Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35322e302f32342d3234203d3e203331393234.roa
File:                     3231322e37342e35322e302f32342d3234203d3e203331393234.roa (raw, json)
Hash identifier:          bOphiRiB2O2qNg3XVlOKFPD9rEZahPq7+wHcp0DUj6Y=
Subject key identifier:   A5:AB:C2:6E:19:6C:45:1C:7C:B8:E2:2A:82:86:CC:94:AE:27:C8:9E
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       3F43EF56C1F2F31A624449BC016E79CACBB68F47
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35322e302f32342d3234203d3e203331393234.roa
Signing time:             Thu 19 Feb 2026 05:21:46 +0000
ROA not before:           Thu 19 Feb 2026 05:16:46 +0000
ROA not after:            Thu 18 Feb 2027 05:21:46 +0000
asID:                     31924
IP address blocks:        212.74.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:07:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:43:ef:56:c1:f2:f3:1a:62:44:49:bc:01:6e:79:ca:cb:b6:8f:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 19 05:16:46 2026 GMT
            Not After : Feb 18 05:21:46 2027 GMT
        Subject: CN=A5ABC26E196C451C7CB8E22A8286CC94AE27C89E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d1:6c:e5:97:3c:8d:20:74:af:7d:80:5f:e1:
                    a5:6b:f6:8f:fb:b3:6b:82:96:c8:54:fc:c9:d9:92:
                    51:aa:4b:ce:45:f7:1a:65:23:4c:79:ab:3b:3e:98:
                    50:62:da:be:22:e5:da:9a:9a:64:77:70:fc:c8:bb:
                    72:3b:c5:b6:cf:ec:d0:bd:db:cf:9a:31:61:87:f5:
                    0c:18:08:b4:8b:19:81:92:58:ca:bc:e0:a2:dd:50:
                    7b:ab:5c:61:f7:24:2c:c5:de:3d:d7:c1:92:45:f3:
                    95:1a:77:3e:8b:02:15:c3:2e:8c:00:9c:f2:7c:67:
                    b1:cf:07:28:e1:fc:00:17:b2:a0:2f:47:6a:3a:41:
                    ae:c7:5b:b2:29:f7:be:0e:7c:e7:ee:9b:b5:3f:50:
                    89:cf:d8:98:d4:31:bb:57:84:05:99:bb:13:ed:aa:
                    73:5b:ca:29:bd:a4:67:6b:02:9c:3e:04:5c:85:e1:
                    a2:e9:f9:a2:58:3c:a1:db:84:3b:0a:c1:0c:90:47:
                    5d:ff:5e:02:82:e8:14:a5:f8:e3:8b:12:4b:df:be:
                    42:d5:fc:f2:b1:3f:2b:19:b8:4e:47:b7:3d:95:f9:
                    9a:0b:15:12:a1:8a:2f:94:d2:ab:2a:a2:40:6b:28:
                    f8:a1:c9:c7:7e:e1:ac:27:87:96:96:5e:5e:5c:f3:
                    c6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:AB:C2:6E:19:6C:45:1C:7C:B8:E2:2A:82:86:CC:94:AE:27:C8:9E
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35322e302f32342d3234203d3e203331393234.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:29:8e:48:86:0d:1d:75:69:23:f9:8f:c7:f9:36:f5:46:46:
         15:3d:62:5d:eb:af:39:d8:68:01:c1:d7:ca:5d:c4:e5:38:58:
         7a:55:13:97:28:da:ad:97:20:bb:6c:92:be:8e:6a:50:31:bf:
         95:87:32:1d:ad:85:9b:5d:ca:11:b6:52:25:fe:e9:e3:66:1a:
         d5:7d:cb:9d:5f:e8:ba:45:88:2d:29:72:ad:82:55:15:cf:dd:
         03:22:80:80:88:cf:41:3e:32:77:47:bc:ef:98:61:75:c8:1a:
         ab:e4:76:ad:4e:72:a4:af:63:87:41:a4:52:ca:13:8c:d8:52:
         2b:8c:e7:fd:02:19:c6:ca:2f:7f:55:a2:cb:c2:57:06:22:53:
         b5:b5:dc:47:25:00:21:ee:2f:62:6d:ee:e3:f4:43:6c:d8:9b:
         98:af:3d:ea:d8:d9:67:fd:18:44:cc:5c:d7:20:cf:6b:12:cb:
         b9:bd:74:34:e0:57:1d:3f:05:b5:09:c7:8a:d1:ad:17:a7:38:
         65:e3:c7:8e:d0:a0:10:1f:e2:8d:77:7f:30:57:c2:99:c2:c0:
         01:6d:49:3a:ff:f8:63:fd:bd:53:5b:b8:44:ec:5f:16:bc:8b:
         dd:26:3e:d9:ce:af:ac:05:e8:57:90:27:a0:cc:d8:cf:41:d0:
         43:0c:7e:d9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP0PvVsHy8xpiREm8AW55ysu2j0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMTkwNTE2NDZaFw0yNzAyMTgwNTIxNDZaMDMxMTAvBgNV
BAMTKEE1QUJDMjZFMTk2QzQ1MUM3Q0I4RTIyQTgyODZDQzk0QUUyN0M4OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa0WzllzyNIHSvfYBf4aVr9o/7
s2uClshU/MnZklGqS85F9xplI0x5qzs+mFBi2r4i5dqammR3cPzIu3I7xbbP7NC9
28+aMWGH9QwYCLSLGYGSWMq84KLdUHurXGH3JCzF3j3XwZJF85Uadz6LAhXDLowA
nPJ8Z7HPByjh/AAXsqAvR2o6Qa7HW7Ip974OfOfum7U/UInP2JjUMbtXhAWZuxPt
qnNbyim9pGdrApw+BFyF4aLp+aJYPKHbhDsKwQyQR13/XgKC6BSl+OOLEkvfvkLV
/PKxPysZuE5Htz2V+ZoLFRKhii+U0qsqokBrKPihycd+4awnh5aWXl5c88bFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpavCbhlsRRx8uOIqgobMlK4nyJ4wHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNTMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMTM5MzIzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANRK
NDANBgkqhkiG9w0BAQsFAAOCAQEAcymOSIYNHXVpI/mPx/k29UZGFT1iXeuvOdho
AcHXyl3E5ThYelUTlyjarZcgu2ySvo5qUDG/lYcyHa2Fm13KEbZSJf7p42Ya1X3L
nV/oukWILSlyrYJVFc/dAyKAgIjPQT4yd0e875hhdcgaq+R2rU5ypK9jh0GkUsoT
jNhSK4zn/QIZxsovf1Wiy8JXBiJTtbXcRyUAIe4vYm3u4/RDbNibmK896tjZZ/0Y
RMxc1yDPaxLLub10NOBXHT8FtQnHitGtF6c4ZePHjtCgEB/ijXd/MFfCmcLAAW1J
Ov/4Y/29U1u4ROxfFryL3SY+2c6vrAXoV5AnoMzYz0HQQwx+2Q==
-----END CERTIFICATE-----