Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/3139352e37342e34302e302f32322d3234203d3e203331313834.roa
File:                     3139352e37342e34302e302f32322d3234203d3e203331313834.roa (raw, json)
Hash identifier:          kBwEK18YCfMx0ouzbMGql3wfMadnMbnDgpYbNfw03+g=
Subject key identifier:   2D:82:11:2C:2C:8A:56:B9:ED:9D:7C:B1:EC:83:ED:DC:6E:4C:8E:33
Certificate issuer:       /CN=72f3ee169f9bd71f78a42d1a72fe0f2a824822d1
Certificate serial:       33C8CCB64926F3157927F219E9F206E4D222A64B
Authority key identifier: 72:F3:EE:16:9F:9B:D7:1F:78:A4:2D:1A:72:FE:0F:2A:82:48:22:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/3139352e37342e34302e302f32322d3234203d3e203331313834.roa
Signing time:             Wed 01 Apr 2026 10:20:20 +0000
ROA not before:           Wed 01 Apr 2026 10:15:20 +0000
ROA not after:            Wed 31 Mar 2027 10:20:20 +0000
asID:                     31184
IP address blocks:        195.74.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 20:48:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:c8:cc:b6:49:26:f3:15:79:27:f2:19:e9:f2:06:e4:d2:22:a6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72f3ee169f9bd71f78a42d1a72fe0f2a824822d1
        Validity
            Not Before: Apr  1 10:15:20 2026 GMT
            Not After : Mar 31 10:20:20 2027 GMT
        Subject: CN=2D82112C2C8A56B9ED9D7CB1EC83EDDC6E4C8E33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:80:99:03:7e:df:91:4e:45:25:b3:34:b2:8e:
                    86:3c:67:10:6b:bc:6c:89:1c:fb:b4:13:c6:77:05:
                    27:75:57:73:a8:90:2c:fb:62:ff:ff:79:e0:b9:fb:
                    c3:17:e3:a7:52:cd:e0:a7:fe:a3:52:dc:3a:50:1a:
                    04:0a:21:a9:13:fa:22:a2:bc:75:20:66:66:10:f6:
                    3c:b0:62:b9:9a:ff:d6:dd:6b:df:5e:5b:9d:c1:fc:
                    f9:24:4e:54:f9:db:3d:2f:84:6b:7e:0d:67:96:4c:
                    0d:7f:fc:7c:b9:e0:22:a9:ac:ec:9a:97:e5:72:9d:
                    9d:9b:40:86:d6:5f:93:c0:77:32:6a:b0:3f:8a:46:
                    33:7c:d3:89:a3:ca:69:6d:c2:8d:46:a9:7a:43:23:
                    3c:8d:58:87:0a:87:6d:02:0c:aa:13:94:27:2a:55:
                    56:59:74:ea:77:7a:24:cf:45:1d:72:9a:d6:d7:a4:
                    db:6d:59:86:f2:76:cb:33:85:1e:f1:0f:93:4b:ab:
                    5e:3a:e6:46:e1:24:ce:87:82:13:53:a0:64:3b:d2:
                    42:4d:ea:c2:50:6c:c0:76:2e:44:a9:a9:ed:48:f8:
                    55:a7:fd:f5:40:91:ad:dd:dc:2e:2c:0d:eb:db:13:
                    d4:b4:92:c8:5a:08:c3:0a:ec:59:a9:a7:d5:19:27:
                    05:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:82:11:2C:2C:8A:56:B9:ED:9D:7C:B1:EC:83:ED:DC:6E:4C:8E:33
            X509v3 Authority Key Identifier:
                keyid:72:F3:EE:16:9F:9B:D7:1F:78:A4:2D:1A:72:FE:0F:2A:82:48:22:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/3139352e37342e34302e302f32322d3234203d3e203331313834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.74.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:a7:7a:4c:4f:79:b8:4d:18:31:98:c3:6b:ac:ae:69:70:a3:
         96:83:14:33:6a:70:18:0b:fe:4e:98:53:97:2b:0f:88:27:db:
         ca:23:74:00:d6:c5:7b:09:fa:f2:65:60:94:de:7f:b3:2f:fc:
         e0:17:40:92:50:b4:f5:cb:a4:c6:5a:42:88:3c:48:c0:12:68:
         4d:b0:ed:73:e7:2e:d6:d6:ef:d1:29:c7:f2:6b:a2:da:7f:a0:
         eb:b0:06:e9:91:59:66:eb:5d:22:f3:07:47:ab:9c:e6:d3:78:
         d8:03:50:13:0e:09:70:87:b1:79:66:55:6e:83:74:e5:4d:d0:
         7a:9b:d7:0e:5c:9a:c4:f9:bd:f9:6c:07:c8:12:b4:19:a3:30:
         79:84:f8:9c:65:2c:6c:8e:6d:d1:fa:00:1e:7d:42:c7:0d:2d:
         aa:74:bb:b3:79:06:f6:ae:16:02:31:75:3c:d7:5d:1f:4b:a3:
         5d:d9:f3:2d:dd:d9:c2:1a:00:e3:1f:45:58:a9:75:b8:de:50:
         c2:33:4d:5a:a0:75:46:53:2d:2f:9d:e3:b5:c3:52:47:ce:60:
         20:82:75:5e:d8:63:8e:6b:05:a4:33:57:fb:2d:ba:92:14:b6:
         f7:90:33:b2:73:14:81:c4:cb:cd:c1:e9:79:80:7c:97:4d:95:
         d2:9a:9e:c9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUM8jMtkkm8xV5J/IZ6fIG5NIipkswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzJmM2VlMTY5ZjliZDcxZjc4YTQyZDFhNzJmZTBmMmE4
MjQ4MjJkMTAeFw0yNjA0MDExMDE1MjBaFw0yNzAzMzExMDIwMjBaMDMxMTAvBgNV
BAMTKDJEODIxMTJDMkM4QTU2QjlFRDlEN0NCMUVDODNFRERDNkU0QzhFMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwgJkDft+RTkUlszSyjoY8ZxBr
vGyJHPu0E8Z3BSd1V3OokCz7Yv//eeC5+8MX46dSzeCn/qNS3DpQGgQKIakT+iKi
vHUgZmYQ9jywYrma/9bda99eW53B/PkkTlT52z0vhGt+DWeWTA1//Hy54CKprOya
l+VynZ2bQIbWX5PAdzJqsD+KRjN804mjymltwo1GqXpDIzyNWIcKh20CDKoTlCcq
VVZZdOp3eiTPRR1ymtbXpNttWYbydsszhR7xD5NLq1465kbhJM6HghNToGQ70kJN
6sJQbMB2LkSpqe1I+FWn/fVAka3d3C4sDevbE9S0kshaCMMK7Fmpp9UZJwXLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULYIRLCyKVrntnXyx7IPt3G5MjjMwHwYDVR0j
BBgwFoAUcvPuFp+b1x94pC0acv4PKoJIItEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjgyYjVlMDAtMmFjMy00OWYxLWEyOWItMjZhNWZkZjBm
YTQxLzAvNzJGM0VFMTY5RjlCRDcxRjc4QTQyRDFBNzJGRTBGMkE4MjQ4MjJEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2N2UHVGcC1iMXg5NHBDMGFjdjRQS29K
SUl0RS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjgyYjVlMDAt
MmFjMy00OWYxLWEyOWItMjZhNWZkZjBmYTQxLzAvMzEzOTM1MmUzNzM0MmUzNDMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzMzMTMxMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsNK
KDANBgkqhkiG9w0BAQsFAAOCAQEAD6d6TE95uE0YMZjDa6yuaXCjloMUM2pwGAv+
TphTlysPiCfbyiN0ANbFewn68mVglN5/sy/84BdAklC09cukxlpCiDxIwBJoTbDt
c+cu1tbv0SnH8mui2n+g67AG6ZFZZutdIvMHR6uc5tN42ANQEw4JcIexeWZVboN0
5U3QepvXDlyaxPm9+WwHyBK0GaMweYT4nGUsbI5t0foAHn1Cxw0tqnS7s3kG9q4W
AjF1PNddH0ujXdnzLd3ZwhoA4x9FWKl1uN5QwjNNWqB1RlMtL53jtcNSR85gIIJ1
XthjjmsFpDNX+y26khS295AzsnMUgcTLzcHpeYB8l02V0pqeyQ==
-----END CERTIFICATE-----