Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3135312e302f32342d3234203d3e20383334.roa
File:                     3139352e35382e3135312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          51JyyvFmYKIMCwLTiDhhEK+MsZYYANLTwN4CVdAzFk8=
Subject key identifier:   90:D7:72:EA:DE:D8:6C:54:0B:A0:02:F0:AC:E0:9C:42:F3:3F:65:EB
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       57862597019568C229B0D6994BB7527A4F52EBD8
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3135312e302f32342d3234203d3e20383334.roa
Signing time:             Sat 28 Feb 2026 19:17:34 +0000
ROA not before:           Sat 28 Feb 2026 19:12:34 +0000
ROA not after:            Sat 27 Feb 2027 19:17:34 +0000
asID:                     834
IP address blocks:        195.58.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 11:39:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:86:25:97:01:95:68:c2:29:b0:d6:99:4b:b7:52:7a:4f:52:eb:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Feb 28 19:12:34 2026 GMT
            Not After : Feb 27 19:17:34 2027 GMT
        Subject: CN=90D772EADED86C540BA002F0ACE09C42F33F65EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fe:8e:4a:ee:83:dc:18:f6:f4:aa:17:87:12:
                    ae:61:e4:84:b7:fb:44:c5:73:a9:2b:b7:9f:21:68:
                    1d:ad:63:98:00:01:af:aa:44:3a:6e:b1:b8:62:9b:
                    1b:a2:b5:83:a6:06:95:bb:24:22:e6:35:64:d5:af:
                    1f:9c:3b:1d:fc:8b:d5:45:0a:4a:60:d8:77:c0:78:
                    be:31:d8:be:64:54:ee:b4:93:2f:f2:06:76:72:3d:
                    43:88:8d:98:40:04:59:cb:40:a0:47:ed:88:64:24:
                    9d:11:1a:9b:b1:25:50:7d:eb:1e:d0:aa:d5:89:8a:
                    19:32:b7:58:85:c7:16:20:2d:df:53:3a:f4:6f:bf:
                    ff:a4:d1:d0:2d:62:00:db:c1:73:30:4c:05:82:72:
                    e3:be:b9:5f:b4:73:4f:f9:15:d8:ff:86:cd:60:29:
                    95:e6:ff:12:95:6a:c9:0a:ec:5f:12:61:b8:0d:ff:
                    64:e4:84:2f:bf:bc:1b:c7:1b:c8:0b:fb:80:a1:75:
                    c1:d5:f0:db:e9:ab:2a:67:a1:01:d0:88:af:6a:3d:
                    77:89:36:a1:e0:9c:41:85:72:bd:f3:d3:ba:e6:04:
                    52:19:97:1d:6c:d1:57:af:3b:75:5c:cd:83:5f:00:
                    cd:af:96:2d:20:d4:66:c3:4a:5f:d1:33:4d:44:4d:
                    6c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:D7:72:EA:DE:D8:6C:54:0B:A0:02:F0:AC:E0:9C:42:F3:3F:65:EB
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139352e35382e3135312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:32:6c:35:c7:d7:94:eb:ee:9f:1b:ed:5c:c2:80:fb:24:9d:
         0e:97:68:ea:8d:22:cc:aa:85:18:d6:9a:1e:e3:dd:4e:47:33:
         3a:5c:38:b9:80:d4:38:77:e5:a8:99:1f:64:be:38:64:96:3f:
         21:79:f7:87:eb:8b:61:be:fd:e0:fe:d3:51:9c:f1:4f:89:e5:
         71:d1:e8:ab:8c:7b:fb:27:37:42:a0:7a:50:b0:70:91:4a:b5:
         3a:a6:9e:d7:f1:b4:77:48:c2:69:db:4a:bf:5c:9e:dc:24:8d:
         b9:ee:af:71:21:05:84:4c:60:57:e0:7f:c8:b0:84:2a:5d:e1:
         1a:53:43:56:7f:ca:3c:49:7c:e3:9d:ef:43:cf:10:6b:36:e1:
         97:a7:81:9a:44:e3:18:58:6e:a1:57:4a:3c:3e:ca:4e:59:ef:
         60:7a:da:0b:98:0b:a6:95:97:77:84:ba:7c:fc:09:4e:0b:06:
         10:b6:ab:d9:d0:2e:ee:83:e8:1b:9e:c8:82:2d:b5:8c:4c:67:
         ca:1e:75:64:0b:6f:dd:57:d6:d0:40:85:9d:e1:83:aa:23:82:
         b1:14:d1:cc:41:6f:41:d5:51:08:c3:66:40:ea:b5:b9:b9:58:
         39:da:11:b2:e8:82:d4:93:29:bd:eb:9d:0c:31:19:76:42:ee:
         8f:fc:d3:33
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUV4YllwGVaMIpsNaZS7dSek9S69gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjAyMjgxOTEyMzRaFw0yNzAyMjcxOTE3MzRaMDMxMTAvBgNV
BAMTKDkwRDc3MkVBREVEODZDNTQwQkEwMDJGMEFDRTA5QzQyRjMzRjY1RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd/o5K7oPcGPb0qheHEq5h5IS3
+0TFc6krt58haB2tY5gAAa+qRDpusbhimxuitYOmBpW7JCLmNWTVrx+cOx38i9VF
Ckpg2HfAeL4x2L5kVO60ky/yBnZyPUOIjZhABFnLQKBH7YhkJJ0RGpuxJVB96x7Q
qtWJihkyt1iFxxYgLd9TOvRvv/+k0dAtYgDbwXMwTAWCcuO+uV+0c0/5Fdj/hs1g
KZXm/xKVaskK7F8SYbgN/2TkhC+/vBvHG8gL+4ChdcHV8NvpqypnoQHQiK9qPXeJ
NqHgnEGFcr3z07rmBFIZlx1s0VevO3VczYNfAM2vli0g1GbDSl/RM01ETWy5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkNdy6t7YbFQLoALwrOCcQvM/ZeswHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM1MmUzNTM4MmUzMTM1
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDOpcw
DQYJKoZIhvcNAQELBQADggEBAIEybDXH15Tr7p8b7VzCgPsknQ6XaOqNIsyqhRjW
mh7j3U5HMzpcOLmA1Dh35aiZH2S+OGSWPyF594fri2G+/eD+01Gc8U+J5XHR6KuM
e/snN0KgelCwcJFKtTqmntfxtHdIwmnbSr9cntwkjbnur3EhBYRMYFfgf8iwhCpd
4RpTQ1Z/yjxJfOOd70PPEGs24ZengZpE4xhYbqFXSjw+yk5Z72B62guYC6aVl3eE
unz8CU4LBhC2q9nQLu6D6BueyIIttYxMZ8oedWQLb91X1tBAhZ3hg6ojgrEU0cxB
b0HVUQjDZkDqtbm5WDnaEbLogtSTKb3rnQwxGXZC7o/80zM=
-----END CERTIFICATE-----