Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/3137382e32332e3138382e302f32342d3234203d3e2033333230.roa
File:                     3137382e32332e3138382e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          buKU7JdPUK/SlkC4NNnK7hP12R2pJJz2VMgJgPeJ+UM=
Subject key identifier:   2C:66:10:2D:45:FA:24:C5:C0:E9:7E:42:7B:6F:01:CC:1D:5E:33:3F
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       685600917BB724A3E3C19FF94B08E4649B116029
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/3137382e32332e3138382e302f32342d3234203d3e2033333230.roa
Signing time:             Mon 09 Feb 2026 18:55:37 +0000
ROA not before:           Mon 09 Feb 2026 18:50:37 +0000
ROA not after:            Mon 08 Feb 2027 18:55:37 +0000
asID:                     3320
IP address blocks:        178.23.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:47:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:56:00:91:7b:b7:24:a3:e3:c1:9f:f9:4b:08:e4:64:9b:11:60:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Feb  9 18:50:37 2026 GMT
            Not After : Feb  8 18:55:37 2027 GMT
        Subject: CN=2C66102D45FA24C5C0E97E427B6F01CC1D5E333F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:a9:26:0a:8c:bb:ba:06:e3:a2:73:22:e7:
                    04:58:e8:4e:c2:bf:25:8a:2b:21:4d:29:97:93:f4:
                    84:ea:63:d2:eb:72:17:ea:f0:f8:85:a8:50:a3:00:
                    f8:83:01:95:98:2e:57:af:eb:67:13:e9:5d:cf:ee:
                    08:ee:33:98:a8:41:51:79:cf:bd:e3:d5:36:33:c8:
                    74:f2:1b:4f:8d:de:30:4f:9a:df:dd:ec:96:67:cc:
                    f3:57:37:b3:c3:18:b7:66:13:75:5a:5e:3d:c4:f2:
                    23:0c:22:5c:c8:ae:2e:8a:c2:46:c6:93:72:fb:f8:
                    3c:f9:54:64:a0:d2:48:28:66:4f:cc:41:54:58:1e:
                    84:6a:9e:0e:74:83:27:58:f7:54:cd:f3:57:39:f5:
                    d0:63:77:ec:02:72:a9:a7:6a:8b:28:4e:b2:7f:63:
                    e5:1f:b8:0b:ea:3b:00:59:d3:e8:8d:4d:02:56:d7:
                    13:27:66:f4:cd:9a:b9:2d:73:7e:44:bf:52:d2:ac:
                    c7:c8:83:83:3b:5e:e6:83:49:65:85:35:f1:d7:3b:
                    84:07:51:6e:87:3b:3b:ce:0e:d7:6b:ed:bd:ad:f7:
                    d6:f0:73:27:b5:9c:a7:d9:53:c8:52:a8:8d:33:36:
                    de:ef:e2:82:95:19:17:80:9b:19:e5:74:3b:af:25:
                    0a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:66:10:2D:45:FA:24:C5:C0:E9:7E:42:7B:6F:01:CC:1D:5E:33:3F
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/3137382e32332e3138382e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.23.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:b7:20:83:b1:88:d4:53:ea:43:21:2b:2f:22:49:02:bc:f4:
         f9:7c:75:4b:81:b1:34:a3:0b:59:42:a0:af:b2:e1:e4:f1:83:
         8d:ef:70:2c:1b:0e:b5:4c:7e:66:ef:bd:53:7e:19:99:bf:93:
         69:26:05:4a:11:79:e3:97:c4:b2:a2:1b:4f:72:ce:12:2f:b6:
         4e:0d:ce:6c:8b:ba:7a:c8:3f:bd:37:de:24:0e:c7:32:9f:8a:
         f0:ef:08:b8:76:31:f8:3b:4b:d9:8b:4b:c1:05:7a:4a:8c:45:
         9f:69:3c:40:d3:b3:b8:1f:c5:3e:f7:68:11:25:f5:fb:70:d6:
         21:88:9a:39:12:fc:4b:71:6a:af:c7:70:0c:ec:d5:e0:20:4e:
         59:31:d1:71:e9:f9:e1:61:7f:08:72:74:1b:3d:f7:4e:cc:9a:
         5b:30:7a:a0:7d:34:55:26:95:ef:76:cf:e1:84:3e:45:bb:08:
         72:b0:ea:92:49:90:d6:3e:c2:53:9a:c9:6f:c5:c3:c5:28:66:
         4c:97:19:9e:76:5a:b3:17:48:06:ba:d8:df:b7:ba:a2:f3:bf:
         60:de:40:d4:2b:af:5c:d8:28:ad:82:a9:27:2a:e3:0b:45:75:
         59:fe:6a:9d:f4:7e:cb:85:be:30:54:27:10:a1:c8:60:c1:e8:
         b8:d3:a5:e4
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUaFYAkXu3JKPjwZ/5SwjkZJsRYCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNjAyMDkxODUwMzdaFw0yNzAyMDgxODU1MzdaMDMxMTAvBgNV
BAMTKDJDNjYxMDJENDVGQTI0QzVDMEU5N0U0MjdCNkYwMUNDMUQ1RTMzM0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2R6kmCoy7ugbjonMi5wRY6E7C
vyWKKyFNKZeT9ITqY9Lrchfq8PiFqFCjAPiDAZWYLlev62cT6V3P7gjuM5ioQVF5
z73j1TYzyHTyG0+N3jBPmt/d7JZnzPNXN7PDGLdmE3VaXj3E8iMMIlzIri6KwkbG
k3L7+Dz5VGSg0kgoZk/MQVRYHoRqng50gydY91TN81c59dBjd+wCcqmnaosoTrJ/
Y+UfuAvqOwBZ0+iNTQJW1xMnZvTNmrktc35Ev1LSrMfIg4M7XuaDSWWFNfHXO4QH
UW6HOzvODtdr7b2t99bwcye1nKfZU8hSqI0zNt7v4oKVGReAmxnldDuvJQqJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQULGYQLUX6JMXA6X5Ce28BzB1eMz8wHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzEzNzM4MmUzMjMzMmUzMTM4
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALIX
vDANBgkqhkiG9w0BAQsFAAOCAQEAMLcgg7GI1FPqQyErLyJJArz0+Xx1S4GxNKML
WUKgr7Lh5PGDje9wLBsOtUx+Zu+9U34Zmb+TaSYFShF545fEsqIbT3LOEi+2Tg3O
bIu6esg/vTfeJA7HMp+K8O8IuHYx+DtL2YtLwQV6SoxFn2k8QNOzuB/FPvdoESX1
+3DWIYiaORL8S3Fqr8dwDOzV4CBOWTHRcen54WF/CHJ0Gz33TsyaWzB6oH00VSaV
73bP4YQ+RbsIcrDqkkmQ1j7CU5rJb8XDxShmTJcZnnZasxdIBrrY37e6ovO/YN5A
1CuvXNgorYKpJyrjC0V1Wf5qnfR+y4W+MFQnEKHIYMHouNOl5A==
-----END CERTIFICATE-----