Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231352e302f32342d3234203d3e20393733.roa
File:                     3130392e3233342e3231352e302f32342d3234203d3e20393733.roa (raw, json)
Hash identifier:          xfnBgMCFpR8WsSmanu6oXx69cY6n9Ufmkf4lgYTGZHc=
Subject key identifier:   36:62:40:DF:B0:B0:46:AC:CB:0E:23:DF:D3:12:84:D6:E8:4E:C5:A1
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       2E0706A72E2B32762E3249281D18E367E502D5D8
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231352e302f32342d3234203d3e20393733.roa
Signing time:             Fri 30 Jan 2026 17:55:36 +0000
ROA not before:           Fri 30 Jan 2026 17:50:36 +0000
ROA not after:            Fri 29 Jan 2027 17:55:36 +0000
asID:                     973
IP address blocks:        109.234.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:07:06:a7:2e:2b:32:76:2e:32:49:28:1d:18:e3:67:e5:02:d5:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 30 17:50:36 2026 GMT
            Not After : Jan 29 17:55:36 2027 GMT
        Subject: CN=366240DFB0B046ACCB0E23DFD31284D6E84EC5A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:99:cf:1f:5b:aa:94:e4:f7:2f:ce:48:96:94:
                    3b:48:8d:c7:81:bf:40:67:d6:8f:a2:07:c6:a5:a3:
                    b7:9e:92:99:4a:5e:ea:99:91:3b:15:84:18:69:0a:
                    4d:03:f7:f1:8a:c9:db:af:51:15:1a:e7:91:d1:81:
                    7e:7f:e8:2e:51:b5:48:df:63:93:08:ea:0b:53:c0:
                    79:27:82:10:df:2c:33:08:34:c1:4e:b9:3a:c5:7a:
                    e0:fa:bf:39:47:ee:9c:ec:98:75:0b:63:6a:ee:87:
                    c3:be:a4:27:02:5f:bd:72:64:02:42:bc:74:09:55:
                    83:e4:c6:47:09:0d:4f:e5:d1:af:b0:9f:66:6a:6f:
                    15:0a:5a:9b:5e:59:6d:6b:ed:4a:54:e7:d6:cf:f1:
                    91:65:7a:b8:26:51:89:81:f4:e5:c8:9d:37:4e:52:
                    a4:c0:48:04:a4:93:f5:13:14:4b:56:c4:38:df:53:
                    b4:45:de:ac:d7:7f:cb:72:2a:db:8e:ac:15:c4:47:
                    cd:9d:24:c2:8b:e8:53:0c:aa:61:cf:a6:dc:71:8a:
                    88:d4:10:fa:70:6b:6b:a3:8a:8a:c8:45:ee:3b:8a:
                    3b:ee:a2:6c:26:5b:68:3a:8f:e2:50:61:31:26:72:
                    a8:67:0c:0b:d8:0c:5c:de:dc:67:7d:90:55:6d:05:
                    7b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:62:40:DF:B0:B0:46:AC:CB:0E:23:DF:D3:12:84:D6:E8:4E:C5:A1
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/3130392e3233342e3231352e302f32342d3234203d3e20393733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:93:10:f5:27:0a:05:9a:99:ae:a0:5b:b8:c8:98:a9:2a:fc:
         d6:14:6e:49:70:1f:f0:24:b3:a8:da:df:1e:4e:fa:31:ff:77:
         cb:d1:cc:5a:80:ac:67:de:25:ee:94:1b:69:bc:22:27:6e:e3:
         71:a8:a9:f7:99:0a:8b:8e:05:dd:f7:44:39:8f:19:0a:ed:b3:
         a8:52:95:aa:04:8e:20:9b:87:8d:1c:d9:79:c3:8c:aa:94:f9:
         29:89:ca:41:ba:d0:48:46:78:8a:78:f6:d3:47:7e:f6:1e:95:
         e4:38:ec:22:2c:8f:ec:27:65:ce:e0:2e:0e:1b:97:20:42:24:
         12:3e:f8:be:2c:cf:23:01:89:6f:e3:78:a4:f3:e5:57:b9:ee:
         71:0e:cd:a8:98:55:2d:01:fd:1a:07:3e:c6:5b:52:4c:bc:4f:
         ec:2f:63:83:b3:58:2d:9c:ca:30:f4:5e:72:27:52:cb:6c:29:
         24:1a:4f:54:52:11:f8:f5:a6:7b:45:20:d8:d9:95:9b:c5:1e:
         c6:ae:ad:d7:7b:8e:80:9b:7c:f3:d6:0a:96:05:be:fb:dd:c1:
         e7:1f:10:4a:41:32:0e:8e:7c:40:9d:82:f1:f7:c6:85:7c:37:
         eb:03:98:39:e4:a5:81:28:a0:f2:06:ac:42:14:7f:f1:b7:8a:
         67:7a:a6:b8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULgcGpy4rMnYuMkkoHRjjZ+UC1dgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNjAxMzAxNzUwMzZaFw0yNzAxMjkxNzU1MzZaMDMxMTAvBgNV
BAMTKDM2NjI0MERGQjBCMDQ2QUNDQjBFMjNERkQzMTI4NEQ2RTg0RUM1QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrmc8fW6qU5PcvzkiWlDtIjceB
v0Bn1o+iB8alo7eekplKXuqZkTsVhBhpCk0D9/GKyduvURUa55HRgX5/6C5RtUjf
Y5MI6gtTwHknghDfLDMINMFOuTrFeuD6vzlH7pzsmHULY2ruh8O+pCcCX71yZAJC
vHQJVYPkxkcJDU/l0a+wn2ZqbxUKWpteWW1r7UpU59bP8ZFlergmUYmB9OXInTdO
UqTASASkk/UTFEtWxDjfU7RF3qzXf8tyKtuOrBXER82dJMKL6FMMqmHPptxxiojU
EPpwa2ujiorIRe47ijvuomwmW2g6j+JQYTEmcqhnDAvYDFze3Gd9kFVtBXu/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNmJA37CwRqzLDiPf0xKE1uhOxaEwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzEzMDM5MmUzMjMzMzQyZTMy
MzEzNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM5MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG3q
1zANBgkqhkiG9w0BAQsFAAOCAQEAspMQ9ScKBZqZrqBbuMiYqSr81hRuSXAf8CSz
qNrfHk76Mf93y9HMWoCsZ94l7pQbabwiJ27jcaip95kKi44F3fdEOY8ZCu2zqFKV
qgSOIJuHjRzZecOMqpT5KYnKQbrQSEZ4inj200d+9h6V5DjsIiyP7CdlzuAuDhuX
IEIkEj74vizPIwGJb+N4pPPlV7nucQ7NqJhVLQH9Ggc+xltSTLxP7C9jg7NYLZzK
MPRecidSy2wpJBpPVFIR+PWme0Ug2NmVm8Uexq6t13uOgJt889YKlgW++93B5x8Q
SkEyDo58QJ2C8ffGhXw36wOYOeSlgSig8gasQhR/8beKZ3qmuA==
-----END CERTIFICATE-----