Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31392e302f32342d3234203d3e203135343139.roa
File:                     38392e3131362e31392e302f32342d3234203d3e203135343139.roa (raw, json)
Hash identifier:          IYPeBc0njFQqxrAGs2OJRowmjEd1rlfv9Au+QQE5POo=
Subject key identifier:   2A:F4:49:0D:C1:6B:19:BB:B0:21:2A:8F:60:C7:90:ED:1B:29:4C:86
Certificate issuer:       /CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
Certificate serial:       471C6CF74468C0ADEB2C4B511C51D473DCB43492
Authority key identifier: 9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31392e302f32342d3234203d3e203135343139.roa
Signing time:             Fri 10 Apr 2026 10:10:59 +0000
ROA not before:           Fri 10 Apr 2026 10:05:59 +0000
ROA not after:            Fri 09 Apr 2027 10:10:59 +0000
asID:                     15419
IP address blocks:        89.116.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:16:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:1c:6c:f7:44:68:c0:ad:eb:2c:4b:51:1c:51:d4:73:dc:b4:34:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9df85997b1b9b358e1c43f36765aa0a4a02144ae
        Validity
            Not Before: Apr 10 10:05:59 2026 GMT
            Not After : Apr  9 10:10:59 2027 GMT
        Subject: CN=2AF4490DC16B19BBB0212A8F60C790ED1B294C86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:18:14:68:7b:5f:e5:fc:43:26:6d:48:87:d1:
                    50:f1:27:e3:22:ce:57:60:d1:f2:4b:37:2b:a9:49:
                    4f:d6:76:35:6c:2f:0f:87:b8:08:b2:28:8a:67:0f:
                    0b:fa:7a:01:d9:da:cc:5f:30:57:ea:af:22:25:4e:
                    64:ae:a0:c2:1d:6e:10:02:c3:5c:c0:95:66:c5:33:
                    39:40:b6:a3:de:f6:fd:0a:36:89:55:c1:a4:ec:9c:
                    2f:d9:59:6b:f2:08:1b:70:aa:ac:5e:28:bf:3f:e7:
                    e0:b0:26:d7:12:c9:d1:a9:bd:b1:24:84:b0:64:fe:
                    8c:7f:09:b0:e5:66:d3:3f:7c:10:ce:44:26:08:37:
                    a3:b5:a2:75:75:b6:d3:fc:2b:74:82:5c:69:36:2c:
                    17:58:7d:e5:42:ca:c8:1e:09:9f:68:4e:3a:89:a1:
                    ae:e3:0a:e7:ee:8f:5d:a9:5f:64:3f:a5:69:4e:89:
                    d0:a4:e2:5f:da:83:fe:af:6e:92:18:7e:d7:47:25:
                    53:5f:2b:73:d9:46:8c:7c:f2:9f:7d:98:85:96:b0:
                    69:aa:64:5d:c9:f7:77:d5:81:ff:2f:a5:81:3f:97:
                    58:c5:5c:57:9a:d6:a2:8b:63:ac:11:b3:15:87:23:
                    4d:5e:8d:60:0c:a7:a3:02:f1:17:52:9f:39:58:15:
                    b9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F4:49:0D:C1:6B:19:BB:B0:21:2A:8F:60:C7:90:ED:1B:29:4C:86
            X509v3 Authority Key Identifier:
                keyid:9D:F8:59:97:B1:B9:B3:58:E1:C4:3F:36:76:5A:A0:A4:A0:21:44:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/9DF85997B1B9B358E1C43F36765AA0A4A02144AE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfhZl7G5s1jhxD82dlqgpKAhRK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/002e0ba3-fe60-45b1-9160-868a2f8a43b1/3/38392e3131362e31392e302f32342d3234203d3e203135343139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.116.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:7b:7c:7e:5f:be:ed:b9:53:22:91:42:9b:b1:52:bc:72:73:
         5b:6a:ce:c9:af:18:43:46:98:e8:76:0d:d6:bc:67:46:b9:f7:
         7c:12:2e:cc:e0:d8:53:16:90:40:8d:5e:88:22:56:f9:c8:89:
         33:25:12:ae:f5:c6:b2:e3:ef:b3:0b:f9:96:2c:c3:07:d4:54:
         3d:73:d8:e4:a3:ef:35:e7:1a:91:3a:c6:48:54:66:ba:5c:9d:
         7f:75:50:ef:ab:ae:da:ae:5a:b2:dd:28:a2:4b:6f:8f:c3:2d:
         1a:b6:14:13:22:65:23:2c:49:c5:d7:df:3e:6e:9e:cb:f8:16:
         92:d1:02:98:ca:5c:46:b6:71:35:33:e5:1d:bf:74:b0:a5:d7:
         1f:6a:f8:03:3d:84:54:f4:0b:ec:47:c8:10:ab:38:6f:aa:0f:
         c8:a3:16:c9:89:be:12:1f:6d:4b:af:66:77:7d:19:3d:e7:0d:
         14:d7:35:19:55:51:f8:44:ec:db:54:5f:a2:ac:3f:6b:0e:3c:
         ef:21:21:fb:95:c8:1b:f6:41:7d:63:43:66:d1:48:6e:e0:42:
         88:7a:33:f7:a9:b0:e3:aa:89:bc:1b:37:2a:47:7e:a2:aa:48:
         58:15:bd:22:84:ad:dd:ff:04:bb:39:5b:a7:35:9c:0c:4d:f8:
         a8:4c:bc:f4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURxxs90RowK3rLEtRHFHUc9y0NJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmODU5OTdiMWI5YjM1OGUxYzQzZjM2NzY1YWEwYTRh
MDIxNDRhZTAeFw0yNjA0MTAxMDA1NTlaFw0yNzA0MDkxMDEwNTlaMDMxMTAvBgNV
BAMTKDJBRjQ0OTBEQzE2QjE5QkJCMDIxMkE4RjYwQzc5MEVEMUIyOTRDODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChGBRoe1/l/EMmbUiH0VDxJ+Mi
zldg0fJLNyupSU/WdjVsLw+HuAiyKIpnDwv6egHZ2sxfMFfqryIlTmSuoMIdbhAC
w1zAlWbFMzlAtqPe9v0KNolVwaTsnC/ZWWvyCBtwqqxeKL8/5+CwJtcSydGpvbEk
hLBk/ox/CbDlZtM/fBDORCYIN6O1onV1ttP8K3SCXGk2LBdYfeVCysgeCZ9oTjqJ
oa7jCufuj12pX2Q/pWlOidCk4l/ag/6vbpIYftdHJVNfK3PZRox88p99mIWWsGmq
ZF3J93fVgf8vpYE/l1jFXFea1qKLY6wRsxWHI01ejWAMp6MC8RdSnzlYFblVAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKvRJDcFrGbuwISqPYMeQ7RspTIYwHwYDVR0j
BBgwFoAUnfhZl7G5s1jhxD82dlqgpKAhRK4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMtZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0
M2IxLzMvOURGODU5OTdCMUI5QjM1OEUxQzQzRjM2NzY1QUEwQTRBMDIxNDRBRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25maFpsN0c1czFqaHhEODJkbHFncEtB
aFJLNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDAyZTBiYTMt
ZmU2MC00NWIxLTkxNjAtODY4YTJmOGE0M2IxLzMvMzgzOTJlMzEzMTM2MmUzMTM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNTM0MzEzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFl0
EzANBgkqhkiG9w0BAQsFAAOCAQEALHt8fl++7blTIpFCm7FSvHJzW2rOya8YQ0aY
6HYN1rxnRrn3fBIuzODYUxaQQI1eiCJW+ciJMyUSrvXGsuPvswv5lizDB9RUPXPY
5KPvNecakTrGSFRmulydf3VQ76uu2q5ast0ooktvj8MtGrYUEyJlIyxJxdffPm6e
y/gWktECmMpcRrZxNTPlHb90sKXXH2r4Az2EVPQL7EfIEKs4b6oPyKMWyYm+Eh9t
S69md30ZPecNFNc1GVVR+ETs21Rfoqw/aw487yEh+5XIG/ZBfWNDZtFIbuBCiHoz
96mw46qJvBs3Kkd+oqpIWBW9IoSt3f8EuzlbpzWcDE34qEy89A==
-----END CERTIFICATE-----