Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233392e302f32342d3234203d3e203631333137.roa
File:                     3231322e322e3233392e302f32342d3234203d3e203631333137.roa (raw, json)
Hash identifier:          88ZqPS4KLL3VUrzEGEoOTIi444han9774YJzqSj1Xig=
Subject key identifier:   F2:BF:D2:BE:B5:39:C7:A3:FB:8C:A4:47:E3:FF:31:11:2C:94:C4:B9
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       0CEBD287FEF462183C06DDBF9265D30A962798F7
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233392e302f32342d3234203d3e203631333137.roa
Signing time:             Thu 05 Feb 2026 11:55:36 +0000
ROA not before:           Thu 05 Feb 2026 11:50:36 +0000
ROA not after:            Thu 04 Feb 2027 11:55:36 +0000
asID:                     61317
IP address blocks:        212.2.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:eb:d2:87:fe:f4:62:18:3c:06:dd:bf:92:65:d3:0a:96:27:98:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  5 11:50:36 2026 GMT
            Not After : Feb  4 11:55:36 2027 GMT
        Subject: CN=F2BFD2BEB539C7A3FB8CA447E3FF31112C94C4B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1c:e2:c3:7e:06:34:24:5b:76:05:04:23:aa:
                    e2:30:1d:8e:21:2e:ef:9d:c8:34:42:e4:8f:ba:c9:
                    b5:9e:11:45:a9:4f:74:c0:06:69:95:1b:03:21:bb:
                    6d:3e:52:63:35:8e:92:ee:d0:dd:4e:6e:6d:c4:39:
                    f5:a1:3b:8a:bc:55:51:36:1e:eb:28:cc:c6:75:13:
                    40:35:c1:24:1e:20:a8:04:a6:26:f8:7c:a5:17:ae:
                    d8:2f:d7:e2:40:78:72:77:b7:98:58:31:c0:d5:92:
                    5a:d0:8d:dc:0e:eb:ea:83:3a:b1:3f:ba:2f:01:e6:
                    03:7e:ed:89:49:f4:a4:f8:e4:32:4c:46:e2:9f:15:
                    e4:e7:93:ed:63:ad:82:a8:b2:21:a6:4d:71:5d:b5:
                    60:ed:d8:2d:ef:65:4a:92:ae:b8:ff:61:7e:11:1a:
                    08:04:63:84:a0:9a:f1:06:60:7a:27:55:85:4a:4a:
                    40:5c:23:5d:59:d4:cd:83:c3:5a:51:3b:b5:80:4e:
                    e4:ea:ed:67:8f:fc:d6:2d:d9:8a:02:99:ed:f0:e6:
                    e4:e0:0e:76:f1:f8:59:fb:dd:2e:38:bd:c3:25:2a:
                    c1:38:ec:57:55:24:da:12:58:87:1f:72:82:b6:df:
                    a4:1a:74:a0:11:31:04:a3:1c:28:c1:98:b0:e4:a6:
                    69:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BF:D2:BE:B5:39:C7:A3:FB:8C:A4:47:E3:FF:31:11:2C:94:C4:B9
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233392e302f32342d3234203d3e203631333137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ca:4a:17:3e:a4:ac:b9:29:a3:4a:4e:9c:b3:59:dc:ed:c6:
         61:07:40:6c:07:12:0e:48:48:4c:59:00:ff:7e:8b:51:32:ab:
         d8:d5:86:33:8a:5e:f1:97:ee:39:31:9f:fd:d6:02:3b:f5:1d:
         24:d5:7e:51:df:49:a2:7c:19:04:0e:34:f2:dc:3d:9f:d7:57:
         d5:6e:b9:59:7a:93:3b:ed:03:46:78:2e:d0:d1:98:ea:2a:16:
         17:33:72:d0:03:3b:07:3e:93:bd:ec:58:7f:a6:b9:83:2f:29:
         3b:a2:0e:eb:f7:2d:c9:55:6c:20:fb:6d:6f:60:4f:56:74:b9:
         07:12:45:70:16:0a:fa:6a:bc:6b:75:3c:08:b6:6b:f4:47:2e:
         a3:6c:0d:3e:1c:8d:80:e4:39:f8:6d:11:47:72:a7:0f:82:2a:
         5e:ba:f6:f2:28:42:23:ea:d3:18:d8:03:0b:69:ad:d8:66:e3:
         fb:41:f7:9c:a8:dd:d1:d7:f5:ee:27:5b:71:fb:91:63:cf:e9:
         97:80:03:23:91:d8:d9:f3:78:64:51:17:57:ae:11:71:85:af:
         38:9a:db:44:dd:77:ac:6e:dd:5c:5f:27:fd:57:56:fd:33:d9:
         43:57:5f:a5:c9:da:40:00:19:91:c2:17:d5:d2:e5:28:ec:82:
         c4:53:fb:c2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDOvSh/70Yhg8Bt2/kmXTCpYnmPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzZaFw0yNzAyMDQxMTU1MzZaMDMxMTAvBgNV
BAMTKEYyQkZEMkJFQjUzOUM3QTNGQjhDQTQ0N0UzRkYzMTExMkM5NEM0QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrHOLDfgY0JFt2BQQjquIwHY4h
Lu+dyDRC5I+6ybWeEUWpT3TABmmVGwMhu20+UmM1jpLu0N1Obm3EOfWhO4q8VVE2
HusozMZ1E0A1wSQeIKgEpib4fKUXrtgv1+JAeHJ3t5hYMcDVklrQjdwO6+qDOrE/
ui8B5gN+7YlJ9KT45DJMRuKfFeTnk+1jrYKosiGmTXFdtWDt2C3vZUqSrrj/YX4R
GggEY4SgmvEGYHonVYVKSkBcI11Z1M2Dw1pRO7WATuTq7WeP/NYt2YoCme3w5uTg
Dnbx+Fn73S44vcMlKsE47FdVJNoSWIcfcoK236QadKARMQSjHCjBmLDkpmnFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8r/SvrU5x6P7jKRH4/8xESyUxLkwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMyMmUzMjJlMzIzMzM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTMzMzEzNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQC
7zANBgkqhkiG9w0BAQsFAAOCAQEAhcpKFz6krLkpo0pOnLNZ3O3GYQdAbAcSDkhI
TFkA/36LUTKr2NWGM4pe8ZfuOTGf/dYCO/UdJNV+Ud9JonwZBA408tw9n9dX1W65
WXqTO+0DRngu0NGY6ioWFzNy0AM7Bz6TvexYf6a5gy8pO6IO6/ctyVVsIPttb2BP
VnS5BxJFcBYK+mq8a3U8CLZr9Ecuo2wNPhyNgOQ5+G0RR3KnD4IqXrr28ihCI+rT
GNgDC2mt2Gbj+0H3nKjd0df17idbcfuRY8/pl4ADI5HY2fN4ZFEXV64RcYWvOJrb
RN13rG7dXF8n/VdW/TPZQ1dfpcnaQAAZkcIX1dLlKOyCxFP7wg==
-----END CERTIFICATE-----