Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/36352e38372e3232322e302f32342d3234203d3e203430363633.roa
File:                     36352e38372e3232322e302f32342d3234203d3e203430363633.roa (raw, json)
Hash identifier:          mLclMCNMLbDiO2eCmAMru9Zn22BaYCw/mHBIgX3VJGc=
Subject key identifier:   A4:0F:B7:B2:38:2D:06:5A:7F:A0:57:D0:33:03:3F:71:43:02:B3:3E
Certificate issuer:       /CN=3134ee987e08d8b5583feef621a03150c4f35434
Certificate serial:       3F9796E07B4244F83E4A7B2D78776E5A024C6FE3
Authority key identifier: 31:34:EE:98:7E:08:D8:B5:58:3F:EE:F6:21:A0:31:50:C4:F3:54:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/36352e38372e3232322e302f32342d3234203d3e203430363633.roa
Signing time:             Sun 15 Feb 2026 13:19:33 +0000
ROA not before:           Sun 15 Feb 2026 13:14:33 +0000
ROA not after:            Sun 14 Feb 2027 13:19:33 +0000
asID:                     40663
IP address blocks:        65.87.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:97:96:e0:7b:42:44:f8:3e:4a:7b:2d:78:77:6e:5a:02:4c:6f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3134ee987e08d8b5583feef621a03150c4f35434
        Validity
            Not Before: Feb 15 13:14:33 2026 GMT
            Not After : Feb 14 13:19:33 2027 GMT
        Subject: CN=A40FB7B2382D065A7FA057D033033F714302B33E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d6:a2:7e:97:a0:56:5a:1a:3c:ab:38:f5:0e:
                    d5:3e:4a:b9:ef:e1:2f:51:59:f1:2d:d3:82:f0:e1:
                    59:51:ea:b0:89:57:3a:1f:7c:21:4b:b0:3d:d1:3e:
                    0c:f7:cf:e1:ed:f4:7d:78:a6:8b:16:94:c2:92:08:
                    e4:84:c3:53:f9:b9:b3:83:4c:ba:b2:2d:64:22:30:
                    b2:f0:74:0d:b5:1e:db:db:1c:e9:f9:d4:dc:2f:db:
                    bb:89:60:05:69:d1:7e:2a:91:35:f5:42:b8:d1:dd:
                    7e:a6:af:e9:f4:8d:bf:86:7e:8e:69:de:92:af:ef:
                    fb:e0:f8:50:b3:ce:4f:ae:da:7e:16:ea:85:74:d6:
                    ca:5b:ec:7f:98:18:1f:fc:c9:b8:c7:35:f9:da:b8:
                    30:16:8b:d6:f7:09:2a:d2:1b:42:9d:13:fa:64:bb:
                    9c:92:71:03:26:af:23:74:20:35:77:a4:cc:16:05:
                    3c:3e:03:90:57:74:29:29:f8:bf:a4:30:31:de:46:
                    61:2c:3e:ae:f6:7b:e2:6e:0c:17:53:3d:92:51:ed:
                    bc:c1:dc:62:64:a2:e1:b8:c2:31:7a:5b:3b:ab:18:
                    3c:66:4e:df:25:34:b4:ac:fe:3d:0e:59:15:95:c0:
                    53:7a:6e:e7:c2:f5:4a:37:12:d4:7a:d5:e3:f6:37:
                    fc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:0F:B7:B2:38:2D:06:5A:7F:A0:57:D0:33:03:3F:71:43:02:B3:3E
            X509v3 Authority Key Identifier:
                keyid:31:34:EE:98:7E:08:D8:B5:58:3F:EE:F6:21:A0:31:50:C4:F3:54:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/36352e38372e3232322e302f32342d3234203d3e203430363633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.87.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:45:e9:2a:36:d2:cf:cd:97:f8:f1:63:2c:be:ec:83:99:e6:
         14:6a:64:4b:d0:98:fb:fa:fb:5f:7d:9d:86:fe:1e:14:49:f2:
         96:5c:a6:f3:00:eb:49:b4:81:8f:21:24:8d:8e:55:e7:38:8f:
         7c:29:71:7c:41:11:b2:48:49:fc:2e:4b:1a:da:3f:66:69:49:
         49:8a:b9:b9:2a:fe:e5:c3:ad:9d:1a:f8:5a:79:dd:01:5a:87:
         22:78:a0:7a:3d:6c:18:d0:a8:ed:3d:ae:48:3c:82:b7:5d:49:
         66:85:db:4a:ea:95:7c:ba:3d:98:b3:c4:41:f9:6f:4c:60:6e:
         bf:cf:54:7c:dd:39:e2:68:72:78:96:be:4c:1b:2d:b3:66:50:
         2d:bc:96:38:92:6d:50:09:43:9e:79:93:07:a0:ea:3f:34:a0:
         d4:a0:64:ff:6e:4f:79:c2:19:ea:66:07:64:fb:43:c1:f5:f5:
         34:84:5d:fe:d3:ef:34:0e:16:69:46:90:bb:e1:1d:b2:aa:87:
         a2:83:b0:0d:1c:b5:bc:d1:c4:59:41:28:51:c9:f9:c4:91:b4:
         2c:8b:21:15:6a:52:aa:7f:a3:5e:af:12:34:65:e6:ed:93:87:
         70:e9:97:46:6f:97:e5:fd:4e:12:f5:15:22:3a:2f:60:34:d0:
         c1:95:6d:99
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUP5eW4HtCRPg+SnsteHduWgJMb+MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzEzNGVlOTg3ZTA4ZDhiNTU4M2ZlZWY2MjFhMDMxNTBj
NGYzNTQzNDAeFw0yNjAyMTUxMzE0MzNaFw0yNzAyMTQxMzE5MzNaMDMxMTAvBgNV
BAMTKEE0MEZCN0IyMzgyRDA2NUE3RkEwNTdEMDMzMDMzRjcxNDMwMkIzM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+1qJ+l6BWWho8qzj1DtU+Srnv
4S9RWfEt04Lw4VlR6rCJVzoffCFLsD3RPgz3z+Ht9H14posWlMKSCOSEw1P5ubOD
TLqyLWQiMLLwdA21HtvbHOn51Nwv27uJYAVp0X4qkTX1QrjR3X6mr+n0jb+Gfo5p
3pKv7/vg+FCzzk+u2n4W6oV01spb7H+YGB/8ybjHNfnauDAWi9b3CSrSG0KdE/pk
u5yScQMmryN0IDV3pMwWBTw+A5BXdCkp+L+kMDHeRmEsPq72e+JuDBdTPZJR7bzB
3GJkouG4wjF6WzurGDxmTt8lNLSs/j0OWRWVwFN6bufC9Uo3EtR61eP2N/xbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUpA+3sjgtBlp/oFfQMwM/cUMCsz4wHwYDVR0j
BBgwFoAUMTTumH4I2LVYP+72IaAxUMTzVDQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWEzYmI5M2YtOThhNC00YzdlLWEwZTEtODA1N2E0ZjA4
NmM5LzAvMzEzNEVFOTg3RTA4RDhCNTU4M0ZFRUY2MjFBMDMxNTBDNEYzNTQzNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL01UVHVtSDRJMkxWWVAtNzJJYUF4VU1U
elZEUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWEzYmI5M2Yt
OThhNC00YzdlLWEwZTEtODA1N2E0ZjA4NmM5LzAvMzYzNTJlMzgzNzJlMzIzMjMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMDM2MzYzMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAEFX
3jANBgkqhkiG9w0BAQsFAAOCAQEAPEXpKjbSz82X+PFjLL7sg5nmFGpkS9CY+/r7
X32dhv4eFEnyllym8wDrSbSBjyEkjY5V5ziPfClxfEERskhJ/C5LGto/ZmlJSYq5
uSr+5cOtnRr4WnndAVqHInigej1sGNCo7T2uSDyCt11JZoXbSuqVfLo9mLPEQflv
TGBuv89UfN054mhyeJa+TBsts2ZQLbyWOJJtUAlDnnmTB6DqPzSg1KBk/25PecIZ
6mYHZPtDwfX1NIRd/tPvNA4WaUaQu+EdsqqHooOwDRy1vNHEWUEoUcn5xJG0LIsh
FWpSqn+jXq8SNGXm7ZOHcOmXRm+X5f1OEvUVIjovYDTQwZVtmQ==
-----END CERTIFICATE-----