Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e20323134303235.roa
File:                     3139332e32342e312e302f32342d3234203d3e20323134303235.roa (raw, json)
Hash identifier:          jKZGDyyKq3h02DI7Wpr6sZVdYeHyFe7w8PzFXBoOgS0=
Subject key identifier:   33:9F:FA:F8:E3:F9:7C:59:99:8B:D3:DD:78:5C:C1:A5:94:0D:A0:1F
Certificate issuer:       /CN=1f84a2481d280de0a103598276db0c954193c755
Certificate serial:       10C37C2FEACC91E2EB6EEE25189E4F0FC195C26B
Authority key identifier: 1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e20323134303235.roa
Signing time:             Sat 11 Apr 2026 07:45:49 +0000
ROA not before:           Sat 11 Apr 2026 07:40:49 +0000
ROA not after:            Sat 10 Apr 2027 07:45:49 +0000
asID:                     214025
IP address blocks:        193.24.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 14:03:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:c3:7c:2f:ea:cc:91:e2:eb:6e:ee:25:18:9e:4f:0f:c1:95:c2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f84a2481d280de0a103598276db0c954193c755
        Validity
            Not Before: Apr 11 07:40:49 2026 GMT
            Not After : Apr 10 07:45:49 2027 GMT
        Subject: CN=339FFAF8E3F97C59998BD3DD785CC1A5940DA01F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:84:73:53:6f:7d:0a:d4:2a:f1:61:8a:6a:cf:
                    fc:82:b0:e6:98:61:a7:8f:c8:e0:65:c2:2a:af:37:
                    85:2b:1b:d1:fb:db:53:d9:d6:9e:44:ee:56:01:73:
                    dc:fa:6d:24:8b:aa:a7:53:24:b7:b3:7b:7e:6b:f5:
                    1a:71:d3:e2:b1:40:72:8a:3f:9c:0f:0d:e8:97:70:
                    53:3f:b9:b7:26:94:99:9a:40:8d:b3:9a:1a:e6:fe:
                    b3:67:9d:d5:93:66:8c:15:03:db:3d:6e:e8:5d:17:
                    b7:5f:12:f5:1f:50:28:00:d3:d1:61:13:64:56:47:
                    48:0c:81:59:a5:b7:4a:dc:37:75:27:e0:e3:54:e2:
                    7d:e7:81:74:fe:cc:66:ba:ae:38:1a:2d:c1:da:d4:
                    87:7b:ca:68:30:f0:a8:02:0f:18:c8:58:85:c5:c3:
                    bd:c9:33:17:ed:74:77:5d:ef:47:2a:e8:5c:dd:79:
                    9e:a2:a8:5d:5f:0b:be:57:b9:d9:20:73:d1:fb:0c:
                    d4:d3:bd:8d:8b:1d:2a:9a:6e:d4:60:54:5e:19:5b:
                    a8:40:f8:7e:e3:59:88:51:0a:1f:ce:95:35:f0:40:
                    4c:7e:68:1d:95:97:14:24:8d:46:bc:51:ab:14:5c:
                    86:6f:a8:4c:5b:5e:31:c2:28:3b:bf:39:2b:ca:47:
                    02:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9F:FA:F8:E3:F9:7C:59:99:8B:D3:DD:78:5C:C1:A5:94:0D:A0:1F
            X509v3 Authority Key Identifier:
                keyid:1F:84:A2:48:1D:28:0D:E0:A1:03:59:82:76:DB:0C:95:41:93:C7:55

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/1F84A2481D280DE0A103598276DB0C954193C755.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4SiSB0oDeChA1mCdtsMlUGTx1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/45e648c3-1481-478f-83e2-b25127fa95cd/0/3139332e32342e312e302f32342d3234203d3e20323134303235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:fe:68:91:06:3d:90:ca:21:e2:f0:27:73:f9:7e:73:d5:a6:
         b6:53:7e:81:68:e0:b2:52:74:be:eb:90:1a:16:d3:5c:e5:e7:
         4b:d2:bd:e2:31:3e:22:97:6c:c9:b6:02:9b:8c:9a:6e:5b:ed:
         e1:47:8c:7d:dc:05:b3:1a:96:8e:5a:3d:d5:06:5d:ee:00:95:
         60:30:31:78:32:25:8b:d6:dd:bb:1f:64:96:38:fa:55:f8:e2:
         c5:44:7a:12:1e:95:3f:da:fa:74:7e:3e:31:ef:58:63:cc:ea:
         42:58:03:69:47:4d:35:56:31:e8:b2:51:83:88:e9:3c:ab:5f:
         4c:60:47:78:7b:ef:f0:dd:1b:f6:f0:fd:e0:f2:1c:07:3a:06:
         46:18:94:1c:a8:97:8f:bb:87:9f:36:23:2d:28:59:e6:4c:52:
         e0:91:c3:f9:ff:af:f7:d0:d0:b7:dd:8a:45:77:3b:e3:11:02:
         95:8d:4a:3e:61:e8:7d:94:88:77:04:1d:eb:15:aa:96:f4:97:
         8b:13:6b:dc:d4:9d:fa:d8:b4:3d:b9:81:df:a6:4b:da:33:f7:
         bd:56:4e:56:bc:78:07:df:91:d3:b0:94:99:d2:97:d1:20:fb:
         7a:3e:58:24:b8:85:7b:b2:75:ba:52:dc:19:4f:74:8c:21:70:
         b3:3f:79:29
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUEMN8L+rMkeLrbu4lGJ5PD8GVwmswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMWY4NGEyNDgxZDI4MGRlMGExMDM1OTgyNzZkYjBjOTU0
MTkzYzc1NTAeFw0yNjA0MTEwNzQwNDlaFw0yNzA0MTAwNzQ1NDlaMDMxMTAvBgNV
BAMTKDMzOUZGQUY4RTNGOTdDNTk5OThCRDNERDc4NUNDMUE1OTQwREEwMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnhHNTb30K1CrxYYpqz/yCsOaY
YaePyOBlwiqvN4UrG9H721PZ1p5E7lYBc9z6bSSLqqdTJLeze35r9Rpx0+KxQHKK
P5wPDeiXcFM/ubcmlJmaQI2zmhrm/rNnndWTZowVA9s9buhdF7dfEvUfUCgA09Fh
E2RWR0gMgVmlt0rcN3Un4ONU4n3ngXT+zGa6rjgaLcHa1Id7ymgw8KgCDxjIWIXF
w73JMxftdHdd70cq6FzdeZ6iqF1fC75Xudkgc9H7DNTTvY2LHSqabtRgVF4ZW6hA
+H7jWYhRCh/OlTXwQEx+aB2VlxQkjUa8UasUXIZvqExbXjHCKDu/OSvKRwLpAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUM5/6+OP5fFmZi9PdeFzBpZQNoB8wHwYDVR0j
BBgwFoAUH4SiSB0oDeChA1mCdtsMlUGTx1UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMtMTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5
NWNkLzAvMUY4NEEyNDgxRDI4MERFMEExMDM1OTgyNzZEQjBDOTU0MTkzQzc1NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0g0U2lTQjBvRGVDaEExbUNkdHNNbFVH
VHgxVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDVlNjQ4YzMt
MTQ4MS00NzhmLTgzZTItYjI1MTI3ZmE5NWNkLzAvMzEzOTMzMmUzMjM0MmUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNDMwMzIzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEY
ATANBgkqhkiG9w0BAQsFAAOCAQEAWf5okQY9kMoh4vAnc/l+c9WmtlN+gWjgslJ0
vuuQGhbTXOXnS9K94jE+IpdsybYCm4yablvt4UeMfdwFsxqWjlo91QZd7gCVYDAx
eDIli9bdux9kljj6VfjixUR6Eh6VP9r6dH4+Me9YY8zqQlgDaUdNNVYx6LJRg4jp
PKtfTGBHeHvv8N0b9vD94PIcBzoGRhiUHKiXj7uHnzYjLShZ5kxS4JHD+f+v99DQ
t92KRXc74xEClY1KPmHofZSIdwQd6xWqlvSXixNr3NSd+ti0PbmB36ZL2jP3vVZO
Vrx4B9+R07CUmdKX0SD7ej5YJLiFe7J1ulLcGU90jCFwsz95KQ==
-----END CERTIFICATE-----