Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930343a3a2f33322d3332203d3e2035363530.roa
File:                     326131333a623930343a3a2f33322d3332203d3e2035363530.roa (raw, json)
Hash identifier:          0UzTLd9sP5E9hVagexG3NWMHzI1vl2WYjkZP4E+bLVU=
Subject key identifier:   B3:07:AE:90:62:14:88:EB:7F:64:0A:5E:EB:1C:97:03:E8:23:CF:01
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       1A8F943CD5AD4895525ADA8353BCE72E621B42F5
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930343a3a2f33322d3332203d3e2035363530.roa
Signing time:             Mon 09 Feb 2026 18:55:38 +0000
ROA not before:           Mon 09 Feb 2026 18:50:38 +0000
ROA not after:            Mon 08 Feb 2027 18:55:38 +0000
asID:                     5650
IP address blocks:        2a13:b904::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:47:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:8f:94:3c:d5:ad:48:95:52:5a:da:83:53:bc:e7:2e:62:1b:42:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Feb  9 18:50:38 2026 GMT
            Not After : Feb  8 18:55:38 2027 GMT
        Subject: CN=B307AE90621488EB7F640A5EEB1C9703E823CF01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d1:01:d6:61:05:6e:4d:6a:1d:6e:6a:85:bb:
                    0c:fc:d9:fa:8e:b6:b6:8d:da:bf:f2:72:bb:bf:d1:
                    bf:1f:24:6f:fb:a3:b4:26:06:50:3e:59:32:2a:8d:
                    0c:d4:fc:62:ed:52:35:fc:64:87:85:d5:81:7d:32:
                    79:f2:94:58:ee:35:07:dd:13:a6:0c:aa:b8:90:8e:
                    ab:9b:02:ea:38:bf:d1:a0:3f:04:b7:52:f8:2c:d9:
                    8b:c5:df:5f:40:94:f1:2c:d7:fe:40:b1:0b:90:01:
                    6f:e7:66:ba:cc:15:9e:b5:d0:e1:d4:09:e5:13:4f:
                    f8:c2:38:28:a4:d2:cc:70:95:32:89:e9:d3:62:70:
                    11:d5:ba:f2:7c:49:e7:4c:4e:e6:09:52:b8:84:c3:
                    99:08:c2:50:34:5e:f5:7a:9a:6f:61:04:5d:ef:7f:
                    ca:be:a2:0e:54:0d:63:05:82:b7:69:ce:12:7a:c9:
                    ee:70:5a:6c:2c:11:86:34:af:cf:e7:eb:d4:6c:2e:
                    0f:2c:6e:1d:0d:3d:26:b9:89:5e:ac:c3:22:57:30:
                    f6:c3:c9:fd:21:4b:1a:84:13:3d:47:5f:23:ab:fa:
                    7c:b1:cf:0a:af:a5:ba:ce:11:e8:59:d9:2f:a2:76:
                    c6:33:d5:d0:9d:67:ca:e4:ba:67:31:09:5e:05:0d:
                    16:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:07:AE:90:62:14:88:EB:7F:64:0A:5E:EB:1C:97:03:E8:23:CF:01
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/326131333a623930343a3a2f33322d3332203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b904::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:1c:e8:44:fc:4b:e2:70:27:b0:6c:e1:ed:f5:44:4e:2d:8e:
         b1:e4:3a:7c:13:ff:07:65:cf:14:ae:87:78:38:f9:da:d8:f6:
         5e:42:12:9d:f7:a1:77:f9:d2:30:af:60:0a:6e:a6:8f:cd:fd:
         74:23:fe:25:10:63:1b:27:27:df:c9:e0:88:30:11:63:a0:90:
         0c:55:bb:0f:62:25:24:3d:be:25:1b:44:e9:0e:dc:d6:16:25:
         90:70:cd:2a:6a:ad:c6:fc:2a:5b:68:92:48:90:0b:0b:fa:40:
         0e:62:6d:d9:47:44:5b:8e:5a:ee:97:73:54:cb:a6:a5:9d:5c:
         82:08:08:81:45:ba:a2:e8:c8:8e:56:54:68:73:9c:f1:f1:45:
         01:87:54:b4:f9:4e:66:51:20:ba:0c:fe:14:ef:b0:6e:3d:02:
         1e:c2:9c:15:39:81:22:0b:73:3b:15:86:1b:13:ed:5a:58:72:
         6e:e2:8f:e2:69:a9:71:ab:9c:8f:c4:e7:10:da:24:72:0d:e1:
         10:15:c1:5b:0a:fc:fb:78:40:6d:68:36:80:94:6f:f1:f9:ca:
         46:7e:ec:6e:48:67:db:06:c0:9e:3e:a1:c1:b2:98:4b:58:0b:
         73:2b:53:d6:a3:56:91:44:e6:09:3a:4c:12:fc:1a:f0:5b:66:
         29:d3:28:ae
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUGo+UPNWtSJVSWtqDU7znLmIbQvUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNjAyMDkxODUwMzhaFw0yNzAyMDgxODU1MzhaMDMxMTAvBgNV
BAMTKEIzMDdBRTkwNjIxNDg4RUI3RjY0MEE1RUVCMUM5NzAzRTgyM0NGMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV0QHWYQVuTWodbmqFuwz82fqO
traN2r/ycru/0b8fJG/7o7QmBlA+WTIqjQzU/GLtUjX8ZIeF1YF9MnnylFjuNQfd
E6YMqriQjqubAuo4v9GgPwS3Uvgs2YvF319AlPEs1/5AsQuQAW/nZrrMFZ610OHU
CeUTT/jCOCik0sxwlTKJ6dNicBHVuvJ8SedMTuYJUriEw5kIwlA0XvV6mm9hBF3v
f8q+og5UDWMFgrdpzhJ6ye5wWmwsEYY0r8/n69RsLg8sbh0NPSa5iV6swyJXMPbD
yf0hSxqEEz1HXyOr+nyxzwqvpbrOEehZ2S+idsYz1dCdZ8rkumcxCV4FDRbXAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUsweukGIUiOt/ZApe6xyXA+gjzwEwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzI2MTMxMzMzYTYyMzkzMDM0
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqE7kE
MA0GCSqGSIb3DQEBCwUAA4IBAQAKHOhE/EvicCewbOHt9UROLY6x5Dp8E/8HZc8U
rod4OPna2PZeQhKd96F3+dIwr2AKbqaPzf10I/4lEGMbJyffyeCIMBFjoJAMVbsP
YiUkPb4lG0TpDtzWFiWQcM0qaq3G/CpbaJJIkAsL+kAOYm3ZR0Rbjlrul3NUy6al
nVyCCAiBRbqi6MiOVlRoc5zx8UUBh1S0+U5mUSC6DP4U77BuPQIewpwVOYEiC3M7
FYYbE+1aWHJu4o/iaalxq5yPxOcQ2iRyDeEQFcFbCvz7eEBtaDaAlG/x+cpGfuxu
SGfbBsCePqHBsphLWAtzK1PWo1aRROYJOkwS/BrwW2Yp0yiu
-----END CERTIFICATE-----