Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/38342e3234362e3131312e302f32342d3234203d3e2033333230.roa
File:                     38342e3234362e3131312e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          XrAwkqLyjKkliRAGb7YhNsmN3gefCa9P2PMxjWEJ07E=
Subject key identifier:   19:79:0A:22:D8:AF:1E:97:19:41:21:B3:6F:9D:68:FF:12:21:5B:98
Certificate issuer:       /CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
Certificate serial:       46046E368E260AEBDB92B062255FA5B11083EDDB
Authority key identifier: FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/38342e3234362e3131312e302f32342d3234203d3e2033333230.roa
Signing time:             Mon 09 Feb 2026 18:55:38 +0000
ROA not before:           Mon 09 Feb 2026 18:50:38 +0000
ROA not after:            Mon 08 Feb 2027 18:55:38 +0000
asID:                     3320
IP address blocks:        84.246.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:47:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:04:6e:36:8e:26:0a:eb:db:92:b0:62:25:5f:a5:b1:10:83:ed:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff426f19ba67bc89de5ae6df487c1c8c1e752e27
        Validity
            Not Before: Feb  9 18:50:38 2026 GMT
            Not After : Feb  8 18:55:38 2027 GMT
        Subject: CN=19790A22D8AF1E97194121B36F9D68FF12215B98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8f:b9:5d:0d:1f:97:1b:b4:88:12:2a:86:c2:
                    7b:bf:20:1b:9d:42:cb:1e:d1:14:17:f7:f6:b2:fa:
                    34:b4:34:74:ab:cc:b0:b6:87:24:a9:cd:d9:4f:d4:
                    93:87:89:5c:4a:cb:b2:f6:cc:bb:23:dd:c2:a0:3d:
                    ba:71:46:5e:ee:7f:e6:df:0a:19:f1:d8:29:b8:c7:
                    2e:44:a1:ba:54:ec:f9:be:ba:08:4d:15:03:8e:df:
                    cd:0f:08:4a:36:43:45:8f:46:22:e0:a4:75:41:f7:
                    0d:45:2e:19:a1:2f:a4:88:90:58:90:0f:ab:80:18:
                    8e:1b:13:3a:4b:77:03:ba:8a:d5:f5:14:0c:04:fc:
                    83:1b:0c:d1:d3:da:1b:66:ac:bf:50:6e:0b:e6:61:
                    f3:cb:c3:20:da:ba:7b:19:38:05:be:60:b1:aa:0f:
                    bd:f0:33:0d:89:f3:e1:41:c4:57:ca:98:86:d8:1e:
                    97:c3:d1:a5:5d:41:5f:3b:10:96:ad:fc:68:71:51:
                    8a:5c:17:4e:02:9a:e4:68:19:6e:37:33:fb:d1:05:
                    14:38:70:63:3b:73:55:3a:ee:00:b6:0f:62:06:4f:
                    f2:bf:ed:ae:68:dd:51:e7:25:2c:5a:a6:fe:90:bb:
                    e6:e8:f3:ad:cb:09:a8:25:ab:d4:46:bf:ec:d7:1d:
                    44:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:79:0A:22:D8:AF:1E:97:19:41:21:B3:6F:9D:68:FF:12:21:5B:98
            X509v3 Authority Key Identifier:
                keyid:FF:42:6F:19:BA:67:BC:89:DE:5A:E6:DF:48:7C:1C:8C:1E:75:2E:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/FF426F19BA67BC89DE5AE6DF487C1C8C1E752E27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0JvGbpnvIneWubfSHwcjB51Lic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/468b081e-ba93-465f-9b6e-7fbd63bdff63/0/38342e3234362e3131312e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:cb:f6:dd:41:53:6b:1b:f6:00:cb:85:5c:0b:16:d1:65:60:
         b1:0f:87:d1:75:98:d1:80:dc:d3:c8:4e:6f:79:29:58:51:e2:
         fe:48:1a:58:e7:ec:2d:8b:cd:46:d4:39:3a:94:41:4a:d9:53:
         72:0f:d4:8e:8e:58:c7:17:26:f5:7b:48:e2:43:b0:59:98:bb:
         be:69:ec:7a:4d:61:b9:41:be:cd:de:bf:a8:d8:cc:05:d1:66:
         67:fc:4e:f3:dd:1e:e0:b3:9d:3d:f3:ae:37:6e:76:84:26:6e:
         7a:51:eb:90:e2:cc:6b:5b:d0:2e:32:3a:0b:0a:be:d9:2b:da:
         62:07:4c:44:f5:3f:cd:04:e5:ac:67:5b:82:7f:1e:5a:14:c6:
         01:98:9b:08:bc:bc:b1:7d:41:1e:31:1b:90:bf:9d:98:fa:db:
         e9:47:ed:fa:7d:d4:5a:c8:5a:3f:ae:18:7c:6e:91:5c:59:22:
         20:85:44:a9:89:75:94:86:7e:c7:86:93:45:09:66:7c:1f:f6:
         2f:3b:77:25:a9:79:66:31:40:77:bb:1a:51:12:bd:20:e1:bf:
         34:7b:72:6b:2f:65:9b:c9:c9:a8:ea:de:d0:d0:fb:a3:cc:0e:
         ae:4e:b9:9a:13:b4:fe:13:6d:54:5a:13:be:4e:19:67:74:dc:
         d9:bc:e6:e9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURgRuNo4mCuvbkrBiJV+lsRCD7dswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmY0MjZmMTliYTY3YmM4OWRlNWFlNmRmNDg3YzFjOGMx
ZTc1MmUyNzAeFw0yNjAyMDkxODUwMzhaFw0yNzAyMDgxODU1MzhaMDMxMTAvBgNV
BAMTKDE5NzkwQTIyRDhBRjFFOTcxOTQxMjFCMzZGOUQ2OEZGMTIyMTVCOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7j7ldDR+XG7SIEiqGwnu/IBud
Qsse0RQX9/ay+jS0NHSrzLC2hySpzdlP1JOHiVxKy7L2zLsj3cKgPbpxRl7uf+bf
Chnx2Cm4xy5EobpU7Pm+ughNFQOO380PCEo2Q0WPRiLgpHVB9w1FLhmhL6SIkFiQ
D6uAGI4bEzpLdwO6itX1FAwE/IMbDNHT2htmrL9QbgvmYfPLwyDaunsZOAW+YLGq
D73wMw2J8+FBxFfKmIbYHpfD0aVdQV87EJat/GhxUYpcF04CmuRoGW43M/vRBRQ4
cGM7c1U67gC2D2IGT/K/7a5o3VHnJSxapv6Qu+bo863LCaglq9RGv+zXHUTZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGXkKItivHpcZQSGzb51o/xIhW5gwHwYDVR0j
BBgwFoAU/0JvGbpnvIneWubfSHwcjB51LicwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUtYmE5My00NjVmLTliNmUtN2ZiZDYzYmRm
ZjYzLzAvRkY0MjZGMTlCQTY3QkM4OURFNUFFNkRGNDg3QzFDOEMxRTc1MkUyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL18wSnZHYnBudkluZVd1YmZTSHdjakI1
MUxpYy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDY4YjA4MWUt
YmE5My00NjVmLTliNmUtN2ZiZDYzYmRmZjYzLzAvMzgzNDJlMzIzNDM2MmUzMTMx
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMzMzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFT2
bzANBgkqhkiG9w0BAQsFAAOCAQEAUMv23UFTaxv2AMuFXAsW0WVgsQ+H0XWY0YDc
08hOb3kpWFHi/kgaWOfsLYvNRtQ5OpRBStlTcg/Ujo5Yxxcm9XtI4kOwWZi7vmns
ek1huUG+zd6/qNjMBdFmZ/xO890e4LOdPfOuN252hCZuelHrkOLMa1vQLjI6Cwq+
2SvaYgdMRPU/zQTlrGdbgn8eWhTGAZibCLy8sX1BHjEbkL+dmPrb6Uft+n3UWsha
P64YfG6RXFkiIIVEqYl1lIZ+x4aTRQlmfB/2Lzt3Jal5ZjFAd7saURK9IOG/NHty
ay9lm8nJqOre0ND7o8wOrk65mhO0/hNtVFoTvk4ZZ3Tc2bzm6Q==
-----END CERTIFICATE-----