Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20333936393832.roa
File:                     322e35362e3235302e302f32342d3234203d3e20333936393832.roa (raw, json)
Hash identifier:          BxPezobO/T4btS4G3go9MqQgNF85JYbUN5qjqWyvM4I=
Subject key identifier:   0B:4A:25:97:9B:DA:02:5D:CB:79:69:6F:26:BA:26:17:84:50:66:DB
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       1C8F2AEF61D5D8C777A3566FF81301A12162B0AC
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20333936393832.roa
Signing time:             Thu 19 Feb 2026 14:55:38 +0000
ROA not before:           Thu 19 Feb 2026 14:50:38 +0000
ROA not after:            Thu 18 Feb 2027 14:55:38 +0000
asID:                     396982
IP address blocks:        2.56.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 13:32:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:8f:2a:ef:61:d5:d8:c7:77:a3:56:6f:f8:13:01:a1:21:62:b0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Feb 19 14:50:38 2026 GMT
            Not After : Feb 18 14:55:38 2027 GMT
        Subject: CN=0B4A25979BDA025DCB79696F26BA2617845066DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:27:23:d8:8d:d3:38:07:fc:40:3f:b3:a0:d0:
                    1d:e1:fc:2f:b1:3d:d2:0d:95:36:93:e3:7b:9f:8b:
                    be:47:8a:f7:8f:f2:31:bd:c8:c1:8f:64:ec:90:5f:
                    9b:30:e7:d0:16:a7:56:9b:fa:23:a2:28:61:e3:ff:
                    36:d2:67:75:e3:a5:b4:9a:0d:8e:8a:4e:99:00:1f:
                    83:cd:2a:54:12:a1:5f:3b:00:17:8c:86:9f:1f:05:
                    77:91:1a:c4:04:34:be:8a:aa:64:2b:95:0f:c4:36:
                    00:74:40:97:fd:2e:e0:75:54:d3:f7:02:c4:14:16:
                    af:2c:3f:df:a9:23:72:b7:42:ba:9e:f3:8f:c1:eb:
                    3b:d0:f7:0f:5d:29:bd:70:ea:88:b6:95:e0:b5:8b:
                    ec:3b:fb:5d:22:b8:ca:53:f1:8f:ff:9a:e6:70:3d:
                    11:ce:45:9a:15:af:e3:ac:5e:a1:2b:c4:9d:43:ea:
                    73:d8:f7:37:96:c3:dd:0b:72:7c:ff:f2:62:1b:6d:
                    eb:53:77:b1:78:a6:a3:8e:36:09:4e:82:ab:24:e0:
                    66:d8:9f:a5:fb:72:10:bd:e4:bb:09:7d:41:57:d7:
                    ac:a3:b3:3f:91:65:00:83:f1:0b:6e:80:50:e6:16:
                    d4:ec:11:c2:d9:82:45:35:ad:02:55:c9:0f:39:ae:
                    9b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:4A:25:97:9B:DA:02:5D:CB:79:69:6F:26:BA:26:17:84:50:66:DB
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/322e35362e3235302e302f32342d3234203d3e20333936393832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:18:63:9a:c7:f8:58:e6:43:bc:85:d0:26:83:93:27:d7:a3:
         94:cb:76:c2:05:ea:e5:08:c5:55:57:26:db:3a:eb:4b:7a:76:
         ec:d0:97:8b:40:b6:6a:b8:ea:37:ad:71:15:20:c4:cd:84:27:
         d5:11:93:f9:e6:98:23:5a:b9:84:ac:0e:c5:3c:65:0c:be:96:
         a8:e4:10:6d:bb:be:96:7f:19:6a:58:68:b9:58:a3:e7:52:f6:
         c9:3f:97:77:06:ef:04:4b:99:cc:3a:8c:12:cc:be:88:76:de:
         b1:e1:c0:3c:a0:8b:ca:34:d3:7f:16:bc:d4:2f:64:13:73:56:
         f9:c4:19:ff:7e:77:7b:13:4c:4d:ed:a5:1d:b5:1b:a0:f6:fd:
         93:9f:56:5c:8b:68:a5:2c:6e:af:1b:6b:18:ec:19:e1:6c:dc:
         40:d1:2a:69:fc:bd:e6:be:5e:e6:23:d1:e2:ec:e3:d4:46:c4:
         93:09:ae:15:4e:95:8d:83:bc:bc:53:1b:1b:11:cd:71:15:af:
         bc:93:81:00:d7:6c:d3:57:2e:1d:6f:a3:d1:6a:e0:9f:78:45:
         1a:56:33:cd:fe:c6:fa:97:1d:e4:7a:4b:a9:d1:2f:3c:cb:a1:
         5e:28:ec:90:c8:b0:d2:82:16:64:72:22:e3:47:fd:b1:90:fa:
         2b:b8:ae:78
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHI8q72HV2Md3o1Zv+BMBoSFisKwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNjAyMTkxNDUwMzhaFw0yNzAyMTgxNDU1MzhaMDMxMTAvBgNV
BAMTKDBCNEEyNTk3OUJEQTAyNURDQjc5Njk2RjI2QkEyNjE3ODQ1MDY2REIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/JyPYjdM4B/xAP7Og0B3h/C+x
PdINlTaT43ufi75HiveP8jG9yMGPZOyQX5sw59AWp1ab+iOiKGHj/zbSZ3XjpbSa
DY6KTpkAH4PNKlQSoV87ABeMhp8fBXeRGsQENL6KqmQrlQ/ENgB0QJf9LuB1VNP3
AsQUFq8sP9+pI3K3Qrqe84/B6zvQ9w9dKb1w6oi2leC1i+w7+10iuMpT8Y//muZw
PRHORZoVr+OsXqErxJ1D6nPY9zeWw90Lcnz/8mIbbetTd7F4pqOONglOgqsk4GbY
n6X7chC95LsJfUFX16yjsz+RZQCD8QtugFDmFtTsEcLZgkU1rQJVyQ85rptBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUC0oll5vaAl3LeWlvJromF4RQZtswHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzIyZTM1MzYyZTMyMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzkzNjM5MzgzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI4
+jANBgkqhkiG9w0BAQsFAAOCAQEAahhjmsf4WOZDvIXQJoOTJ9ejlMt2wgXq5QjF
VVcm2zrrS3p27NCXi0C2arjqN61xFSDEzYQn1RGT+eaYI1q5hKwOxTxlDL6WqOQQ
bbu+ln8ZalhouVij51L2yT+XdwbvBEuZzDqMEsy+iHbeseHAPKCLyjTTfxa81C9k
E3NW+cQZ/353exNMTe2lHbUboPb9k59WXItopSxurxtrGOwZ4WzcQNEqafy95r5e
5iPR4uzj1EbEkwmuFU6VjYO8vFMbGxHNcRWvvJOBANds01cuHW+j0Wrgn3hFGlYz
zf7G+pcd5HpLqdEvPMuhXijskMiw0oIWZHIi40f9sZD6K7iueA==
-----END CERTIFICATE-----