Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35392e302f32342d3234203d3e2039333034.roa
File:                     3132382e302e35392e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          MAHW+NePQXJ3n+sEZOU5cc2O2KZQMjqOMj1BA8VXaSE=
Subject key identifier:   A9:39:46:EB:E7:18:E5:A2:D8:0E:F2:53:C6:F4:4E:DD:E5:62:75:14
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       7A35EFF40F333847ED30ABD27C3FAACBF5EC819F
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35392e302f32342d3234203d3e2039333034.roa
Signing time:             Fri 05 Jun 2026 06:29:13 +0000
ROA not before:           Fri 05 Jun 2026 06:24:13 +0000
ROA not after:            Fri 04 Jun 2027 06:29:13 +0000
asID:                     9304
IP address blocks:        128.0.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 14:30:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:35:ef:f4:0f:33:38:47:ed:30:ab:d2:7c:3f:aa:cb:f5:ec:81:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: Jun  5 06:24:13 2026 GMT
            Not After : Jun  4 06:29:13 2027 GMT
        Subject: CN=A93946EBE718E5A2D80EF253C6F44EDDE5627514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ca:f2:55:f5:26:4e:c7:bc:69:af:6a:94:d1:
                    52:e4:71:99:00:88:06:eb:fe:06:15:19:3b:34:6a:
                    5d:45:f3:52:a5:08:7a:28:c6:e7:e7:fc:4b:a1:30:
                    e8:bc:c2:56:b7:c2:04:2d:0c:6b:49:f6:2d:c2:06:
                    ba:2f:52:75:a7:8c:83:02:83:c9:ae:0c:52:07:89:
                    f7:c2:97:00:bc:86:f5:7b:e8:3d:40:1f:ac:20:80:
                    5c:db:34:0c:54:0d:90:41:e9:99:b9:bb:44:6d:7b:
                    95:f3:4a:4b:59:67:4e:98:2e:e9:a9:da:f4:e1:b4:
                    64:9b:93:27:44:54:f8:34:7b:cd:47:4a:12:b2:a6:
                    8b:73:99:28:4f:da:42:c4:f1:8e:74:85:a4:c9:aa:
                    fe:26:22:50:96:52:0a:45:59:97:b1:02:51:47:57:
                    ee:0d:b2:f0:bf:bd:98:e3:f6:08:17:3c:62:84:9a:
                    ee:d3:ef:d7:ff:1f:b7:3c:94:67:7e:d9:3f:d6:87:
                    fc:f8:c0:64:9a:dc:d1:83:f6:89:8a:8f:ed:93:35:
                    49:da:28:19:c9:e4:21:11:06:7e:de:3b:eb:e2:6d:
                    37:05:e3:02:72:8f:52:60:5a:00:cb:f7:81:c2:1c:
                    c3:d7:ac:2c:89:e7:d5:da:98:60:b2:4f:b2:81:c7:
                    75:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:39:46:EB:E7:18:E5:A2:D8:0E:F2:53:C6:F4:4E:DD:E5:62:75:14
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35392e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:08:e9:9c:5e:73:d5:2b:f7:20:c4:e8:30:53:39:62:95:42:
         96:27:14:4b:3f:9e:70:38:7a:1d:55:1f:84:ed:3f:8f:79:90:
         81:ee:41:51:ac:96:01:14:57:90:d1:67:54:2c:61:91:7d:a3:
         59:c5:01:55:33:d6:90:c3:17:02:70:f2:ae:3c:c8:3d:d7:d6:
         5c:45:2e:4b:fb:ca:59:ad:6a:12:d8:ae:e8:02:5b:15:aa:19:
         d1:90:1c:e5:d6:47:74:c6:fc:9d:29:9c:f0:49:ff:23:4e:fc:
         e9:71:3d:08:3a:a0:69:ae:40:55:87:c9:60:41:9a:4e:51:d7:
         2f:20:6a:73:ca:20:4b:42:d7:66:83:bb:c8:36:02:28:e8:bc:
         90:92:e6:7d:db:bc:a7:dc:5a:0c:20:cb:c4:c5:47:65:0f:74:
         66:d1:fd:be:ca:22:51:b0:70:c3:5f:2c:1c:0e:36:2c:59:68:
         db:1a:2c:8e:86:b5:6f:95:12:6d:26:50:81:0b:fd:bf:80:c0:
         fe:70:ae:d0:9e:1b:88:51:b4:f2:8d:07:f4:76:7e:70:bb:26:
         09:41:67:02:69:5a:2b:9e:1b:2c:0f:df:cc:8d:ed:48:9e:48:
         46:da:98:41:e8:6a:1b:98:d9:84:06:b8:eb:1a:01:d1:16:af:
         62:51:33:18
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUejXv9A8zOEftMKvSfD+qy/XsgZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjA2MDUwNjI0MTNaFw0yNzA2MDQwNjI5MTNaMDMxMTAvBgNV
BAMTKEE5Mzk0NkVCRTcxOEU1QTJEODBFRjI1M0M2RjQ0RURERTU2Mjc1MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/yvJV9SZOx7xpr2qU0VLkcZkA
iAbr/gYVGTs0al1F81KlCHooxufn/EuhMOi8wla3wgQtDGtJ9i3CBrovUnWnjIMC
g8muDFIHiffClwC8hvV76D1AH6wggFzbNAxUDZBB6Zm5u0Rte5XzSktZZ06YLump
2vThtGSbkydEVPg0e81HShKypotzmShP2kLE8Y50haTJqv4mIlCWUgpFWZexAlFH
V+4NsvC/vZjj9ggXPGKEmu7T79f/H7c8lGd+2T/Wh/z4wGSa3NGD9omKj+2TNUna
KBnJ5CERBn7eO+vibTcF4wJyj1JgWgDL94HCHMPXrCyJ59XamGCyT7KBx3WTAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUqTlG6+cY5aLYDvJTxvRO3eVidRQwHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzEzMjM4MmUzMDJlMzUzOTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzMzMDM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAA7MA0G
CSqGSIb3DQEBCwUAA4IBAQCCCOmcXnPVK/cgxOgwUzlilUKWJxRLP55wOHodVR+E
7T+PeZCB7kFRrJYBFFeQ0WdULGGRfaNZxQFVM9aQwxcCcPKuPMg919ZcRS5L+8pZ
rWoS2K7oAlsVqhnRkBzl1kd0xvydKZzwSf8jTvzpcT0IOqBprkBVh8lgQZpOUdcv
IGpzyiBLQtdmg7vINgIo6LyQkuZ927yn3FoMIMvExUdlD3Rm0f2+yiJRsHDDXywc
DjYsWWjbGiyOhrVvlRJtJlCBC/2/gMD+cK7QnhuIUbTyjQf0dn5wuyYJQWcCaVor
nhssD9/Mje1InkhG2phB6GobmNmEBrjrGgHRFq9iUTMY
-----END CERTIFICATE-----