Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235332e302f32342d3234203d3e2035303635.roa
File:                     3139342e33342e3235332e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          PbuFJWIaFPfS/fUezjEhjeDUJ1OpDE0MDCs7HAI2pDY=
Subject key identifier:   A8:75:CB:79:14:62:A0:6A:E8:38:07:B1:9A:F6:85:71:35:C7:A3:14
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       7B675277F4C9E1E5807F501635A9B76A52D1AE30
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235332e302f32342d3234203d3e2035303635.roa
Signing time:             Wed 11 Feb 2026 12:55:38 +0000
ROA not before:           Wed 11 Feb 2026 12:50:38 +0000
ROA not after:            Wed 10 Feb 2027 12:55:38 +0000
asID:                     5065
IP address blocks:        194.34.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 11:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:67:52:77:f4:c9:e1:e5:80:7f:50:16:35:a9:b7:6a:52:d1:ae:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Feb 11 12:50:38 2026 GMT
            Not After : Feb 10 12:55:38 2027 GMT
        Subject: CN=A875CB791462A06AE83807B19AF6857135C7A314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4b:c1:08:63:e6:37:49:80:6c:e4:64:92:e5:
                    19:be:b4:3b:30:b7:e8:29:f3:65:cb:a1:c0:89:d4:
                    ca:11:3c:ed:74:c9:64:dd:ea:88:bc:bd:05:59:c6:
                    d5:f8:5b:4e:c7:5f:b0:66:fc:14:8e:6b:3a:10:d3:
                    cb:86:c7:eb:8a:d3:6c:9f:e1:24:0f:8c:b7:43:ea:
                    04:43:ca:fb:7c:d9:e2:21:eb:fd:64:8d:83:9b:45:
                    1b:c4:02:2e:5f:aa:6e:6b:2b:48:56:f0:3d:cb:b2:
                    e6:20:54:de:50:ed:d6:c5:97:5d:2e:df:59:29:6a:
                    cd:cb:84:1d:99:34:e3:9b:97:06:6c:ae:58:ee:77:
                    86:d0:47:27:1a:32:2a:ea:13:d0:77:ab:4a:2a:fa:
                    7c:23:c6:df:98:17:74:34:0b:63:95:bf:02:94:db:
                    2f:b6:7c:45:e3:21:f3:e2:9a:34:6d:3f:59:6e:1b:
                    6c:b2:65:a7:5d:07:9b:94:fa:ef:d7:d8:42:8a:7f:
                    ee:d2:d6:c2:f7:1f:02:0f:34:e2:2c:f9:0a:ee:23:
                    5d:c0:68:04:25:3f:fb:ee:cf:04:47:6f:ef:d2:c8:
                    5a:d9:06:98:25:eb:2d:52:52:77:34:41:c9:b1:cc:
                    dc:6a:07:e9:df:e6:e4:61:4e:30:d9:40:49:a3:eb:
                    2d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:75:CB:79:14:62:A0:6A:E8:38:07:B1:9A:F6:85:71:35:C7:A3:14
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235332e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:99:66:65:ae:23:0c:c8:ca:13:17:96:d6:5e:af:eb:21:de:
         4b:85:bd:8b:ef:c2:ab:64:9e:3f:04:4a:74:dc:b4:2a:de:fc:
         d1:70:86:99:bd:f5:83:20:ee:b9:cd:ae:52:92:45:7f:6a:0e:
         3e:e6:d9:b2:e1:2d:3e:25:c8:32:b4:f9:e5:8d:e4:77:cf:d4:
         57:d6:0b:54:48:24:d9:ab:38:49:8d:f3:a1:09:8c:6c:8a:1f:
         ce:c6:2b:6e:ed:14:6e:0d:93:ab:6a:3b:f1:04:ad:61:d6:f4:
         74:7f:75:a1:6f:41:cf:23:73:61:9c:4c:6e:92:3b:20:3d:4b:
         48:66:f3:15:d9:4f:9c:49:43:3c:e7:36:bb:e1:9d:da:0b:dd:
         23:31:2e:7c:84:98:5f:49:91:a3:84:0f:e9:6d:20:a6:c6:76:
         26:3b:42:08:b3:79:46:a1:0e:95:39:f6:99:90:43:5a:d5:7e:
         6d:1c:9e:1d:2a:11:1f:fb:8d:b8:58:76:c9:70:b4:1c:76:16:
         58:84:2f:a9:23:ef:10:d7:6b:20:8b:ae:ac:77:04:25:7d:91:
         5c:60:68:55:5c:4e:c0:1a:b7:bc:b4:79:1d:99:fe:c9:c0:e4:
         b4:20:1d:21:c3:75:fa:70:51:b9:5a:52:b7:cf:a4:73:5d:10:
         79:24:57:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUe2dSd/TJ4eWAf1AWNam3alLRrjAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAyMTExMjUwMzhaFw0yNzAyMTAxMjU1MzhaMDMxMTAvBgNV
BAMTKEE4NzVDQjc5MTQ2MkEwNkFFODM4MDdCMTlBRjY4NTcxMzVDN0EzMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdS8EIY+Y3SYBs5GSS5Rm+tDsw
t+gp82XLocCJ1MoRPO10yWTd6oi8vQVZxtX4W07HX7Bm/BSOazoQ08uGx+uK02yf
4SQPjLdD6gRDyvt82eIh6/1kjYObRRvEAi5fqm5rK0hW8D3LsuYgVN5Q7dbFl10u
31kpas3LhB2ZNOOblwZsrljud4bQRycaMirqE9B3q0oq+nwjxt+YF3Q0C2OVvwKU
2y+2fEXjIfPimjRtP1luG2yyZaddB5uU+u/X2EKKf+7S1sL3HwIPNOIs+QruI13A
aAQlP/vuzwRHb+/SyFrZBpgl6y1SUnc0QcmxzNxqB+nf5uRhTjDZQEmj6y0vAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUqHXLeRRioGroOAexmvaFcTXHoxQwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM0MmUzMzM0MmUzMjM1
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIi
/TANBgkqhkiG9w0BAQsFAAOCAQEAdplmZa4jDMjKExeW1l6v6yHeS4W9i+/Cq2Se
PwRKdNy0Kt780XCGmb31gyDuuc2uUpJFf2oOPubZsuEtPiXIMrT55Y3kd8/UV9YL
VEgk2as4SY3zoQmMbIofzsYrbu0Ubg2Tq2o78QStYdb0dH91oW9BzyNzYZxMbpI7
ID1LSGbzFdlPnElDPOc2u+Gd2gvdIzEufISYX0mRo4QP6W0gpsZ2JjtCCLN5RqEO
lTn2mZBDWtV+bRyeHSoRH/uNuFh2yXC0HHYWWIQvqSPvENdrIIuurHcEJX2RXGBo
VVxOwBq3vLR5HZn+ycDktCAdIcN1+nBRuVpSt8+kc10QeSRXgw==
-----END CERTIFICATE-----