Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/39312e3230392e35382e302f32342d3234203d3e203136323736.roa
File:                     39312e3230392e35382e302f32342d3234203d3e203136323736.roa (raw, json)
Hash identifier:          R4nCDM+gERSwMIVQOkFkhAEwhWmAFV8wbcJLGytRP4A=
Subject key identifier:   C0:9F:02:73:17:E2:CB:2F:C2:C5:CA:D5:4D:99:E3:A7:4D:F6:85:2A
Certificate issuer:       /CN=e205ebf065fc4929f1802662ae62d7f9762600e6
Certificate serial:       214A5C5816D314B6165922FF0E9FD4F694357B77
Authority key identifier: E2:05:EB:F0:65:FC:49:29:F1:80:26:62:AE:62:D7:F9:76:26:00:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4gXr8GX8SSnxgCZirmLX-XYmAOY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/39312e3230392e35382e302f32342d3234203d3e203136323736.roa
Signing time:             Sat 23 May 2026 15:23:20 +0000
ROA not before:           Sat 23 May 2026 15:18:20 +0000
ROA not after:            Sat 22 May 2027 15:23:20 +0000
asID:                     16276
IP address blocks:        91.209.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/E205EBF065FC4929F1802662AE62D7F9762600E6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/E205EBF065FC4929F1802662AE62D7F9762600E6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4gXr8GX8SSnxgCZirmLX-XYmAOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 13:20:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:4a:5c:58:16:d3:14:b6:16:59:22:ff:0e:9f:d4:f6:94:35:7b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e205ebf065fc4929f1802662ae62d7f9762600e6
        Validity
            Not Before: May 23 15:18:20 2026 GMT
            Not After : May 22 15:23:20 2027 GMT
        Subject: CN=C09F027317E2CB2FC2C5CAD54D99E3A74DF6852A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f8:b0:0f:06:92:f4:f5:d5:f5:f3:d7:90:f4:
                    6e:7c:d2:cc:3e:d8:c5:a0:8f:f2:30:d9:60:64:92:
                    5c:19:c3:89:c9:07:43:34:a2:38:b6:32:71:4a:6a:
                    1e:bb:07:54:85:45:22:93:d8:cb:a9:ef:cc:b9:c8:
                    06:9b:ac:24:ee:0a:d1:64:ec:71:8b:b1:bf:72:ae:
                    33:6c:19:17:92:c0:1e:91:a3:32:9b:ad:41:ed:3a:
                    40:4c:77:77:70:bf:ea:15:34:62:a0:c4:73:0e:bd:
                    72:ce:1d:4e:a1:46:fc:95:a8:1f:ac:68:7d:06:a6:
                    9b:03:c3:e8:64:56:ff:df:57:25:5c:05:5e:0e:ed:
                    2f:e9:49:dd:de:46:99:d5:8b:cc:8d:5d:3a:c5:3a:
                    4b:ed:69:58:be:5e:37:34:fd:8d:f3:ea:81:a2:eb:
                    12:db:74:0c:b5:03:79:f9:8f:97:ff:97:e7:55:47:
                    58:b7:d5:26:ad:b6:f9:ce:bd:ef:52:02:38:39:7d:
                    fb:e6:20:e5:11:01:af:5a:9c:fa:69:b0:1a:9a:79:
                    70:21:f1:7f:cc:b9:3d:68:b6:e4:49:dc:b6:c6:85:
                    5b:d8:23:16:de:d4:07:27:df:76:09:32:ca:ea:00:
                    26:a4:42:0c:9c:fd:b1:96:2e:82:1a:3c:3f:d8:a3:
                    26:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:9F:02:73:17:E2:CB:2F:C2:C5:CA:D5:4D:99:E3:A7:4D:F6:85:2A
            X509v3 Authority Key Identifier:
                keyid:E2:05:EB:F0:65:FC:49:29:F1:80:26:62:AE:62:D7:F9:76:26:00:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/E205EBF065FC4929F1802662AE62D7F9762600E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4gXr8GX8SSnxgCZirmLX-XYmAOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/bf0be3e1-854e-4662-92e8-028950ff57fe/0/39312e3230392e35382e302f32342d3234203d3e203136323736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:ce:2e:f5:67:81:af:f5:6b:86:92:60:ed:b2:94:18:bb:6e:
         79:e8:a1:d7:08:67:ec:12:41:b1:d5:aa:9e:e8:52:92:bc:2a:
         e4:9d:95:2f:d3:a8:95:a7:75:76:44:b0:8a:20:b7:bc:30:09:
         19:ec:4b:32:30:7d:24:40:74:40:ed:96:36:b0:32:bd:00:cf:
         2a:74:74:6a:ab:61:f1:72:b2:79:d8:b4:c2:f0:c8:7d:48:ed:
         ad:1d:f1:ba:72:ee:b2:9a:13:3e:67:01:9b:ee:59:af:82:12:
         d3:6a:b7:a5:34:64:35:a7:f8:5d:a3:5c:f1:ee:4b:9c:14:3e:
         b6:fd:22:f7:e3:75:d8:be:3b:04:2e:fb:57:62:5b:09:b5:9d:
         c6:e8:a9:5d:10:93:01:cc:1c:26:c0:9f:9c:78:f6:b9:fd:ee:
         17:dd:f5:23:5d:e8:85:95:8f:fc:00:04:07:5c:18:ac:da:3b:
         36:44:02:32:2a:25:92:ad:13:45:0d:c8:c7:e2:e1:37:4d:76:
         7c:8e:b7:2e:f9:71:17:66:ea:ad:d1:ee:52:e3:15:80:9b:28:
         51:58:f1:d0:4c:ad:dd:5a:66:02:a7:f5:3b:99:86:02:0a:58:
         6d:95:12:97:5b:11:27:27:f2:23:10:f7:5c:ab:fc:de:0d:38:
         a3:31:85:cc
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIUpcWBbTFLYWWSL/Dp/U9pQ1e3cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTIwNWViZjA2NWZjNDkyOWYxODAyNjYyYWU2MmQ3Zjk3
NjI2MDBlNjAeFw0yNjA1MjMxNTE4MjBaFw0yNzA1MjIxNTIzMjBaMDMxMTAvBgNV
BAMTKEMwOUYwMjczMTdFMkNCMkZDMkM1Q0FENTREOTlFM0E3NERGNjg1MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc+LAPBpL09dX189eQ9G580sw+
2MWgj/Iw2WBkklwZw4nJB0M0oji2MnFKah67B1SFRSKT2Mup78y5yAabrCTuCtFk
7HGLsb9yrjNsGReSwB6RozKbrUHtOkBMd3dwv+oVNGKgxHMOvXLOHU6hRvyVqB+s
aH0GppsDw+hkVv/fVyVcBV4O7S/pSd3eRpnVi8yNXTrFOkvtaVi+Xjc0/Y3z6oGi
6xLbdAy1A3n5j5f/l+dVR1i31SattvnOve9SAjg5ffvmIOURAa9anPppsBqaeXAh
8X/MuT1otuRJ3LbGhVvYIxbe1Acn33YJMsrqACakQgyc/bGWLoIaPD/YoybZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwJ8Ccxfiyy/CxcrVTZnjp032hSowHwYDVR0j
BBgwFoAU4gXr8GX8SSnxgCZirmLX+XYmAOYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmYwYmUzZTEtODU0ZS00NjYyLTkyZTgtMDI4OTUwZmY1
N2ZlLzAvRTIwNUVCRjA2NUZDNDkyOUYxODAyNjYyQUU2MkQ3Rjk3NjI2MDBFNi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRnWHI4R1g4U1NueGdDWmlybUxYLVhZ
bUFPWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmYwYmUzZTEt
ODU0ZS00NjYyLTkyZTgtMDI4OTUwZmY1N2ZlLzAvMzkzMTJlMzIzMDM5MmUzNTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjMyMzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvR
OjANBgkqhkiG9w0BAQsFAAOCAQEAss4u9WeBr/VrhpJg7bKUGLtueeih1whn7BJB
sdWqnuhSkrwq5J2VL9Oolad1dkSwiiC3vDAJGexLMjB9JEB0QO2WNrAyvQDPKnR0
aqth8XKyedi0wvDIfUjtrR3xunLuspoTPmcBm+5Zr4IS02q3pTRkNaf4XaNc8e5L
nBQ+tv0i9+N12L47BC77V2JbCbWdxuipXRCTAcwcJsCfnHj2uf3uF931I13ohZWP
/AAEB1wYrNo7NkQCMiolkq0TRQ3Ix+LhN012fI63LvlxF2bqrdHuUuMVgJsoUVjx
0Eyt3VpmAqf1O5mGAgpYbZUSl1sRJyfyIxD3XKv83g04ozGFzA==
-----END CERTIFICATE-----