Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35332e302f32342d3234203d3e20383334.roa
File:                     3231322e37342e35332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          D7o163qX4111bf2AtmA5NIqtu3mQZX/Eiy8tjip1M0c=
Subject key identifier:   DD:F5:90:87:6B:05:98:98:12:F3:F3:D4:91:50:B8:36:3B:31:78:C5
Certificate issuer:       /CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
Certificate serial:       07C8DB77D3361608B876B0ED49A7E273BC288EE2
Authority key identifier: 4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 19 Feb 2026 05:22:28 +0000
ROA not before:           Thu 19 Feb 2026 05:17:28 +0000
ROA not after:            Thu 18 Feb 2027 05:22:28 +0000
asID:                     834
IP address blocks:        212.74.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:c8:db:77:d3:36:16:08:b8:76:b0:ed:49:a7:e2:73:bc:28:8e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b3aca3a7c652a9faf8e4e119bd2f7bf54afde76
        Validity
            Not Before: Feb 19 05:17:28 2026 GMT
            Not After : Feb 18 05:22:28 2027 GMT
        Subject: CN=DDF590876B05989812F3F3D49150B8363B3178C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:cc:2b:63:2c:11:fa:86:e3:19:5d:7d:70:83:
                    38:bb:9c:95:38:15:fc:57:91:46:0f:24:3e:06:ae:
                    76:68:fe:41:11:e1:e9:bf:f8:da:5e:ac:52:81:52:
                    8b:e1:71:f6:66:fd:d1:82:06:cc:8d:84:bc:ec:01:
                    8f:4d:82:76:86:fc:1a:f8:1a:cf:d8:63:1e:c9:a4:
                    d9:82:b4:b9:8d:87:8f:7c:ce:68:3e:a0:e6:df:a1:
                    35:1a:81:ad:f9:fd:40:25:57:85:a7:f0:45:60:60:
                    6e:d1:6a:b0:7d:1b:f5:fa:7e:9c:e8:ea:96:c9:28:
                    19:cf:82:fa:2c:49:83:1a:09:d9:0b:c9:cf:4a:7d:
                    c1:14:f6:96:8c:87:83:37:3a:f3:3e:9b:d8:85:97:
                    e1:6d:7e:11:d7:aa:58:69:a4:38:2b:f5:b7:7e:35:
                    75:f8:a7:5e:a4:4e:65:10:e1:89:a3:b8:58:9d:42:
                    3f:72:fa:87:c3:e6:96:65:36:ad:7b:bb:7a:8f:72:
                    c7:bf:53:95:55:57:04:c3:ef:a7:37:1e:e4:00:bb:
                    b2:fc:5e:7b:6d:56:71:54:70:a7:0d:a6:a0:91:74:
                    7f:24:21:b2:02:f8:9f:44:c4:21:58:b3:50:6d:58:
                    00:c6:d4:e2:45:44:53:7a:44:c8:46:11:aa:da:81:
                    b4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F5:90:87:6B:05:98:98:12:F3:F3:D4:91:50:B8:36:3B:31:78:C5
            X509v3 Authority Key Identifier:
                keyid:4B:3A:CA:3A:7C:65:2A:9F:AF:8E:4E:11:9B:D2:F7:BF:54:AF:DE:76

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/4B3ACA3A7C652A9FAF8E4E119BD2F7BF54AFDE76.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SzrKOnxlKp-vjk4Rm9L3v1Sv3nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0d854c77-fd8b-425a-bd55-82e1d7faa782/0/3231322e37342e35332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.74.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:20:fb:cc:5e:67:f2:ca:cd:1e:c6:0a:e4:4d:6c:8c:a2:cd:
         1c:b9:a0:65:50:1b:cd:47:d3:cc:82:54:ae:f8:2f:6a:f8:cd:
         e7:5c:26:7e:db:5a:23:38:d2:fc:25:96:6d:c8:3a:db:1b:0a:
         cb:39:87:ed:8a:7e:be:30:a6:08:29:e1:68:d6:5c:03:1f:56:
         2e:7b:15:98:87:ed:91:b2:71:9d:6e:fe:f2:05:e9:04:3c:ce:
         ac:29:e9:11:ab:db:58:6e:e5:b2:0c:8b:95:a3:6c:9c:5c:35:
         f7:19:ff:99:c8:ee:a1:e6:cb:78:5b:9a:0b:d2:bf:e1:7c:45:
         73:1f:66:67:f5:6f:3d:12:65:47:72:97:8a:db:1f:b7:6f:ae:
         a3:f3:71:75:d6:5e:48:8f:27:c6:8f:e6:2f:af:37:e1:9e:4e:
         8e:8c:53:13:0f:cb:76:e8:e4:0f:5b:c9:e7:de:6a:7c:a9:58:
         d6:3c:af:d9:ff:a1:7e:98:a7:3a:8b:46:79:9a:36:a5:fb:31:
         f3:b6:42:7d:40:f6:89:7e:53:f2:4f:44:d1:df:38:5f:e8:10:
         36:db:6a:2b:4b:01:32:cc:28:ef:59:97:7b:ec:76:f4:34:ca:
         02:eb:fa:13:a2:0a:9e:17:85:f9:45:c8:a2:f3:c5:97:27:fa:
         0b:3e:cb:3c
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUB8jbd9M2Fgi4drDtSafic7wojuIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGIzYWNhM2E3YzY1MmE5ZmFmOGU0ZTExOWJkMmY3YmY1
NGFmZGU3NjAeFw0yNjAyMTkwNTE3MjhaFw0yNzAyMTgwNTIyMjhaMDMxMTAvBgNV
BAMTKERERjU5MDg3NkIwNTk4OTgxMkYzRjNENDkxNTBCODM2M0IzMTc4QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCzCtjLBH6huMZXX1wgzi7nJU4
FfxXkUYPJD4GrnZo/kER4em/+NperFKBUovhcfZm/dGCBsyNhLzsAY9NgnaG/Br4
Gs/YYx7JpNmCtLmNh498zmg+oObfoTUaga35/UAlV4Wn8EVgYG7RarB9G/X6fpzo
6pbJKBnPgvosSYMaCdkLyc9KfcEU9paMh4M3OvM+m9iFl+FtfhHXqlhppDgr9bd+
NXX4p16kTmUQ4YmjuFidQj9y+ofD5pZlNq17u3qPcse/U5VVVwTD76c3HuQAu7L8
XnttVnFUcKcNpqCRdH8kIbIC+J9ExCFYs1BtWADG1OJFRFN6RMhGEaragbRJAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU3fWQh2sFmJgS8/PUkVC4NjsxeMUwHwYDVR0j
BBgwFoAUSzrKOnxlKp+vjk4Rm9L3v1Sv3nYwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzctZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFh
NzgyLzAvNEIzQUNBM0E3QzY1MkE5RkFGOEU0RTExOUJEMkY3QkY1NEFGREU3Ni5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1N6cktPbnhsS3AtdmprNFJtOUwzdjFT
djNuWS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGQ4NTRjNzct
ZmQ4Yi00MjVhLWJkNTUtODJlMWQ3ZmFhNzgyLzAvMzIzMTMyMmUzNzM0MmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Eo1MA0G
CSqGSIb3DQEBCwUAA4IBAQAxIPvMXmfyys0exgrkTWyMos0cuaBlUBvNR9PMglSu
+C9q+M3nXCZ+21ojONL8JZZtyDrbGwrLOYftin6+MKYIKeFo1lwDH1YuexWYh+2R
snGdbv7yBekEPM6sKekRq9tYbuWyDIuVo2ycXDX3Gf+ZyO6h5st4W5oL0r/hfEVz
H2Zn9W89EmVHcpeK2x+3b66j83F11l5IjyfGj+Yvrzfhnk6OjFMTD8t26OQPW8nn
3mp8qVjWPK/Z/6F+mKc6i0Z5mjal+zHztkJ9QPaJflPyT0TR3zhf6BA222orSwEy
zCjvWZd77Hb0NMoC6/oTogqeF4X5Rcii88WXJ/oLPss8
-----END CERTIFICATE-----