Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/39312e3231302e34332e302f32342d3234203d3e203633303939.roa
File:                     39312e3231302e34332e302f32342d3234203d3e203633303939.roa (raw, json)
Hash identifier:          oAwjVGPwU25ceOih3rJWmllATU7l2YARbFutZVfy2iM=
Subject key identifier:   4A:FC:25:97:1F:F3:01:AD:0D:19:ED:B7:E8:63:56:2A:46:BD:D8:A5
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       6BB3038521B3C961A2894DC50C1DEAEA8C8C7B1B
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/39312e3231302e34332e302f32342d3234203d3e203633303939.roa
Signing time:             Mon 08 Jun 2026 06:46:54 +0000
ROA not before:           Mon 08 Jun 2026 06:41:54 +0000
ROA not after:            Mon 07 Jun 2027 06:46:54 +0000
asID:                     63099
IP address blocks:        91.210.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 16:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:b3:03:85:21:b3:c9:61:a2:89:4d:c5:0c:1d:ea:ea:8c:8c:7b:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Jun  8 06:41:54 2026 GMT
            Not After : Jun  7 06:46:54 2027 GMT
        Subject: CN=4AFC25971FF301AD0D19EDB7E863562A46BDD8A5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d5:7e:6c:26:c0:52:f2:d2:e1:5b:74:06:e0:
                    04:74:fb:7b:da:29:f5:23:fc:75:00:e2:eb:9d:8b:
                    96:1f:3a:68:3f:a3:a2:19:2b:c7:16:f3:53:1f:4b:
                    65:fe:b7:59:36:8b:49:75:41:e4:0c:d5:30:b5:6d:
                    70:6a:71:23:bf:2e:d8:de:a9:dd:99:1e:9c:8b:6c:
                    f6:9b:dc:78:94:54:5b:5d:74:b2:46:dd:01:1c:dd:
                    2a:cb:72:cc:5d:a1:7d:a6:48:67:00:03:d2:68:e8:
                    74:fc:47:d8:3f:12:d3:81:c8:84:54:8a:d3:b6:09:
                    51:a4:1d:dc:c7:4c:24:82:74:0e:85:f0:ef:e0:15:
                    65:83:b8:35:57:db:35:26:43:3d:f0:3b:5a:31:4b:
                    77:93:d8:12:0b:35:6d:12:5e:af:ed:c1:7a:49:f3:
                    52:0c:46:5c:3a:1c:24:89:d6:c5:b4:bb:e9:a1:0d:
                    71:f6:1e:17:07:60:bb:63:63:d0:5e:53:cb:a7:98:
                    01:11:f7:2a:af:85:da:35:62:4c:8e:d7:24:40:d4:
                    e8:18:b8:67:de:41:77:f7:42:65:f2:bd:f8:c7:56:
                    a6:a9:52:94:13:22:d2:12:c7:e0:d3:01:3e:91:f2:
                    49:d3:d5:98:53:fb:4b:29:6e:3f:6a:a4:93:c1:d3:
                    f2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:FC:25:97:1F:F3:01:AD:0D:19:ED:B7:E8:63:56:2A:46:BD:D8:A5
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/39312e3231302e34332e302f32342d3234203d3e203633303939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f2:ac:6a:ed:44:80:dd:3c:31:8c:7c:2a:a0:f0:2b:db:5d:
         bc:d0:90:00:b7:d9:40:8f:35:74:ea:51:ba:62:5f:1c:7e:36:
         9d:06:83:af:b7:2c:d3:03:e9:c3:11:72:c4:d7:ce:68:ba:e3:
         85:e2:77:ac:92:9b:e8:6d:19:82:00:68:0d:0d:04:09:3e:44:
         a2:00:8d:69:ac:22:8a:8e:4d:ed:6a:38:23:6b:78:06:20:3c:
         a4:9d:0d:ea:87:6f:7e:6a:40:d9:e4:20:f5:40:26:01:c2:4c:
         e1:52:81:6f:02:f2:be:46:bd:f8:4e:1a:3b:63:05:2e:e8:94:
         ea:1d:ce:20:42:95:90:10:5b:fa:01:bf:ec:0b:f9:32:de:8f:
         6b:bf:7b:19:b9:eb:48:76:7a:77:95:69:a3:5d:7f:93:50:e9:
         0c:ea:19:d9:03:dd:e1:df:f1:b5:d2:f6:57:38:9c:5a:82:16:
         ae:f8:3c:a2:5e:85:6b:22:8e:92:f3:d8:7c:54:b4:a3:55:23:
         47:8c:0c:e2:77:e8:d2:8e:b5:cc:ae:c4:3b:32:05:9a:5d:26:
         bd:bd:90:fb:15:e3:53:23:61:ab:8f:bd:03:5a:60:a9:49:0d:
         ca:05:82:d4:87:9b:78:8c:40:c0:ae:49:32:5c:f5:ce:8b:07:
         d6:45:d9:d6
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUa7MDhSGzyWGiiU3FDB3q6oyMexswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNjA2MDgwNjQxNTRaFw0yNzA2MDcwNjQ2NTRaMDMxMTAvBgNV
BAMTKDRBRkMyNTk3MUZGMzAxQUQwRDE5RURCN0U4NjM1NjJBNDZCREQ4QTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe1X5sJsBS8tLhW3QG4AR0+3va
KfUj/HUA4uudi5YfOmg/o6IZK8cW81MfS2X+t1k2i0l1QeQM1TC1bXBqcSO/Ltje
qd2ZHpyLbPab3HiUVFtddLJG3QEc3SrLcsxdoX2mSGcAA9Jo6HT8R9g/EtOByIRU
itO2CVGkHdzHTCSCdA6F8O/gFWWDuDVX2zUmQz3wO1oxS3eT2BILNW0SXq/twXpJ
81IMRlw6HCSJ1sW0u+mhDXH2HhcHYLtjY9BeU8unmAER9yqvhdo1YkyO1yRA1OgY
uGfeQXf3QmXyvfjHVqapUpQTItISx+DTAT6R8knT1ZhT+0spbj9qpJPB0/JhAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSvwllx/zAa0NGe236GNWKka92KUwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzkzMTJlMzIzMTMwMmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMzMwMzkzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvS
KzANBgkqhkiG9w0BAQsFAAOCAQEAZfKsau1EgN08MYx8KqDwK9tdvNCQALfZQI81
dOpRumJfHH42nQaDr7cs0wPpwxFyxNfOaLrjheJ3rJKb6G0ZggBoDQ0ECT5EogCN
aawiio5N7Wo4I2t4BiA8pJ0N6odvfmpA2eQg9UAmAcJM4VKBbwLyvka9+E4aO2MF
LuiU6h3OIEKVkBBb+gG/7Av5Mt6Pa797GbnrSHZ6d5Vpo11/k1DpDOoZ2QPd4d/x
tdL2VzicWoIWrvg8ol6FayKOkvPYfFS0o1UjR4wM4nfo0o61zK7EOzIFml0mvb2Q
+xXjUyNhq4+9A1pgqUkNygWC1IebeIxAwK5JMlz1zosH1kXZ1g==
-----END CERTIFICATE-----