Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e34302e302f32342d3234203d3e203331393234.roa
File:                     3231322e37342e34302e302f32342d3234203d3e203331393234.roa (raw, json)
Hash identifier:          EtAw5YLkrkXeuaJ22ph/qxlE5uUbHXpc3E4CPHX4Ias=
Subject key identifier:   AC:0E:DD:33:DF:4D:7C:15:6B:68:62:10:5B:E3:A4:F8:F1:6D:B4:3F
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       3D0BD552DEE5E082D575A177DE0B3E537F143DCA
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e34302e302f32342d3234203d3e203331393234.roa
Signing time:             Thu 19 Feb 2026 05:21:45 +0000
ROA not before:           Thu 19 Feb 2026 05:16:45 +0000
ROA not after:            Thu 18 Feb 2027 05:21:45 +0000
asID:                     31924
IP address blocks:        212.74.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:0b:d5:52:de:e5:e0:82:d5:75:a1:77:de:0b:3e:53:7f:14:3d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 19 05:16:45 2026 GMT
            Not After : Feb 18 05:21:45 2027 GMT
        Subject: CN=AC0EDD33DF4D7C156B6862105BE3A4F8F16DB43F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:be:73:1d:b8:88:51:a0:ac:79:c4:50:0a:db:
                    f3:81:78:3e:de:98:15:3b:e3:60:bd:57:c2:e5:89:
                    c7:f6:79:25:7d:e9:50:7d:3d:b3:df:98:a7:36:31:
                    6b:1c:e7:e2:04:0f:f2:ff:97:91:c6:0d:38:8c:02:
                    b1:2e:ac:56:fb:b7:06:3a:fe:ae:01:50:40:4e:72:
                    7e:cb:9c:f1:e9:9c:ab:ea:de:cf:7e:f1:e7:c0:20:
                    0c:85:a6:af:f9:5d:80:d6:3f:5c:c5:6e:ae:e4:ee:
                    42:5a:15:7c:e0:2a:88:40:ca:72:af:1a:5f:91:18:
                    a0:22:17:19:b4:50:ed:4c:7d:4e:0c:62:07:72:da:
                    4e:f0:44:e8:39:49:34:49:5c:ea:50:fb:a6:aa:40:
                    d7:9e:0c:23:43:8a:83:32:33:58:09:f6:80:22:ec:
                    2e:d8:12:02:46:38:87:3b:4e:c5:08:c2:e7:bc:9f:
                    6a:a6:60:b9:39:c7:2b:51:7b:61:c4:05:eb:63:de:
                    81:ee:b7:9b:4e:59:ea:e0:8f:f1:c2:f5:ae:0c:b9:
                    2b:4e:2c:5f:4a:d8:f0:b5:1f:40:04:55:34:57:24:
                    a4:bb:89:cb:a2:fd:fa:cb:bb:89:e9:c9:bf:f7:95:
                    d4:7a:76:a1:69:8e:02:fb:c3:bd:12:09:31:e5:91:
                    f9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:0E:DD:33:DF:4D:7C:15:6B:68:62:10:5B:E3:A4:F8:F1:6D:B4:3F
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e34302e302f32342d3234203d3e203331393234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d0:56:32:b6:78:b8:fe:fc:c8:a0:ff:f2:f6:be:bb:8e:94:
         d4:bf:05:af:b3:4d:6e:17:74:df:69:e2:01:d3:86:ce:af:a4:
         79:37:13:f8:15:6e:db:07:59:52:77:32:1f:fa:de:23:4f:c8:
         18:50:7f:70:b1:b8:ac:c1:5a:2f:34:90:47:ff:9d:43:1c:a2:
         6e:d7:66:f7:c9:8c:50:56:e2:11:14:42:a9:9e:cb:5b:87:f1:
         93:88:4f:a6:77:94:0e:4a:88:5f:b3:75:dd:c8:f1:2e:c5:92:
         32:c5:c1:1d:57:20:65:b9:4c:63:f3:a3:88:87:c2:a1:a0:07:
         71:67:03:c8:9a:95:32:6c:54:9b:e5:44:e0:73:7b:57:07:35:
         a7:10:6e:53:2c:a8:d7:e9:4a:50:28:be:0b:67:f9:cc:95:48:
         ba:a5:63:40:d1:df:70:7e:23:93:d6:08:cb:0f:13:3b:93:4e:
         56:3a:8e:d1:e5:04:5b:09:bf:14:05:17:bb:40:eb:c2:d1:db:
         5f:70:e1:38:54:66:ee:68:3d:49:90:c1:d0:a7:3b:44:6d:e1:
         b0:75:83:24:3a:dd:11:b9:2e:49:9b:b8:91:05:d0:88:17:81:
         d4:b2:c0:92:11:6b:f0:d2:3f:45:b6:e6:36:0f:e8:32:21:d7:
         4a:ec:b1:e0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPQvVUt7l4ILVdaF33gs+U38UPcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMTkwNTE2NDVaFw0yNzAyMTgwNTIxNDVaMDMxMTAvBgNV
BAMTKEFDMEVERDMzREY0RDdDMTU2QjY4NjIxMDVCRTNBNEY4RjE2REI0M0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrvnMduIhRoKx5xFAK2/OBeD7e
mBU742C9V8Llicf2eSV96VB9PbPfmKc2MWsc5+IED/L/l5HGDTiMArEurFb7twY6
/q4BUEBOcn7LnPHpnKvq3s9+8efAIAyFpq/5XYDWP1zFbq7k7kJaFXzgKohAynKv
Gl+RGKAiFxm0UO1MfU4MYgdy2k7wROg5STRJXOpQ+6aqQNeeDCNDioMyM1gJ9oAi
7C7YEgJGOIc7TsUIwue8n2qmYLk5xytRe2HEBetj3oHut5tOWergj/HC9a4MuStO
LF9K2PC1H0AEVTRXJKS7icui/frLu4npyb/3ldR6dqFpjgL7w70SCTHlkflDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUrA7dM99NfBVraGIQW+Ok+PFttD8wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNDMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMTM5MzIzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRK
KDANBgkqhkiG9w0BAQsFAAOCAQEAHtBWMrZ4uP78yKD/8va+u46U1L8Fr7NNbhd0
32niAdOGzq+keTcT+BVu2wdZUncyH/reI0/IGFB/cLG4rMFaLzSQR/+dQxyibtdm
98mMUFbiERRCqZ7LW4fxk4hPpneUDkqIX7N13cjxLsWSMsXBHVcgZblMY/OjiIfC
oaAHcWcDyJqVMmxUm+VE4HN7Vwc1pxBuUyyo1+lKUCi+C2f5zJVIuqVjQNHfcH4j
k9YIyw8TO5NOVjqO0eUEWwm/FAUXu0DrwtHbX3DhOFRm7mg9SZDB0Kc7RG3hsHWD
JDrdEbkuSZu4kQXQiBeB1LLAkhFr8NI/RbbmNg/oMiHXSuyx4A==
-----END CERTIFICATE-----