Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/39312e3233312e3132362e302f32342d3234203d3e2035363530.roa
File:                     39312e3233312e3132362e302f32342d3234203d3e2035363530.roa (raw, json)
Hash identifier:          /keadxHEKLIlJdZn+7/QJ582hR4EPNEsV/ta7yXGjKc=
Subject key identifier:   1F:08:E7:F3:E4:99:1C:3A:16:6C:BD:4A:E9:F1:DD:B4:D8:24:CA:9D
Certificate issuer:       /CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
Certificate serial:       275FEB80FBAC7340338DF715E7301D2A34174D01
Authority key identifier: E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/39312e3233312e3132362e302f32342d3234203d3e2035363530.roa
Signing time:             Fri 24 Apr 2026 12:47:05 +0000
ROA not before:           Fri 24 Apr 2026 12:42:05 +0000
ROA not after:            Fri 23 Apr 2027 12:47:05 +0000
asID:                     5650
IP address blocks:        91.231.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 00:20:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:5f:eb:80:fb:ac:73:40:33:8d:f7:15:e7:30:1d:2a:34:17:4d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1f3512f51dc42bb9eb12abc0bb529668b2edee4
        Validity
            Not Before: Apr 24 12:42:05 2026 GMT
            Not After : Apr 23 12:47:05 2027 GMT
        Subject: CN=1F08E7F3E4991C3A166CBD4AE9F1DDB4D824CA9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:40:40:d2:fe:3c:25:f3:4b:ab:aa:e7:07:88:
                    61:7e:18:bb:8c:06:77:b3:33:22:b6:c9:6e:ec:b1:
                    a7:c3:d9:6a:14:d5:7b:60:00:79:cc:9d:48:72:4c:
                    02:89:0f:e5:a2:7e:20:62:dd:16:49:76:c4:7b:85:
                    a2:9f:b9:8d:c9:08:f7:c9:aa:bd:46:45:d6:57:a5:
                    97:73:38:fa:4d:3e:4c:e9:8f:8e:23:33:c7:37:be:
                    30:ae:5a:1e:c8:3b:cc:e9:69:64:8e:18:2e:88:da:
                    60:68:9b:6d:b8:44:43:ef:7a:8b:3e:9e:95:79:b0:
                    3d:ea:30:63:ea:ba:6e:c2:c7:c3:38:d1:e2:fc:c9:
                    8d:1a:36:0e:0d:f0:fd:ef:d2:d1:8b:91:72:84:f2:
                    8a:ea:40:aa:9a:98:2b:1c:c8:38:46:96:d2:b0:63:
                    33:6e:20:5c:2b:e3:6c:5d:e5:a7:b8:c1:cc:43:3d:
                    a1:dc:e7:55:a9:73:5a:c6:aa:3c:d4:dd:48:55:fa:
                    02:25:40:d4:49:39:5d:91:a8:af:35:9f:c3:eb:5c:
                    96:b7:31:a7:41:aa:f9:6d:50:f8:7d:05:27:a0:d5:
                    d9:cd:32:3f:13:0f:f5:e8:80:37:59:73:48:37:f6:
                    46:34:a5:7b:c6:42:93:31:57:02:69:3b:f6:2d:dc:
                    c3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:08:E7:F3:E4:99:1C:3A:16:6C:BD:4A:E9:F1:DD:B4:D8:24:CA:9D
            X509v3 Authority Key Identifier:
                keyid:E1:F3:51:2F:51:DC:42:BB:9E:B1:2A:BC:0B:B5:29:66:8B:2E:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/E1F3512F51DC42BB9EB12ABC0BB529668B2EDEE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4fNRL1HcQruesSq8C7UpZosu3uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e3cdc648-d203-462a-bd0f-ec1b60d879a7/0/39312e3233312e3132362e302f32342d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:a8:35:9f:54:62:86:7f:e6:84:67:96:55:a5:95:6c:16:b6:
         fa:d9:86:b4:ea:73:a3:78:c1:9b:92:75:b4:16:73:6a:3c:bf:
         e9:97:d7:4a:7c:23:87:75:03:5d:ce:43:ed:7f:d1:30:11:f5:
         89:b5:f7:58:3b:b8:d9:19:21:70:aa:db:55:14:fb:3a:ac:29:
         c1:d9:ba:6f:f7:9e:73:77:68:ec:ea:ca:be:2e:9c:dd:44:01:
         38:ed:bd:aa:f6:7f:5e:97:f3:f2:6d:2f:c3:86:5c:a2:9e:d1:
         46:38:9a:8b:a8:14:ac:aa:20:1d:a7:20:ba:3b:60:34:a6:de:
         fa:69:ef:ca:94:a4:3e:39:8a:18:22:35:71:dc:57:cc:05:82:
         5e:af:09:9f:a7:28:94:72:2a:f9:11:d3:c8:a5:6b:8b:21:af:
         0e:0f:b8:e1:61:6d:2d:5f:f1:82:30:ce:f8:7b:76:bf:41:dd:
         29:86:6d:36:7f:49:9e:8b:7e:95:18:a9:43:2f:e0:d0:29:c8:
         e0:2e:d3:a2:c3:af:60:2a:0d:d8:19:03:2b:14:df:a2:6e:9a:
         97:4c:cc:fe:8d:b9:ba:fa:fb:c8:34:c7:ce:9c:2f:26:b8:1a:
         33:ec:83:6a:a6:4e:39:28:f0:f0:27:d6:f0:19:e6:a4:e4:2e:
         39:c5:d1:4c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ1/rgPusc0AzjfcV5zAdKjQXTQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZTFmMzUxMmY1MWRjNDJiYjllYjEyYWJjMGJiNTI5NjY4
YjJlZGVlNDAeFw0yNjA0MjQxMjQyMDVaFw0yNzA0MjMxMjQ3MDVaMDMxMTAvBgNV
BAMTKDFGMDhFN0YzRTQ5OTFDM0ExNjZDQkQ0QUU5RjFEREI0RDgyNENBOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZQEDS/jwl80urqucHiGF+GLuM
BnezMyK2yW7ssafD2WoU1XtgAHnMnUhyTAKJD+WifiBi3RZJdsR7haKfuY3JCPfJ
qr1GRdZXpZdzOPpNPkzpj44jM8c3vjCuWh7IO8zpaWSOGC6I2mBom224REPveos+
npV5sD3qMGPqum7Cx8M40eL8yY0aNg4N8P3v0tGLkXKE8orqQKqamCscyDhGltKw
YzNuIFwr42xd5ae4wcxDPaHc51Wpc1rGqjzU3UhV+gIlQNRJOV2RqK81n8PrXJa3
MadBqvltUPh9BSeg1dnNMj8TD/XogDdZc0g39kY0pXvGQpMxVwJpO/Yt3MPDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUHwjn8+SZHDoWbL1K6fHdtNgkyp0wHwYDVR0j
BBgwFoAU4fNRL1HcQruesSq8C7UpZosu3uQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgtZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3
OWE3LzAvRTFGMzUxMkY1MURDNDJCQjlFQjEyQUJDMEJCNTI5NjY4QjJFREVFNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRmTlJMMUhjUXJ1ZXNTcThDN1VwWm9z
dTN1US5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTNjZGM2NDgt
ZDIwMy00NjJhLWJkMGYtZWMxYjYwZDg3OWE3LzAvMzkzMTJlMzIzMzMxMmUzMTMy
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvn
fjANBgkqhkiG9w0BAQsFAAOCAQEAp6g1n1Rihn/mhGeWVaWVbBa2+tmGtOpzo3jB
m5J1tBZzajy/6ZfXSnwjh3UDXc5D7X/RMBH1ibX3WDu42RkhcKrbVRT7Oqwpwdm6
b/eec3do7OrKvi6c3UQBOO29qvZ/Xpfz8m0vw4Zcop7RRjiai6gUrKogHacgujtg
NKbe+mnvypSkPjmKGCI1cdxXzAWCXq8Jn6colHIq+RHTyKVriyGvDg+44WFtLV/x
gjDO+Ht2v0HdKYZtNn9Jnot+lRipQy/g0CnI4C7TosOvYCoN2BkDKxTfom6al0zM
/o25uvr7yDTHzpwvJrgaM+yDaqZOOSjw8CfW8BnmpOQuOcXRTA==
-----END CERTIFICATE-----