Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234312e302f32342d3234203d3e203135343139.roa
File:                     3231372e392e3234312e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          EJG2SDzWzIGWns6pT4kVSDqRPMJTJNXkz97kFGgjHCI=
Subject key identifier:   FA:55:6D:79:21:0E:CC:15:DB:EB:3E:C2:8A:F8:95:C9:67:C9:DE:B9
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       76498E674958DDFF3D2C810FC45B5F8D437712A1
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234312e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 10 Apr 2026 10:11:00 +0000
ROA not before:           Fri 10 Apr 2026 10:06:00 +0000
ROA not after:            Fri 09 Apr 2027 10:11:00 +0000
asID:                     15419
IP address blocks:        217.9.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:16:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:49:8e:67:49:58:dd:ff:3d:2c:81:0f:c4:5b:5f:8d:43:77:12:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Apr 10 10:06:00 2026 GMT
            Not After : Apr  9 10:11:00 2027 GMT
        Subject: CN=FA556D79210ECC15DBEB3EC28AF895C967C9DEB9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e0:a9:06:f6:fd:c3:a4:48:66:cd:4f:94:99:
                    48:34:c4:fb:04:76:40:6d:d6:3d:a9:11:aa:6b:af:
                    09:a8:72:f1:b1:23:6a:8a:59:96:fb:f4:42:a6:eb:
                    43:07:69:b9:53:4c:fc:c7:f2:2f:e8:01:4c:b2:03:
                    82:81:a1:0f:c2:d7:ca:06:72:19:2b:f2:2f:e6:81:
                    ea:e7:47:f3:58:02:8d:58:06:77:01:27:41:43:dc:
                    51:74:fa:8e:29:be:21:61:1b:1d:ef:17:9a:07:28:
                    1f:18:9f:7b:5a:cd:a0:4a:53:8d:a0:94:1f:61:79:
                    aa:c8:9c:91:0a:49:e3:5a:b7:8a:f4:af:5b:11:f2:
                    54:78:ea:60:b3:8d:5d:d3:dc:d2:50:7f:c9:c7:0a:
                    c5:ea:54:10:a5:67:b8:b0:b1:22:a5:10:a3:34:90:
                    c4:d7:1a:99:8c:ec:74:75:8a:ff:bd:fa:88:dc:01:
                    fe:b7:b7:ba:fb:c0:ec:75:20:b4:f0:0e:0b:fc:f9:
                    3e:36:e0:de:aa:8f:75:50:2f:0d:13:0a:ef:59:e6:
                    a4:24:ea:68:84:3c:a7:9a:33:c6:97:41:3a:0d:d2:
                    7c:0c:47:52:8b:39:21:97:26:4c:83:b2:5a:46:69:
                    9a:f7:ff:6a:be:51:c3:f5:15:d7:a1:3b:af:8e:5f:
                    bc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:55:6D:79:21:0E:CC:15:DB:EB:3E:C2:8A:F8:95:C9:67:C9:DE:B9
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234312e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:cb:6a:fb:dc:e8:ef:20:78:6f:67:00:63:c0:1d:55:a2:e1:
         74:a5:9e:a6:5d:82:b6:fe:1f:19:53:14:e9:6a:fa:4a:3e:30:
         9b:3b:ee:c5:88:2c:a2:c7:1c:e2:ff:d2:66:3f:86:31:b6:f2:
         02:17:22:55:21:30:65:54:39:f5:57:fb:da:5b:e5:21:79:ae:
         cf:7d:75:8b:74:73:29:88:38:df:db:0e:07:b4:ea:eb:28:bf:
         de:76:66:ad:d1:f0:c4:53:d5:d4:1d:1d:c4:52:8d:ba:51:a8:
         2a:b4:db:e8:d8:8c:90:fe:e1:50:71:3d:7a:e5:71:f9:03:4a:
         2a:78:5b:9b:f9:5f:20:52:60:03:18:37:d9:43:37:9d:05:42:
         bc:a0:8d:fc:22:f3:01:7a:bc:c5:cf:cc:a2:17:a1:dc:f8:a6:
         5c:78:e4:d2:6e:03:e5:4f:d5:ea:3c:46:62:d3:50:19:fd:ec:
         1e:d3:fe:f4:87:48:e3:94:d3:eb:37:ca:e6:6b:ba:10:67:f8:
         78:fb:6a:0f:4d:f0:81:b8:8e:49:0b:2c:0a:62:21:c8:d2:41:
         9d:88:bd:14:aa:70:ee:d9:6d:05:a7:4e:65:17:de:94:37:02:
         a6:64:63:82:d3:0b:71:dd:6a:e0:e2:94:be:65:b3:00:fc:a5:
         6d:ab:11:8d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdkmOZ0lY3f89LIEPxFtfjUN3EqEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA2MDBaFw0yNzA0MDkxMDExMDBaMDMxMTAvBgNV
BAMTKEZBNTU2RDc5MjEwRUNDMTVEQkVCM0VDMjhBRjg5NUM5NjdDOURFQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS4KkG9v3DpEhmzU+UmUg0xPsE
dkBt1j2pEaprrwmocvGxI2qKWZb79EKm60MHablTTPzH8i/oAUyyA4KBoQ/C18oG
chkr8i/mgernR/NYAo1YBncBJ0FD3FF0+o4pviFhGx3vF5oHKB8Yn3tazaBKU42g
lB9hearInJEKSeNat4r0r1sR8lR46mCzjV3T3NJQf8nHCsXqVBClZ7iwsSKlEKM0
kMTXGpmM7HR1iv+9+ojcAf63t7r7wOx1ILTwDgv8+T424N6qj3VQLw0TCu9Z5qQk
6miEPKeaM8aXQToN0nwMR1KLOSGXJkyDslpGaZr3/2q+UcP1FdehO6+OX7z/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU+lVteSEOzBXb6z7CiviVyWfJ3rkwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzIzMTM3MmUzOTJlMzIzNDMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkJ
8TANBgkqhkiG9w0BAQsFAAOCAQEAectq+9zo7yB4b2cAY8AdVaLhdKWepl2Ctv4f
GVMU6Wr6Sj4wmzvuxYgsoscc4v/SZj+GMbbyAhciVSEwZVQ59Vf72lvlIXmuz311
i3RzKYg439sOB7Tq6yi/3nZmrdHwxFPV1B0dxFKNulGoKrTb6NiMkP7hUHE9euVx
+QNKKnhbm/lfIFJgAxg32UM3nQVCvKCN/CLzAXq8xc/Moheh3PimXHjk0m4D5U/V
6jxGYtNQGf3sHtP+9IdI45TT6zfK5mu6EGf4ePtqD03wgbiOSQssCmIhyNJBnYi9
FKpw7tltBadOZRfelDcCpmRjgtMLcd1q4OKUvmWzAPylbasRjQ==
-----END CERTIFICATE-----