Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/39352e3231342e33382e302f32342d3234203d3e2036303739.roa
File:                     39352e3231342e33382e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          KBgnFBTttjHl9LABg4P9nQEEp0OKX5YjlGuq/SPs3Kw=
Subject key identifier:   37:DD:85:34:1D:03:4E:9B:9D:16:D2:04:F8:B9:A3:69:C1:66:B1:25
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       20D4C14B9FC201B78BE99AE92177EEB52E99A7A3
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/39352e3231342e33382e302f32342d3234203d3e2036303739.roa
Signing time:             Fri 13 Feb 2026 02:59:27 +0000
ROA not before:           Fri 13 Feb 2026 02:54:27 +0000
ROA not after:            Fri 12 Feb 2027 02:59:27 +0000
asID:                     6079
IP address blocks:        95.214.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:50:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:d4:c1:4b:9f:c2:01:b7:8b:e9:9a:e9:21:77:ee:b5:2e:99:a7:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: Feb 13 02:54:27 2026 GMT
            Not After : Feb 12 02:59:27 2027 GMT
        Subject: CN=37DD85341D034E9B9D16D204F8B9A369C166B125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b0:cb:1b:4f:81:49:f4:78:2e:a9:db:38:d0:
                    54:3e:f6:a5:5a:7e:8a:99:bf:c3:7a:b0:07:a5:7f:
                    eb:79:10:b8:c6:a1:87:59:0a:b1:ed:48:cc:d8:0d:
                    ad:d8:2e:6e:f8:52:c0:41:6f:4c:06:8b:42:b1:fd:
                    01:61:f8:ed:50:c8:8e:f1:d1:46:e6:8d:59:44:51:
                    f6:22:52:8e:dc:d3:0c:99:36:f3:d3:17:9c:e9:4d:
                    7e:f6:5c:95:9c:5e:96:8b:6b:0e:b6:58:98:45:39:
                    e3:6f:02:af:ce:c1:98:77:75:bc:fb:48:b9:80:0b:
                    92:cc:b4:c9:f5:f7:f5:76:13:bc:31:22:9f:74:de:
                    66:0f:76:55:21:de:b0:9b:c1:40:ef:d1:f1:03:22:
                    46:1e:a0:40:50:f6:b2:f3:07:4e:b9:a9:5a:29:92:
                    62:7b:cf:24:9a:09:df:84:e0:a0:d6:a6:c5:a6:5c:
                    67:c4:ee:0f:59:46:8e:88:11:fa:1a:02:ed:0e:26:
                    96:1b:c5:5c:87:4a:58:2a:62:7f:ad:37:a1:5e:fb:
                    ea:df:fa:66:06:e2:6c:45:59:47:fd:ab:f8:c5:76:
                    69:23:a7:73:86:f6:c6:fb:a1:9d:dc:c3:ad:ef:48:
                    69:b7:64:95:a9:76:a6:75:3c:25:d3:c0:b9:ca:26:
                    44:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DD:85:34:1D:03:4E:9B:9D:16:D2:04:F8:B9:A3:69:C1:66:B1:25
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/39352e3231342e33382e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:99:e3:7f:a8:65:b0:39:59:f6:1a:42:e0:68:19:cb:19:08:
         46:9f:b3:db:b6:f1:cf:4b:4d:df:fd:77:43:f3:b2:03:ed:cc:
         9d:67:2a:06:f8:26:0c:1d:d0:e0:0f:d8:ef:95:ad:83:a2:b2:
         f7:e3:83:5a:f5:ba:52:3f:c2:5d:e5:35:7d:9f:46:e4:37:37:
         1d:02:45:43:c8:e6:60:4c:f4:79:2d:94:e1:7b:07:71:6e:39:
         45:a1:ac:dc:c3:8d:33:18:7e:54:19:72:3a:40:7c:30:ee:84:
         56:83:10:fb:96:ea:6d:a6:b4:3a:1c:75:a7:21:32:b2:6a:74:
         e2:a7:c4:73:6a:93:4c:84:b9:6b:91:c3:e2:f3:04:02:2d:5b:
         90:ba:a8:19:c9:53:85:6d:d2:5d:07:94:6f:d7:53:6b:c2:a2:
         2d:d3:d2:8a:4c:e9:d3:00:80:5c:39:88:25:eb:1b:a2:41:96:
         ec:94:15:a8:97:63:1f:80:96:44:ae:09:a9:45:9a:a8:7f:77:
         18:3a:b0:3a:0b:be:ed:04:9e:f5:6b:32:1d:ca:a5:34:ad:c3:
         a9:1e:65:2b:2c:48:98:e3:ac:06:42:b9:a4:12:01:9e:22:ca:
         85:5a:49:3e:5e:12:63:98:68:09:6d:d3:92:d0:1a:7a:59:e3:
         9c:41:31:13
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUINTBS5/CAbeL6ZrpIXfutS6Zp6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjAyMTMwMjU0MjdaFw0yNzAyMTIwMjU5MjdaMDMxMTAvBgNV
BAMTKDM3REQ4NTM0MUQwMzRFOUI5RDE2RDIwNEY4QjlBMzY5QzE2NkIxMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWsMsbT4FJ9Hguqds40FQ+9qVa
foqZv8N6sAelf+t5ELjGoYdZCrHtSMzYDa3YLm74UsBBb0wGi0Kx/QFh+O1QyI7x
0UbmjVlEUfYiUo7c0wyZNvPTF5zpTX72XJWcXpaLaw62WJhFOeNvAq/OwZh3dbz7
SLmAC5LMtMn19/V2E7wxIp903mYPdlUh3rCbwUDv0fEDIkYeoEBQ9rLzB065qVop
kmJ7zySaCd+E4KDWpsWmXGfE7g9ZRo6IEfoaAu0OJpYbxVyHSlgqYn+tN6Fe++rf
+mYG4mxFWUf9q/jFdmkjp3OG9sb7oZ3cw63vSGm3ZJWpdqZ1PCXTwLnKJkTTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUN92FNB0DTpudFtIE+LmjacFmsSUwHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzkzNTJlMzIzMTM0MmUzMzM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABf1iYw
DQYJKoZIhvcNAQELBQADggEBAHOZ43+oZbA5WfYaQuBoGcsZCEafs9u28c9LTd/9
d0PzsgPtzJ1nKgb4Jgwd0OAP2O+VrYOisvfjg1r1ulI/wl3lNX2fRuQ3Nx0CRUPI
5mBM9HktlOF7B3FuOUWhrNzDjTMYflQZcjpAfDDuhFaDEPuW6m2mtDocdachMrJq
dOKnxHNqk0yEuWuRw+LzBAItW5C6qBnJU4Vt0l0HlG/XU2vCoi3T0opM6dMAgFw5
iCXrG6JBluyUFaiXYx+AlkSuCalFmqh/dxg6sDoLvu0EnvVrMh3KpTStw6keZSss
SJjjrAZCuaQSAZ4iyoVaST5eEmOYaAlt05LQGnpZ45xBMRM=
-----END CERTIFICATE-----