Subject key identifier:   53:8C:F2:03:3B:77:B2:FA:DA:88:F5:80:08:24:2D:F7:C5:A0:86:3A
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       65009ECA9032219D364AB8FE77FC3DB21C9E3312
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e31302e302f32342d3234203d3e2037343838.roa
Signing time:             Tue 10 Mar 2026 07:33:24 +0000
ROA not before:           Tue 10 Mar 2026 07:28:24 +0000
ROA not after:            Tue 09 Mar 2027 07:33:24 +0000
asID:                     7488
IP address blocks:        193.39.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 06:32:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:00:9e:ca:90:32:21:9d:36:4a:b8:fe:77:fc:3d:b2:1c:9e:33:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Mar 10 07:28:24 2026 GMT
            Not After : Mar  9 07:33:24 2027 GMT
        Subject: CN=538CF2033B77B2FADA88F58008242DF7C5A0863A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:08:5e:ce:9c:05:25:7e:06:30:cf:56:ae:7f:
                    16:bc:8a:53:00:d0:a4:88:0a:00:80:1c:0d:67:5c:
                    58:65:92:60:b1:4b:35:f7:83:7d:1a:2d:d2:f9:48:
                    0e:19:53:40:a9:ce:4a:54:d2:1d:42:ce:06:76:23:
                    20:36:b2:83:61:f2:72:0f:c8:20:3d:9c:c5:32:77:
                    ca:94:44:9b:0c:f7:6a:68:f2:46:31:e5:2e:03:c8:
                    9f:c4:01:fd:eb:a0:a6:2f:a0:48:c3:ad:be:f8:01:
                    66:2c:19:60:85:6e:56:36:9b:4f:35:d1:66:c3:3b:
                    70:5a:2a:2a:be:26:a1:84:76:b8:39:d6:2e:dc:6a:
                    93:ef:90:89:d2:ec:ff:1a:2a:67:d8:3a:a5:63:10:
                    4f:b3:f6:81:c0:68:29:9b:e3:54:ac:b1:29:58:09:
                    a1:c1:f1:78:8a:e0:6a:3c:41:4e:d7:87:3c:8b:6a:
                    5a:17:01:4d:1a:2e:5a:aa:f7:a2:f8:98:09:8a:ab:
                    fc:97:8e:7c:90:a4:31:e8:9e:b9:ca:36:03:86:6b:
                    d4:63:07:d9:81:53:28:21:64:39:1d:a0:d9:34:ae:
                    ce:61:e7:fc:0e:5f:70:d2:78:5a:d9:bb:62:18:d8:
                    e7:0b:51:32:1f:42:77:0c:ff:7e:aa:4f:d3:7a:86:
                    94:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:8C:F2:03:3B:77:B2:FA:DA:88:F5:80:08:24:2D:F7:C5:A0:86:3A
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33392e31302e302f32342d3234203d3e2037343838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.39.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:86:e1:c8:8c:73:e7:5b:42:50:1c:b8:f7:fe:2c:1e:0f:4e:
         ca:bd:e8:75:93:36:9e:8e:c7:cf:e5:65:25:94:ea:de:9e:68:
         83:97:b0:14:b8:7b:67:99:1c:bb:c5:4b:6a:9a:aa:84:7a:66:
         1a:99:47:f9:44:ae:fc:de:83:a9:c3:3d:9b:07:0c:63:2a:df:
         86:95:4a:e9:ef:10:81:bf:1a:66:f5:4c:5f:e9:67:2f:95:a3:
         e4:7f:10:d5:9b:26:49:54:4e:b7:62:34:60:01:b9:0d:6d:40:
         c6:d4:94:44:9e:a0:2e:f2:52:b2:0e:1a:c3:94:2e:44:92:c1:
         68:5f:fa:3a:e2:9f:1c:93:7c:bb:39:50:9e:e8:a0:44:6e:b8:
         01:ae:5a:19:56:7f:79:fa:95:fd:67:37:14:c5:d8:5c:d3:7e:
         50:2e:c5:be:e7:10:c1:19:e0:cc:3a:7d:88:9d:f4:46:2f:1d:
         04:0e:27:c4:f7:bd:24:62:5f:10:d1:95:04:d5:0c:34:78:36:
         af:dd:63:00:d4:0d:3a:3f:ba:14:cc:6f:9c:36:4e:a2:d9:e2:
         2f:fe:87:2b:5c:99:c1:93:65:45:aa:7e:cb:14:7d:72:69:92:
         0e:85:84:ef:f7:78:ea:96:15:94:40:ad:68:23:dc:9d:e8:8d:
         45:82:21:94
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZQCeypAyIZ02Srj+d/w9shyeMxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjAzMTAwNzI4MjRaFw0yNzAzMDkwNzMzMjRaMDMxMTAvBgNV
BAMTKDUzOENGMjAzM0I3N0IyRkFEQTg4RjU4MDA4MjQyREY3QzVBMDg2M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRCF7OnAUlfgYwz1aufxa8ilMA
0KSICgCAHA1nXFhlkmCxSzX3g30aLdL5SA4ZU0CpzkpU0h1CzgZ2IyA2soNh8nIP
yCA9nMUyd8qURJsM92po8kYx5S4DyJ/EAf3roKYvoEjDrb74AWYsGWCFblY2m081
0WbDO3BaKiq+JqGEdrg51i7capPvkInS7P8aKmfYOqVjEE+z9oHAaCmb41SssSlY
CaHB8XiK4Go8QU7XhzyLaloXAU0aLlqq96L4mAmKq/yXjnyQpDHonrnKNgOGa9Rj
B9mBUyghZDkdoNk0rs5h5/wOX3DSeFrZu2IY2OcLUTIfQncM/36qT9N6hpRBAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUU4zyAzt3svraiPWACCQt98WghjowHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzOTMzMmUzMzM5MmUzMTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczNDM4Mzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBJwow
DQYJKoZIhvcNAQELBQADggEBABqG4ciMc+dbQlAcuPf+LB4PTsq96HWTNp6Ox8/l
ZSWU6t6eaIOXsBS4e2eZHLvFS2qaqoR6ZhqZR/lErvzeg6nDPZsHDGMq34aVSunv
EIG/Gmb1TF/pZy+Vo+R/ENWbJklUTrdiNGABuQ1tQMbUlESeoC7yUrIOGsOULkSS
wWhf+jrinxyTfLs5UJ7ooERuuAGuWhlWf3n6lf1nNxTF2FzTflAuxb7nEMEZ4Mw6
fYid9EYvHQQOJ8T3vSRiXxDRlQTVDDR4Nq/dYwDUDTo/uhTMb5w2TqLZ4i/+hytc
mcGTZUWqfssUfXJpkg6FhO/3eOqWFZRArWgj3J3ojUWCIZQ=
-----END CERTIFICATE-----