Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/326131333a363134303a3a2f32392d3332203d3e203331313834.roa
File:                     326131333a363134303a3a2f32392d3332203d3e203331313834.roa (raw, json)
Hash identifier:          aQqyppfq1G0dtgfce5qUTiEgqU4ipo9uY/suA4axV58=
Subject key identifier:   02:ED:A7:FC:AA:F9:D2:E3:FA:29:B4:E8:8E:A2:F9:59:2C:3D:CA:5E
Certificate issuer:       /CN=72f3ee169f9bd71f78a42d1a72fe0f2a824822d1
Certificate serial:       1CA502D7B344F9FBD9CDBE9681C889475CB1B684
Authority key identifier: 72:F3:EE:16:9F:9B:D7:1F:78:A4:2D:1A:72:FE:0F:2A:82:48:22:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/326131333a363134303a3a2f32392d3332203d3e203331313834.roa
Signing time:             Wed 01 Apr 2026 10:20:20 +0000
ROA not before:           Wed 01 Apr 2026 10:15:20 +0000
ROA not after:            Wed 31 Mar 2027 10:20:20 +0000
asID:                     31184
IP address blocks:        2a13:6140::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 20:48:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:a5:02:d7:b3:44:f9:fb:d9:cd:be:96:81:c8:89:47:5c:b1:b6:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72f3ee169f9bd71f78a42d1a72fe0f2a824822d1
        Validity
            Not Before: Apr  1 10:15:20 2026 GMT
            Not After : Mar 31 10:20:20 2027 GMT
        Subject: CN=02EDA7FCAAF9D2E3FA29B4E88EA2F9592C3DCA5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e3:73:89:15:8b:1a:dd:db:13:bd:91:d6:58:
                    82:fa:d6:11:b2:03:4e:06:d4:9e:d1:1a:f6:79:8f:
                    62:92:de:a3:3d:19:cf:80:27:37:47:4b:da:10:88:
                    54:ea:1e:29:0c:8b:16:95:62:99:fd:f4:ed:a6:32:
                    3b:7b:3b:0a:83:5a:51:fe:f8:f5:8c:49:07:49:63:
                    85:a2:d9:4c:ce:c0:2d:d5:d2:70:ec:22:23:2a:3c:
                    b8:3c:a9:2e:67:17:d2:bf:95:65:ec:6f:df:67:5b:
                    56:4f:93:77:17:b8:d8:9d:6c:15:42:52:9a:27:f8:
                    56:e4:dd:09:31:3d:72:60:83:b0:26:5a:a7:66:8a:
                    1d:01:d1:38:ed:1e:8b:bd:8f:46:45:d8:b2:7e:1b:
                    91:37:02:7c:0e:70:42:e3:84:06:97:7b:66:9a:56:
                    c0:97:44:63:fe:ce:46:af:12:10:28:3f:91:86:40:
                    de:9e:6a:00:91:3b:c9:1e:2b:43:01:9e:9a:69:b5:
                    c3:69:a0:a1:f2:a6:63:4c:21:b1:49:9c:48:e4:61:
                    46:0c:f8:f6:f5:9e:ed:8d:34:61:6d:08:07:0d:96:
                    7f:0f:85:f6:99:9f:c0:88:56:2b:76:86:44:59:f9:
                    3d:42:8e:f9:2a:f1:a2:7d:28:82:3a:ab:f2:d3:e0:
                    d8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:ED:A7:FC:AA:F9:D2:E3:FA:29:B4:E8:8E:A2:F9:59:2C:3D:CA:5E
            X509v3 Authority Key Identifier:
                keyid:72:F3:EE:16:9F:9B:D7:1F:78:A4:2D:1A:72:FE:0F:2A:82:48:22:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/326131333a363134303a3a2f32392d3332203d3e203331313834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6140::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:64:c7:b3:34:5f:fb:71:63:24:a1:a3:ad:7a:b3:90:43:5e:
         77:f3:1e:0f:6c:47:13:33:56:b3:26:0e:4f:a5:4a:01:c9:2f:
         33:2c:f3:e3:bc:34:69:94:50:3c:7b:b3:03:c9:28:9b:98:77:
         b0:f0:4e:a8:8e:32:ca:08:6a:fe:21:15:7d:1b:2b:06:c9:82:
         3b:23:7f:6d:5e:8e:5a:9d:ce:74:c2:f5:a0:55:08:bb:09:57:
         f1:5e:50:b7:dd:b4:dc:f4:27:94:d8:74:64:72:61:ce:5b:b3:
         fb:97:fa:74:ee:89:13:7f:3d:49:f6:e0:ee:19:8c:63:e1:92:
         04:8b:d9:0f:4c:d1:f2:2c:4b:8c:2e:e2:1f:44:42:93:1e:66:
         87:a8:a2:fa:40:6e:e3:08:f2:2b:14:a2:7b:86:ad:6e:fb:08:
         30:04:00:0c:d5:4e:fb:b7:81:6e:33:2a:66:a3:09:87:1e:2e:
         64:21:3d:5d:74:a0:f1:54:81:5c:ee:d2:1d:a8:ac:19:80:9d:
         d5:d8:91:3c:ac:d1:86:4a:be:ef:ce:e5:e5:9b:27:5c:ad:df:
         e9:51:f6:28:b1:c3:a6:26:ac:14:69:46:db:11:57:cd:b2:f0:
         56:e0:e5:22:19:8a:fa:e6:9a:e4:89:a0:38:f5:64:f9:2f:9e:
         07:ee:1d:03
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUHKUC17NE+fvZzb6WgciJR1yxtoQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzJmM2VlMTY5ZjliZDcxZjc4YTQyZDFhNzJmZTBmMmE4
MjQ4MjJkMTAeFw0yNjA0MDExMDE1MjBaFw0yNzAzMzExMDIwMjBaMDMxMTAvBgNV
BAMTKDAyRURBN0ZDQUFGOUQyRTNGQTI5QjRFODhFQTJGOTU5MkMzRENBNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw43OJFYsa3dsTvZHWWIL61hGy
A04G1J7RGvZ5j2KS3qM9Gc+AJzdHS9oQiFTqHikMixaVYpn99O2mMjt7OwqDWlH+
+PWMSQdJY4Wi2UzOwC3V0nDsIiMqPLg8qS5nF9K/lWXsb99nW1ZPk3cXuNidbBVC
Upon+Fbk3QkxPXJgg7AmWqdmih0B0TjtHou9j0ZF2LJ+G5E3AnwOcELjhAaXe2aa
VsCXRGP+zkavEhAoP5GGQN6eagCRO8keK0MBnppptcNpoKHypmNMIbFJnEjkYUYM
+Pb1nu2NNGFtCAcNln8PhfaZn8CIVit2hkRZ+T1Cjvkq8aJ9KII6q/LT4NjxAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUAu2n/Kr50uP6KbTojqL5WSw9yl4wHwYDVR0j
BBgwFoAUcvPuFp+b1x94pC0acv4PKoJIItEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjgyYjVlMDAtMmFjMy00OWYxLWEyOWItMjZhNWZkZjBm
YTQxLzAvNzJGM0VFMTY5RjlCRDcxRjc4QTQyRDFBNzJGRTBGMkE4MjQ4MjJEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2N2UHVGcC1iMXg5NHBDMGFjdjRQS29K
SUl0RS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjgyYjVlMDAt
MmFjMy00OWYxLWEyOWItMjZhNWZkZjBmYTQxLzAvMzI2MTMxMzMzYTM2MzEzNDMw
M2EzYTJmMzIzOTJkMzMzMjIwM2QzZTIwMzMzMTMxMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoT
YUAwDQYJKoZIhvcNAQELBQADggEBAB5kx7M0X/txYySho616s5BDXnfzHg9sRxMz
VrMmDk+lSgHJLzMs8+O8NGmUUDx7swPJKJuYd7DwTqiOMsoIav4hFX0bKwbJgjsj
f21ejlqdznTC9aBVCLsJV/FeULfdtNz0J5TYdGRyYc5bs/uX+nTuiRN/PUn24O4Z
jGPhkgSL2Q9M0fIsS4wu4h9EQpMeZoeoovpAbuMI8isUonuGrW77CDAEAAzVTvu3
gW4zKmajCYceLmQhPV10oPFUgVzu0h2orBmAndXYkTys0YZKvu/O5eWbJ1yt3+lR
9iixw6YmrBRpRtsRV82y8Fbg5SIZivrmmuSJoDj1ZPkvngfuHQM=
-----END CERTIFICATE-----