Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS3320.roa
File:                     AS3320.roa (raw, json)
Hash identifier:          kX4vBbDPzDDKUej1ajbxf319OeEkuU1JBFZBPobol2Q=
Subject key identifier:   8C:94:D0:9A:0A:31:A3:BC:30:2D:D3:75:E5:62:2B:45:44:B9:18:0D
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       3EB46FD1AFAD11A35D4B2F91DB78E951B505C50D
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS3320.roa
Signing time:             Tue 17 Feb 2026 13:34:01 +0000
ROA not before:           Tue 17 Feb 2026 13:29:01 +0000
ROA not after:            Tue 16 Feb 2027 13:34:01 +0000
asID:                     3320
IP address blocks:        139.28.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:b4:6f:d1:af:ad:11:a3:5d:4b:2f:91:db:78:e9:51:b5:05:c5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Feb 17 13:29:01 2026 GMT
            Not After : Feb 16 13:34:01 2027 GMT
        Subject: CN=8C94D09A0A31A3BC302DD375E5622B4544B9180D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7f:73:48:29:7f:cf:10:97:7b:ed:2d:0f:6c:
                    9c:18:fb:c6:aa:3e:12:b7:cd:00:19:22:ab:34:67:
                    1b:c7:f6:b3:30:00:c5:c7:a1:68:66:2d:f6:97:5a:
                    b4:6b:7a:99:f2:fa:85:63:c1:09:89:3c:b6:67:1c:
                    d2:d8:3a:7d:37:2d:3a:07:fb:95:6b:68:84:d4:3b:
                    e0:80:ad:da:e9:fa:7c:f5:b3:38:f9:b4:08:f6:68:
                    54:57:ba:4a:11:fe:fa:b8:07:32:e5:03:75:c2:10:
                    d9:bb:58:62:cb:b4:87:52:ac:27:f7:b1:d7:ba:be:
                    85:76:47:42:39:15:75:59:51:8a:17:8d:14:30:c1:
                    a3:75:7f:cb:82:9b:16:d8:da:3b:2e:6a:8a:bd:a8:
                    48:f4:d6:22:e9:0c:70:9c:e0:f9:e1:eb:4c:9e:e9:
                    f4:4f:ef:ac:4f:7b:b8:bd:db:e9:fb:7c:90:29:b9:
                    44:c7:1a:04:b4:c0:c3:6a:38:a3:9b:15:26:7c:70:
                    c5:5e:04:02:3a:57:db:5d:b8:dd:a0:77:4e:9c:f1:
                    e5:aa:30:30:a4:0e:ee:5f:8f:d5:4a:f0:a7:2a:f4:
                    e9:58:65:ed:48:5d:e5:a1:ed:b5:81:5b:ae:c2:68:
                    ca:9b:7f:44:8d:31:ef:ee:36:8e:e4:53:54:66:db:
                    40:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:94:D0:9A:0A:31:A3:BC:30:2D:D3:75:E5:62:2B:45:44:B9:18:0D
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS3320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:ef:1d:0c:76:66:53:82:0d:52:9a:cc:aa:98:97:b3:76:cd:
         08:f3:ca:b4:3a:43:c3:19:0d:7f:94:81:ed:9b:36:58:28:61:
         01:f7:b0:75:14:dd:49:c5:a1:57:9d:1c:48:e6:51:4d:34:bd:
         8e:f1:17:5d:3a:ba:14:d7:9f:83:ec:70:0b:8b:2f:7d:2b:b8:
         84:0b:03:5d:34:f4:1b:65:7a:de:9e:c1:ec:b7:2f:5e:b4:e3:
         8f:5c:e7:e6:c5:80:a4:3f:52:10:c4:0d:2e:a4:20:f8:24:0b:
         e1:76:51:9d:a5:c8:44:66:fc:80:bd:5d:8c:a4:c8:a9:e0:7e:
         a0:19:cb:25:62:7f:6f:f4:f1:c5:6b:98:d1:08:50:3e:21:56:
         46:b9:0e:d2:d6:78:6e:b4:a6:9a:bb:f8:d1:23:01:0a:d9:8b:
         df:72:99:81:af:09:f2:62:99:4b:e7:1f:c5:65:21:16:a3:24:
         cc:62:a1:3f:ff:63:b6:df:49:37:15:54:f8:55:af:db:ad:20:
         8f:ec:88:4e:c6:c1:33:a9:82:c6:13:86:76:3d:cf:0c:81:7d:
         bd:d4:e2:ad:39:18:11:06:f7:d2:96:79:d5:88:02:30:fc:84:
         5b:34:4c:40:e6:e0:00:23:20:6e:77:0c:6c:a0:ff:f3:21:6c:
         a1:0e:6a:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUPrRv0a+tEaNdSy+R23jpUbUFxQ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAyMTcxMzI5MDFaFw0yNzAyMTYxMzM0MDFaMDMxMTAvBgNV
BAMTKDhDOTREMDlBMEEzMUEzQkMzMDJERDM3NUU1NjIyQjQ1NDRCOTE4MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvf3NIKX/PEJd77S0PbJwY+8aq
PhK3zQAZIqs0ZxvH9rMwAMXHoWhmLfaXWrRrepny+oVjwQmJPLZnHNLYOn03LToH
+5VraITUO+CArdrp+nz1szj5tAj2aFRXukoR/vq4BzLlA3XCENm7WGLLtIdSrCf3
sde6voV2R0I5FXVZUYoXjRQwwaN1f8uCmxbY2jsuaoq9qEj01iLpDHCc4Pnh60ye
6fRP76xPe7i92+n7fJApuUTHGgS0wMNqOKObFSZ8cMVeBAI6V9tduN2gd06c8eWq
MDCkDu5fj9VK8Kcq9OlYZe1IXeWh7bWBW67CaMqbf0SNMe/uNo7kU1Rm20CLAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUjJTQmgoxo7wwLdN15WIrRUS5GA0wHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAYsc8jAN
BgkqhkiG9w0BAQsFAAOCAQEAEO8dDHZmU4INUprMqpiXs3bNCPPKtDpDwxkNf5SB
7Zs2WChhAfewdRTdScWhV50cSOZRTTS9jvEXXTq6FNefg+xwC4svfSu4hAsDXTT0
G2V63p7B7LcvXrTjj1zn5sWApD9SEMQNLqQg+CQL4XZRnaXIRGb8gL1djKTIqeB+
oBnLJWJ/b/TxxWuY0QhQPiFWRrkO0tZ4brSmmrv40SMBCtmL33KZga8J8mKZS+cf
xWUhFqMkzGKhP/9jtt9JNxVU+FWv260gj+yITsbBM6mCxhOGdj3PDIF9vdTirTkY
EQb30pZ51YgCMPyEWzRMQObgACMgbncMbKD/8yFsoQ5q5A==
-----END CERTIFICATE-----