Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134372e302f32342d3234203d3e20383334.roa
File:                     3139352e35382e3134372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          JWGPv7PU6obBxeHVeHi6tuMRYdpVhg5tTNxKivLFrAg=
Subject key identifier:   92:FE:89:8A:8E:50:1F:50:90:85:BE:C0:81:BD:E9:21:10:9F:16:7C
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       6BAD14F88D52B02BA2C6D7BE91852EEAD4DB2F58
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134372e302f32342d3234203d3e20383334.roa
Signing time:             Mon 02 Mar 2026 03:32:16 +0000
ROA not before:           Mon 02 Mar 2026 03:27:16 +0000
ROA not after:            Mon 01 Mar 2027 03:32:16 +0000
asID:                     834
IP address blocks:        195.58.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:ad:14:f8:8d:52:b0:2b:a2:c6:d7:be:91:85:2e:ea:d4:db:2f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Mar  2 03:27:16 2026 GMT
            Not After : Mar  1 03:32:16 2027 GMT
        Subject: CN=92FE898A8E501F509085BEC081BDE921109F167C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fb:6b:9f:59:ce:58:fe:95:ef:96:e9:43:65:
                    e8:04:6d:32:04:25:25:57:81:6a:a8:18:2b:b9:f7:
                    e6:ff:01:2e:3e:8f:5b:8d:c4:35:d6:d0:fa:96:fd:
                    db:4a:8b:9a:6e:f8:54:2b:7f:e6:51:d1:f6:26:88:
                    d1:0c:bc:04:cb:24:9f:08:7c:19:94:2d:4c:2e:32:
                    cd:43:e3:04:74:13:7f:75:26:e7:fa:67:da:5e:03:
                    23:95:16:59:2d:9f:81:27:d5:c2:55:5d:64:71:49:
                    ec:30:55:59:64:a3:fd:50:af:b9:a7:cf:a1:27:ce:
                    25:9c:59:30:42:91:49:a8:9e:40:b6:57:93:19:15:
                    4e:7b:2f:4c:8e:48:d2:4a:ef:35:53:3f:0c:31:12:
                    52:c7:ef:5e:02:7d:f2:22:1c:fa:96:8c:d4:ae:2c:
                    16:6e:92:5e:88:c8:6f:de:57:ba:a1:0a:ca:87:a2:
                    db:8d:1b:ac:46:cb:71:55:e3:92:8b:cf:68:a4:ff:
                    4e:fb:f1:a4:71:6f:72:c2:28:27:a0:e8:74:ad:b8:
                    8d:10:56:62:5b:2c:4e:61:0b:f6:6f:b0:fc:ff:a3:
                    d2:55:2e:64:d1:17:da:75:35:eb:88:07:bb:1b:ca:
                    cb:f5:b9:df:1d:e2:36:2b:05:25:95:ef:d9:9e:84:
                    cf:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FE:89:8A:8E:50:1F:50:90:85:BE:C0:81:BD:E9:21:10:9F:16:7C
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3134372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:6c:ea:44:b2:ab:da:5d:8e:41:80:ab:69:a7:4c:12:da:94:
         83:aa:d1:1c:62:d6:d0:12:f4:98:0e:e6:f5:01:62:a7:2f:52:
         7a:79:83:7f:ae:1a:a8:fc:5b:26:7e:32:55:d5:08:79:f6:6f:
         1f:15:06:f2:f1:3f:03:4b:c3:b5:6e:81:44:a2:73:ce:5a:74:
         ac:be:0d:f5:2b:ba:12:73:53:0a:2f:60:b8:17:39:70:73:22:
         54:f2:04:2d:88:a3:de:e9:1b:1b:b9:77:ce:10:b1:69:f4:1e:
         3f:01:d6:35:33:8a:26:60:aa:59:49:15:05:94:74:8b:cb:70:
         df:e0:28:88:79:36:17:14:d9:35:6b:72:b2:9a:93:51:bb:bf:
         92:11:ee:42:f3:e6:6d:2f:e7:34:98:60:0a:85:5e:ab:83:f9:
         bb:2a:78:79:03:35:66:27:a9:cc:51:f3:24:f9:bd:cc:16:91:
         e9:d9:be:e4:86:8a:a4:f8:a4:07:a3:a5:fe:12:cb:e6:f3:35:
         0c:c6:ce:5e:8c:f7:38:1f:55:46:fc:4b:80:81:3b:b7:5b:88:
         17:ae:54:e9:ca:a8:21:b4:7c:4c:3d:42:56:ea:e1:48:a4:9b:
         42:d0:08:08:ef:f6:f4:06:a5:6f:e6:8f:16:f4:55:d9:2d:d2:
         90:cd:42:d6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUa60U+I1SsCuixte+kYUu6tTbL1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAzMDIwMzI3MTZaFw0yNzAzMDEwMzMyMTZaMDMxMTAvBgNV
BAMTKDkyRkU4OThBOEU1MDFGNTA5MDg1QkVDMDgxQkRFOTIxMTA5RjE2N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC++2ufWc5Y/pXvlulDZegEbTIE
JSVXgWqoGCu59+b/AS4+j1uNxDXW0PqW/dtKi5pu+FQrf+ZR0fYmiNEMvATLJJ8I
fBmULUwuMs1D4wR0E391Juf6Z9peAyOVFlktn4En1cJVXWRxSewwVVlko/1Qr7mn
z6EnziWcWTBCkUmonkC2V5MZFU57L0yOSNJK7zVTPwwxElLH714CffIiHPqWjNSu
LBZukl6IyG/eV7qhCsqHotuNG6xGy3FV45KLz2ik/0778aRxb3LCKCeg6HStuI0Q
VmJbLE5hC/ZvsPz/o9JVLmTRF9p1NeuIB7sbysv1ud8d4jYrBSWV79mehM9fAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkv6Jio5QH1CQhb7Agb3pIRCfFnwwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTM0
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOpMw
DQYJKoZIhvcNAQELBQADggEBAHVs6kSyq9pdjkGAq2mnTBLalIOq0Rxi1tAS9JgO
5vUBYqcvUnp5g3+uGqj8WyZ+MlXVCHn2bx8VBvLxPwNLw7VugUSic85adKy+DfUr
uhJzUwovYLgXOXBzIlTyBC2Io97pGxu5d84QsWn0Hj8B1jUziiZgqllJFQWUdIvL
cN/gKIh5NhcU2TVrcrKak1G7v5IR7kLz5m0v5zSYYAqFXquD+bsqeHkDNWYnqcxR
8yT5vcwWkenZvuSGiqT4pAejpf4Sy+bzNQzGzl6M9zgfVUb8S4CBO7dbiBeuVOnK
qCG0fEw9Qlbq4Uikm0LQCAjv9vQGpW/mjxb0Vdkt0pDNQtY=
-----END CERTIFICATE-----