Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e34382e302f32312d3234203d3e203331313033.roa
File:                     36322e3134312e34382e302f32312d3234203d3e203331313033.roa (raw, json)
Hash identifier:          3eKrjjTPZefl3jMtCh5HnGRmkRLUJPEcepHMf5aNFJI=
Subject key identifier:   08:26:CB:04:CB:52:C8:E2:FC:D4:6E:B0:F0:7C:E2:33:58:AF:FF:D9
Certificate issuer:       /CN=9e576996388e94b8c7ab20effb23bd11becb4108
Certificate serial:       7ACF4B848662C99C96FC6DCFE8B87D1F66333762
Authority key identifier: 9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e34382e302f32312d3234203d3e203331313033.roa
Signing time:             Mon 20 Apr 2026 13:47:05 +0000
ROA not before:           Mon 20 Apr 2026 13:42:05 +0000
ROA not after:            Mon 19 Apr 2027 13:47:05 +0000
asID:                     31103
IP address blocks:        62.141.48.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 10:08:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:cf:4b:84:86:62:c9:9c:96:fc:6d:cf:e8:b8:7d:1f:66:33:37:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e576996388e94b8c7ab20effb23bd11becb4108
        Validity
            Not Before: Apr 20 13:42:05 2026 GMT
            Not After : Apr 19 13:47:05 2027 GMT
        Subject: CN=0826CB04CB52C8E2FCD46EB0F07CE23358AFFFD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:53:8b:33:4f:3c:74:ad:73:9a:3f:17:c6:75:
                    04:df:4d:79:77:b0:f0:19:3b:02:a8:98:89:ef:b5:
                    5d:11:05:9c:46:a3:e5:05:a1:7c:31:2e:59:70:ec:
                    8e:98:ae:04:08:9b:fe:42:e0:31:63:56:1e:8a:4e:
                    1a:06:75:7a:eb:b5:d5:2e:e3:14:32:64:ad:4c:a0:
                    bc:72:da:c6:95:52:2e:f1:e9:08:fd:c3:24:4f:d2:
                    e1:27:41:d5:8d:81:f3:a5:32:a9:14:6c:bc:57:5d:
                    00:87:db:1a:00:77:94:10:02:f8:8e:99:1c:5b:5e:
                    f1:e2:0d:a5:ba:e5:a1:9d:5e:41:09:b7:05:f4:c7:
                    c6:82:ad:d9:91:e8:09:b6:34:5e:82:26:2f:35:03:
                    57:e6:b9:c5:d7:f7:52:f7:30:25:73:ba:ba:7a:c2:
                    75:78:51:3b:bb:17:93:80:d3:95:55:20:86:ff:12:
                    ed:72:7e:60:f3:61:b9:e4:db:21:78:c5:af:16:ab:
                    9b:7e:a2:17:e9:d9:e3:40:66:2f:3f:d3:88:1e:db:
                    9f:27:e5:19:38:db:7e:6a:d4:0c:e7:0a:17:43:b3:
                    99:99:05:8c:96:e5:04:3a:24:97:3a:52:a5:fa:ea:
                    90:fd:47:2f:1d:eb:c3:e6:a2:3b:8d:5d:28:87:8a:
                    d6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:26:CB:04:CB:52:C8:E2:FC:D4:6E:B0:F0:7C:E2:33:58:AF:FF:D9
            X509v3 Authority Key Identifier:
                keyid:9E:57:69:96:38:8E:94:B8:C7:AB:20:EF:FB:23:BD:11:BE:CB:41:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/9E576996388E94B8C7AB20EFFB23BD11BECB4108.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nldpljiOlLjHqyDv-yO9Eb7LQQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f5e64030-2f28-42c9-b004-354bb28f6123/0/36322e3134312e34382e302f32312d3234203d3e203331313033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.141.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:71:82:8d:39:55:23:69:70:7f:74:12:c6:c3:ed:83:de:28:
         6e:e5:46:fa:5e:95:ff:60:25:dc:b3:b7:56:e3:a9:be:d9:23:
         2a:90:ee:db:b6:99:55:d2:cd:80:6c:07:cb:54:c3:bb:77:08:
         59:73:da:9c:1a:77:5e:7e:df:62:ca:c9:2c:1b:ed:b1:e5:d9:
         cc:41:c3:f1:b5:5c:12:6a:f4:c9:28:3e:d8:7e:c7:4f:ca:c9:
         02:dc:64:e4:0e:4d:77:8f:69:0d:c3:5c:34:9b:5a:4f:91:33:
         08:b3:3a:cf:15:78:63:18:ff:5f:c3:d2:68:2d:8e:db:68:e5:
         6c:40:af:aa:a7:1b:94:b7:83:d0:a1:73:8a:30:5d:5b:07:b6:
         e8:98:69:80:a8:f9:ee:a9:1c:a4:29:45:80:9d:7f:48:11:fe:
         98:25:ba:77:d1:33:11:c8:a2:14:c8:69:c8:07:10:10:0d:fc:
         7c:aa:0a:39:50:9d:14:e9:8f:a3:ba:cb:dc:f7:a4:73:a8:86:
         9e:90:a1:cd:97:f9:92:fd:ff:d9:12:b6:d4:db:21:3d:06:b9:
         c3:4f:fe:89:32:c8:cd:35:1f:96:77:a2:8d:3c:22:5b:9b:61:
         5c:49:88:84:fa:39:6b:49:24:58:b2:fd:47:5f:9c:9e:db:0f:
         9d:df:c1:b9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUes9LhIZiyZyW/G3P6Lh9H2YzN2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWU1NzY5OTYzODhlOTRiOGM3YWIyMGVmZmIyM2JkMTFi
ZWNiNDEwODAeFw0yNjA0MjAxMzQyMDVaFw0yNzA0MTkxMzQ3MDVaMDMxMTAvBgNV
BAMTKDA4MjZDQjA0Q0I1MkM4RTJGQ0Q0NkVCMEYwN0NFMjMzNThBRkZGRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCU4szTzx0rXOaPxfGdQTfTXl3
sPAZOwKomInvtV0RBZxGo+UFoXwxLllw7I6YrgQIm/5C4DFjVh6KThoGdXrrtdUu
4xQyZK1MoLxy2saVUi7x6Qj9wyRP0uEnQdWNgfOlMqkUbLxXXQCH2xoAd5QQAviO
mRxbXvHiDaW65aGdXkEJtwX0x8aCrdmR6Am2NF6CJi81A1fmucXX91L3MCVzurp6
wnV4UTu7F5OA05VVIIb/Eu1yfmDzYbnk2yF4xa8Wq5t+ohfp2eNAZi8/04ge258n
5Rk4235q1AznChdDs5mZBYyW5QQ6JJc6UqX66pD9Ry8d68PmojuNXSiHitadAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCCbLBMtSyOL81G6w8HziM1iv/9kwHwYDVR0j
BBgwFoAUnldpljiOlLjHqyDv+yO9Eb7LQQgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAtMmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2
MTIzLzAvOUU1NzY5OTYzODhFOTRCOEM3QUIyMEVGRkIyM0JEMTFCRUNCNDEwOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25sZHBsamlPbExqSHF5RHYteU85RWI3
TFFRZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjVlNjQwMzAt
MmYyOC00MmM5LWIwMDQtMzU0YmIyOGY2MTIzLzAvMzYzMjJlMzEzNDMxMmUzNDM4
MmUzMDJmMzIzMTJkMzIzNDIwM2QzZTIwMzMzMTMxMzAzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAz6N
MDANBgkqhkiG9w0BAQsFAAOCAQEAjnGCjTlVI2lwf3QSxsPtg94obuVG+l6V/2Al
3LO3VuOpvtkjKpDu27aZVdLNgGwHy1TDu3cIWXPanBp3Xn7fYsrJLBvtseXZzEHD
8bVcEmr0ySg+2H7HT8rJAtxk5A5Nd49pDcNcNJtaT5EzCLM6zxV4Yxj/X8PSaC2O
22jlbECvqqcblLeD0KFzijBdWwe26JhpgKj57qkcpClFgJ1/SBH+mCW6d9EzEcii
FMhpyAcQEA38fKoKOVCdFOmPo7rL3Pekc6iGnpChzZf5kv3/2RK21NshPQa5w0/+
iTLIzTUflneijTwiW5thXEmIhPo5a0kkWLL9R1+cntsPnd/BuQ==
-----END CERTIFICATE-----