Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203134363138.roa
File:                     38322e3131382e33312e302f32342d3234203d3e203134363138.roa (raw, json)
Hash identifier:          M8A4pv7Ga3lILjGKJMYzZ7C0KqHQjVqHGnt7ZKgmIHQ=
Subject key identifier:   51:B6:20:4B:FB:23:1D:1D:06:1D:CC:F1:FB:63:CB:73:A4:DD:6F:5A
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       1964D86F2D7F00D7823D3B28AC5C80D3F58098E6
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203134363138.roa
Signing time:             Thu 05 Feb 2026 11:55:36 +0000
ROA not before:           Thu 05 Feb 2026 11:50:36 +0000
ROA not after:            Thu 04 Feb 2027 11:55:36 +0000
asID:                     14618
IP address blocks:        82.118.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Feb 2026 21:56:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:64:d8:6f:2d:7f:00:d7:82:3d:3b:28:ac:5c:80:d3:f5:80:98:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  5 11:50:36 2026 GMT
            Not After : Feb  4 11:55:36 2027 GMT
        Subject: CN=51B6204BFB231D1D061DCCF1FB63CB73A4DD6F5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:bc:95:ef:9b:b4:27:99:c7:29:d6:4a:43:a5:
                    e3:46:74:f4:16:74:74:a7:a8:f9:b7:a1:26:06:da:
                    97:04:97:2d:b9:32:2b:51:df:fc:ff:6e:0b:46:c3:
                    71:60:d3:53:f9:78:0f:7b:ff:8f:77:d8:91:e1:89:
                    01:47:36:37:0b:03:2d:53:64:f7:73:41:90:35:43:
                    a7:3e:1f:a6:cc:fc:f2:4a:43:d2:e8:18:16:0e:0d:
                    df:10:08:e9:a0:e1:97:d1:d7:9c:ef:0f:a6:76:1e:
                    1a:ba:63:a4:9e:23:ad:99:95:4e:47:43:9a:48:14:
                    bc:bb:f6:68:9e:10:8c:57:f0:04:e5:59:93:be:2c:
                    e6:15:ec:1a:ce:d0:da:18:d4:e3:c8:1c:54:04:7d:
                    a6:9d:01:c1:49:56:1a:d2:9c:55:a1:c5:00:d4:7d:
                    05:55:2c:8d:2d:ce:aa:2b:00:8d:15:30:c1:18:3a:
                    a4:4a:02:db:22:6e:d2:86:4b:16:50:60:40:52:45:
                    69:ff:3d:90:89:5d:03:1f:9e:30:3a:96:cf:51:0d:
                    17:96:40:7e:14:d0:5c:08:09:3d:57:0c:b2:58:57:
                    cc:79:a3:6f:94:f5:74:d7:e2:28:d5:7a:40:33:9a:
                    5d:0e:5c:08:e2:61:2a:e3:65:d8:b9:91:6f:51:ec:
                    71:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B6:20:4B:FB:23:1D:1D:06:1D:CC:F1:FB:63:CB:73:A4:DD:6F:5A
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203134363138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:9a:a7:8c:6e:e1:e9:1c:a2:c4:30:46:6e:df:a5:b9:57:36:
         cb:03:7b:f4:28:19:ab:0f:2d:58:9d:18:b8:3a:69:ff:bb:46:
         f5:61:ec:f5:e0:de:b5:5e:02:c4:48:3c:bd:72:d1:cf:a1:d1:
         94:17:56:45:ae:40:16:31:8d:44:d2:5d:7c:0b:25:13:49:62:
         f8:e6:6b:9c:d3:7b:af:f0:44:48:5c:4d:19:c1:39:df:f8:85:
         01:31:a1:56:9c:ce:d6:ca:c1:38:d7:ab:98:43:bd:70:55:29:
         13:67:f1:2c:f4:0d:77:52:3f:2f:3a:81:44:20:08:8d:6d:ea:
         60:01:0a:12:b8:36:e9:0c:9d:52:65:1e:5f:ce:47:82:58:f5:
         47:04:5d:8a:10:00:fd:81:4b:a8:68:99:3b:86:9e:d2:aa:45:
         b7:7b:ac:2e:28:7d:d1:7b:6e:38:95:1d:81:5d:d2:93:66:36:
         22:37:6a:e6:81:78:39:8b:03:e3:57:15:18:37:3c:40:97:20:
         28:f7:ef:fa:12:7b:6c:23:63:98:a1:fa:24:c4:11:15:61:5f:
         a4:3a:9d:a4:23:ba:07:2d:66:73:50:ab:46:9e:6e:7d:a1:75:
         8a:50:e9:9b:e6:1f:22:9e:2e:3f:10:ec:f4:3b:6c:bd:70:b2:
         39:b9:bb:91
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGWTYby1/ANeCPTsorFyA0/WAmOYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzZaFw0yNzAyMDQxMTU1MzZaMDMxMTAvBgNV
BAMTKDUxQjYyMDRCRkIyMzFEMUQwNjFEQ0NGMUZCNjNDQjczQTRERDZGNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGvJXvm7Qnmccp1kpDpeNGdPQW
dHSnqPm3oSYG2pcEly25MitR3/z/bgtGw3Fg01P5eA97/4932JHhiQFHNjcLAy1T
ZPdzQZA1Q6c+H6bM/PJKQ9LoGBYODd8QCOmg4ZfR15zvD6Z2Hhq6Y6SeI62ZlU5H
Q5pIFLy79mieEIxX8ATlWZO+LOYV7BrO0NoY1OPIHFQEfaadAcFJVhrSnFWhxQDU
fQVVLI0tzqorAI0VMMEYOqRKAtsibtKGSxZQYEBSRWn/PZCJXQMfnjA6ls9RDReW
QH4U0FwICT1XDLJYV8x5o2+U9XTX4ijVekAzml0OXAjiYSrjZdi5kW9R7HGjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUUbYgS/sjHR0GHczx+2PLc6Tdb1owHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNDM2MzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
HzANBgkqhkiG9w0BAQsFAAOCAQEAF5qnjG7h6RyixDBGbt+luVc2ywN79CgZqw8t
WJ0YuDpp/7tG9WHs9eDetV4CxEg8vXLRz6HRlBdWRa5AFjGNRNJdfAslE0li+OZr
nNN7r/BESFxNGcE53/iFATGhVpzO1srBONermEO9cFUpE2fxLPQNd1I/LzqBRCAI
jW3qYAEKErg26QydUmUeX85Hglj1RwRdihAA/YFLqGiZO4ae0qpFt3usLih90Xtu
OJUdgV3Sk2Y2Ijdq5oF4OYsD41cVGDc8QJcgKPfv+hJ7bCNjmKH6JMQRFWFfpDqd
pCO6By1mc1CrRp5ufaF1ilDpm+YfIp4uPxDs9DtsvXCyObm7kQ==
-----END CERTIFICATE-----