Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930323a3a2f33322d3332203d3e2035363530.roa
File:                     326131333a623930323a3a2f33322d3332203d3e2035363530.roa (raw, json)
Hash identifier:          GcrirzUGj+baQQMYil8xBr+JSDUMr1IrAf8dPn6IBjc=
Subject key identifier:   9E:9E:57:9E:D8:FB:61:D9:67:62:86:7D:FB:CB:6E:35:60:48:04:99
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       6302AF3D6B704B5CB313D1E4324E5B4C42B6E7F8
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930323a3a2f33322d3332203d3e2035363530.roa
Signing time:             Mon 09 Feb 2026 18:55:38 +0000
ROA not before:           Mon 09 Feb 2026 18:50:38 +0000
ROA not after:            Mon 08 Feb 2027 18:55:38 +0000
asID:                     5650
IP address blocks:        2a13:b902::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:47:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:02:af:3d:6b:70:4b:5c:b3:13:d1:e4:32:4e:5b:4c:42:b6:e7:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Feb  9 18:50:38 2026 GMT
            Not After : Feb  8 18:55:38 2027 GMT
        Subject: CN=9E9E579ED8FB61D96762867DFBCB6E3560480499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8b:95:48:d8:4f:91:e2:90:f4:a7:50:79:81:
                    bf:db:a5:06:ad:93:29:2e:10:93:17:55:01:b3:53:
                    cb:96:1b:61:c9:18:96:21:6b:b0:b6:84:e1:9e:34:
                    52:63:3a:0a:30:df:fb:00:3f:0c:a1:9b:98:46:42:
                    a3:b5:49:91:b0:d7:3b:f1:54:86:03:d3:16:07:fe:
                    2a:81:56:e5:5b:6f:ad:60:16:53:7d:cc:c3:56:9a:
                    fa:af:c3:50:d0:36:a4:02:ec:d8:56:bb:7f:99:f5:
                    ac:69:cf:1f:9f:4d:c1:72:ae:71:42:79:b9:7d:53:
                    cf:ed:04:2b:a8:e4:1e:e9:81:9e:fc:03:2d:6f:86:
                    96:94:24:49:b7:ff:4d:8d:d4:40:2b:80:15:fc:cb:
                    eb:58:af:4d:7f:ab:95:bf:c4:88:38:87:9d:bd:33:
                    9a:6d:21:87:bd:7a:e8:a5:b9:3e:b9:c7:d1:9d:97:
                    3c:3b:c4:9f:3e:06:e9:35:3b:4f:65:64:c1:ca:33:
                    43:ac:d8:ae:96:b3:a1:d6:41:60:91:44:81:89:c7:
                    89:33:29:6b:0d:78:bf:96:28:b1:c0:dc:c5:4b:c2:
                    f7:b4:29:dd:5e:05:ee:16:eb:7f:7c:51:1c:ef:47:
                    1d:db:8c:9e:7d:5d:23:d5:c3:ef:a6:59:59:74:ae:
                    2f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9E:57:9E:D8:FB:61:D9:67:62:86:7D:FB:CB:6E:35:60:48:04:99
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930323a3a2f33322d3332203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b902::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:7f:b0:0e:79:92:77:8a:2e:a9:24:f1:e2:0e:c2:61:2a:1b:
         d8:62:08:38:f5:3b:47:a0:3c:85:f6:a3:32:26:83:f5:e7:92:
         e1:92:0d:21:e1:ad:c3:bd:be:4d:ef:d1:7e:c5:f1:7a:44:fb:
         bb:ce:be:16:88:a6:a8:05:fe:b6:d2:5c:07:aa:8c:1a:55:5e:
         84:81:d7:a6:24:7f:ce:bd:f2:db:b5:6c:75:d5:8f:14:0e:37:
         33:73:35:74:ef:01:be:07:64:2b:1f:3a:cb:69:3a:db:8c:0c:
         83:78:a9:08:fa:d5:80:e0:85:b0:66:5d:36:b3:a1:be:e1:4c:
         66:8c:8e:38:24:21:ce:55:05:3b:2e:73:e1:7a:39:f3:b2:82:
         7a:55:8d:96:09:2a:31:5a:0d:3d:9b:81:06:a5:07:d8:d2:c3:
         b0:18:f7:3e:77:1a:da:fa:96:58:4e:19:1a:b2:19:16:25:e6:
         21:69:7d:74:8e:79:77:88:84:dc:45:95:4c:cd:a5:19:d4:de:
         50:8d:fe:f1:73:28:2a:5a:3e:b7:7e:1c:f6:d4:df:02:e0:b8:
         ed:2f:20:b4:c0:37:ac:fc:1e:dc:0c:d9:93:54:aa:ec:51:4f:
         3e:53:1e:5a:53:42:0f:1d:27:57:d6:8f:34:8a:dc:b4:5e:30:
         2a:dc:f5:67
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUYwKvPWtwS1yzE9HkMk5bTEK25/gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNjAyMDkxODUwMzhaFw0yNzAyMDgxODU1MzhaMDMxMTAvBgNV
BAMTKDlFOUU1NzlFRDhGQjYxRDk2NzYyODY3REZCQ0I2RTM1NjA0ODA0OTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoi5VI2E+R4pD0p1B5gb/bpQat
kykuEJMXVQGzU8uWG2HJGJYha7C2hOGeNFJjOgow3/sAPwyhm5hGQqO1SZGw1zvx
VIYD0xYH/iqBVuVbb61gFlN9zMNWmvqvw1DQNqQC7NhWu3+Z9axpzx+fTcFyrnFC
ebl9U8/tBCuo5B7pgZ78Ay1vhpaUJEm3/02N1EArgBX8y+tYr01/q5W/xIg4h529
M5ptIYe9euiluT65x9Gdlzw7xJ8+Buk1O09lZMHKM0Os2K6Ws6HWQWCRRIGJx4kz
KWsNeL+WKLHA3MVLwve0Kd1eBe4W6398URzvRx3bjJ59XSPVw++mWVl0ri+ZAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUnp5Xntj7YdlnYoZ9+8tuNWBIBJkwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzI2MTMxMzMzYTYyMzkzMDMy
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqE7kC
MA0GCSqGSIb3DQEBCwUAA4IBAQBMf7AOeZJ3ii6pJPHiDsJhKhvYYgg49TtHoDyF
9qMyJoP155Lhkg0h4a3Dvb5N79F+xfF6RPu7zr4WiKaoBf620lwHqowaVV6Egdem
JH/OvfLbtWx11Y8UDjczczV07wG+B2QrHzrLaTrbjAyDeKkI+tWA4IWwZl02s6G+
4UxmjI44JCHOVQU7LnPhejnzsoJ6VY2WCSoxWg09m4EGpQfY0sOwGPc+dxra+pZY
ThkashkWJeYhaX10jnl3iITcRZVMzaUZ1N5Qjf7xcygqWj63fhz21N8C4LjtLyC0
wDes/B7cDNmTVKrsUU8+Ux5aU0IPHSdX1o80ity0XjAq3PVn
-----END CERTIFICATE-----