Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134362e302f32342d3234203d3e20383334.roa
File:                     3139352e35382e3134362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          QQpZsSmqwqf8+X8mHKN1fpmq52JtpPuzkLecvPXXqno=
Subject key identifier:   8B:E4:9E:CD:BC:E9:80:AD:4E:75:74:20:B7:E9:FC:AF:67:1D:58:43
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       04F2EE83B409AE5BFCE1AE06B1F158FDDF7F3CAA
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134362e302f32342d3234203d3e20383334.roa
Signing time:             Fri 03 Apr 2026 17:26:51 +0000
ROA not before:           Fri 03 Apr 2026 17:21:51 +0000
ROA not after:            Fri 02 Apr 2027 17:26:51 +0000
asID:                     834
IP address blocks:        195.58.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 11:53:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:f2:ee:83:b4:09:ae:5b:fc:e1:ae:06:b1:f1:58:fd:df:7f:3c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Apr  3 17:21:51 2026 GMT
            Not After : Apr  2 17:26:51 2027 GMT
        Subject: CN=8BE49ECDBCE980AD4E757420B7E9FCAF671D5843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:39:66:ef:72:71:6f:ce:4b:b3:0b:5c:bb:32:
                    e0:5a:c8:87:5c:5e:3d:af:b5:f2:9b:0f:c6:dd:d5:
                    16:0e:b3:97:78:e9:69:e1:1c:73:e9:35:88:b1:ed:
                    7c:3a:49:63:a4:36:b2:1c:54:e2:0b:46:9f:2b:16:
                    41:a5:b1:46:35:e9:54:23:78:a1:fc:3e:8a:dd:08:
                    f1:d1:36:b5:54:dd:51:b0:a4:6e:41:4f:55:ef:f8:
                    98:26:47:62:b3:8d:48:4c:73:7c:e8:3a:36:a4:ef:
                    55:76:7a:69:22:5b:53:a1:c0:80:b6:09:68:ea:75:
                    cb:54:08:d2:1b:5c:e4:f4:58:40:64:ce:1b:c0:aa:
                    38:36:01:68:d3:0c:27:60:42:e0:97:62:5f:49:28:
                    29:aa:0e:9d:73:03:58:a9:35:91:c7:eb:d1:d8:82:
                    bb:fe:19:b7:f1:5c:6e:6f:c8:bf:48:35:6a:69:cc:
                    11:c6:db:22:2b:f9:bf:2a:e3:29:43:44:de:c8:3a:
                    7a:0e:be:a8:25:2f:bc:12:29:4a:b9:d7:97:7d:68:
                    fc:33:91:c2:74:6d:58:22:67:c0:06:84:47:d7:a0:
                    ae:76:09:45:c4:49:ae:4c:e6:b5:f6:2a:18:a0:f3:
                    d1:8a:4a:ed:72:a7:7d:69:01:5e:2e:4d:5d:d6:6e:
                    b5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:E4:9E:CD:BC:E9:80:AD:4E:75:74:20:B7:E9:FC:AF:67:1D:58:43
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:38:dc:92:c1:c6:2b:a0:6c:9a:a7:05:6c:1e:b3:5e:f8:be:
         f4:37:bb:49:5c:02:53:c4:18:b9:cd:ae:91:42:92:db:a3:9e:
         39:68:55:92:73:ac:1d:e5:7e:b0:b0:9e:8e:fd:c2:e1:50:28:
         2a:d9:be:c4:b2:e5:a4:54:92:f4:91:d6:d5:5c:3c:51:a8:a2:
         3e:4f:19:0f:b4:93:01:6b:a5:73:b9:0a:cc:ac:6c:b3:46:e0:
         f1:9e:c3:0d:9a:ec:e8:5e:35:80:9b:eb:2a:fc:c2:53:06:cf:
         6a:8d:3b:91:67:78:1e:e3:4a:d9:1b:87:49:4d:02:e4:b6:b5:
         5b:20:19:f3:fb:9b:ff:a5:56:b4:d8:49:a0:54:7e:71:6d:b6:
         7c:e7:43:19:17:98:a3:d5:66:25:89:a5:a7:0d:28:02:00:3a:
         20:85:83:47:21:ef:cf:35:90:0f:12:0a:40:a6:e4:57:2c:29:
         9f:2a:d1:ac:81:e6:a1:b8:2d:20:ec:82:2e:1b:86:d3:c5:dc:
         39:b5:2b:a0:1e:f9:6e:bd:ac:7b:97:36:a4:b2:92:49:ac:2a:
         2d:ad:b7:c4:e3:0d:de:84:fe:f0:e7:4a:39:ea:86:8d:0f:07:
         c8:f8:3d:18:48:4f:de:93:f1:10:94:60:88:64:75:0b:a6:a1:
         67:ce:76:83
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBPLug7QJrlv84a4GsfFY/d9/PKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA0MDMxNzIxNTFaFw0yNzA0MDIxNzI2NTFaMDMxMTAvBgNV
BAMTKDhCRTQ5RUNEQkNFOTgwQUQ0RTc1NzQyMEI3RTlGQ0FGNjcxRDU4NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPOWbvcnFvzkuzC1y7MuBayIdc
Xj2vtfKbD8bd1RYOs5d46WnhHHPpNYix7Xw6SWOkNrIcVOILRp8rFkGlsUY16VQj
eKH8PordCPHRNrVU3VGwpG5BT1Xv+JgmR2KzjUhMc3zoOjak71V2emkiW1OhwIC2
CWjqdctUCNIbXOT0WEBkzhvAqjg2AWjTDCdgQuCXYl9JKCmqDp1zA1ipNZHH69HY
grv+GbfxXG5vyL9INWppzBHG2yIr+b8q4ylDRN7IOnoOvqglL7wSKUq515d9aPwz
kcJ0bVgiZ8AGhEfXoK52CUXESa5M5rX2Khig89GKSu1yp31pAV4uTV3WbrW5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUi+SezbzpgK1OdXQgt+n8r2cdWEMwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTM0
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOpIw
DQYJKoZIhvcNAQELBQADggEBAKA43JLBxiugbJqnBWwes174vvQ3u0lcAlPEGLnN
rpFCktujnjloVZJzrB3lfrCwno79wuFQKCrZvsSy5aRUkvSR1tVcPFGooj5PGQ+0
kwFrpXO5CsysbLNG4PGeww2a7OheNYCb6yr8wlMGz2qNO5FneB7jStkbh0lNAuS2
tVsgGfP7m/+lVrTYSaBUfnFttnznQxkXmKPVZiWJpacNKAIAOiCFg0ch7881kA8S
CkCm5FcsKZ8q0ayB5qG4LSDsgi4bhtPF3Dm1K6Ae+W69rHuXNqSykkmsKi2tt8Tj
Dd6E/vDnSjnqho0PB8j4PRhIT96T8RCUYIhkdQumoWfOdoM=
-----END CERTIFICATE-----