Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
File:                     3231372e392e3234322e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          mgaSFuH9dwlQC9LQOF1dVYEFek9VIOTVBqz/2FqpDg4=
Subject key identifier:   24:8F:11:F8:33:AB:3B:3A:10:04:2C:49:15:87:D8:53:65:B6:E0:27
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       21EDFC2FECD7248EDBEA543E64531BDC9FF7B0D0
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 10 Apr 2026 10:10:58 +0000
ROA not before:           Fri 10 Apr 2026 10:05:58 +0000
ROA not after:            Fri 09 Apr 2027 10:10:58 +0000
asID:                     15419
IP address blocks:        217.9.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:16:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:ed:fc:2f:ec:d7:24:8e:db:ea:54:3e:64:53:1b:dc:9f:f7:b0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Apr 10 10:05:58 2026 GMT
            Not After : Apr  9 10:10:58 2027 GMT
        Subject: CN=248F11F833AB3B3A10042C491587D85365B6E027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:3b:aa:d4:31:9c:47:82:1b:16:5b:87:27:8a:
                    10:b2:c1:69:ba:18:db:12:09:62:8c:38:02:8a:5e:
                    4d:dd:4b:bf:2f:aa:2d:ec:29:85:d4:3b:93:88:76:
                    3e:2b:0c:9f:41:84:f9:6a:b5:d0:42:20:04:49:b1:
                    41:3d:23:3a:05:70:ee:5b:db:c2:62:98:36:11:e5:
                    66:3d:c0:0a:3b:a6:64:92:4a:98:01:71:9f:b0:6f:
                    62:3e:d5:38:de:86:10:1b:58:19:65:6d:f8:32:66:
                    b1:ce:57:dd:85:bb:f0:25:79:98:0a:ea:23:91:b0:
                    fd:13:5f:8c:6f:48:38:60:65:a9:2d:48:d7:15:66:
                    e3:04:43:e2:15:ad:6b:ed:83:f0:2d:4b:5d:d8:39:
                    ee:c0:ce:9c:bd:13:b5:e9:6b:d7:23:f3:93:f1:42:
                    67:88:0b:0e:bb:c2:37:c3:19:65:15:78:74:41:52:
                    42:21:d2:05:6f:02:5f:2c:b6:d2:ce:10:84:cb:34:
                    70:79:df:6f:ac:1a:70:9e:75:49:92:c1:d3:0b:1e:
                    8f:0b:46:49:44:a3:df:db:b1:9c:a6:41:5e:9d:c3:
                    4d:2b:b1:b3:04:d1:4b:1c:7f:30:5c:53:6c:c5:3f:
                    a7:b0:60:83:fc:6c:98:c4:76:85:db:dc:00:8a:78:
                    1a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8F:11:F8:33:AB:3B:3A:10:04:2C:49:15:87:D8:53:65:B6:E0:27
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/3231372e392e3234322e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d7:41:78:9e:de:ea:8c:3d:a1:f0:d5:6d:50:f7:29:b5:aa:
         3e:f7:83:30:0a:a2:1f:ea:e4:ae:68:95:91:97:ce:c6:fe:53:
         48:06:18:e3:c8:5d:bb:25:54:9e:f7:66:ce:98:bd:0a:7d:20:
         ed:12:de:96:3e:72:5f:27:cf:24:a9:af:60:8f:43:20:9c:04:
         37:80:22:b2:3b:a8:1d:4f:ac:fe:e4:4e:15:68:b2:37:ba:7a:
         bf:43:dc:6e:cf:7a:7c:59:19:8d:04:20:09:32:02:bb:1f:8b:
         f2:ce:da:3c:35:db:92:1e:78:49:69:21:04:0a:b1:ec:1a:35:
         73:4c:50:34:e0:1d:79:a2:9f:28:51:74:e2:e2:5e:f5:dc:ad:
         f6:13:e2:ea:62:05:ce:10:af:ae:22:0d:a9:dd:70:8d:83:1c:
         c3:8c:57:1c:b1:90:b8:d3:67:e1:24:34:75:62:62:ba:4b:9d:
         76:0c:03:d1:f5:b4:e7:c2:e3:a9:a0:fa:f5:a7:76:bc:f1:25:
         19:d0:ec:43:ea:7c:49:5d:9f:2e:99:e1:3d:fc:8c:3e:92:42:
         f0:53:aa:09:9d:31:b4:28:2c:09:e3:4d:3b:29:f0:d8:8f:66:
         96:3f:0b:22:d3:ba:77:18:08:4d:ad:a1:16:2c:a6:3f:d7:f8:
         d0:24:b2:d8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUIe38L+zXJI7b6lQ+ZFMb3J/3sNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA1NThaFw0yNzA0MDkxMDEwNThaMDMxMTAvBgNV
BAMTKDI0OEYxMUY4MzNBQjNCM0ExMDA0MkM0OTE1ODdEODUzNjVCNkUwMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChO6rUMZxHghsWW4cnihCywWm6
GNsSCWKMOAKKXk3dS78vqi3sKYXUO5OIdj4rDJ9BhPlqtdBCIARJsUE9IzoFcO5b
28JimDYR5WY9wAo7pmSSSpgBcZ+wb2I+1TjehhAbWBllbfgyZrHOV92Fu/AleZgK
6iORsP0TX4xvSDhgZaktSNcVZuMEQ+IVrWvtg/AtS13YOe7Azpy9E7Xpa9cj85Px
QmeICw67wjfDGWUVeHRBUkIh0gVvAl8sttLOEITLNHB532+sGnCedUmSwdMLHo8L
RklEo9/bsZymQV6dw00rsbME0UscfzBcU2zFP6ewYIP8bJjEdoXb3ACKeBqHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUJI8R+DOrOzoQBCxJFYfYU2W24CcwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzIzMTM3MmUzOTJlMzIzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANkJ
8jANBgkqhkiG9w0BAQsFAAOCAQEAFtdBeJ7e6ow9ofDVbVD3KbWqPveDMAqiH+rk
rmiVkZfOxv5TSAYY48hduyVUnvdmzpi9Cn0g7RLelj5yXyfPJKmvYI9DIJwEN4Ai
sjuoHU+s/uROFWiyN7p6v0Pcbs96fFkZjQQgCTICux+L8s7aPDXbkh54SWkhBAqx
7Bo1c0xQNOAdeaKfKFF04uJe9dyt9hPi6mIFzhCvriINqd1wjYMcw4xXHLGQuNNn
4SQ0dWJiukuddgwD0fW058LjqaD69ad2vPElGdDsQ+p8SV2fLpnhPfyMPpJC8FOq
CZ0xtCgsCeNNOynw2I9mlj8LItO6dxgITa2hFiymP9f40CSy2A==
-----END CERTIFICATE-----