Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2036303739.roa
File:                     3139342e32362e322e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          TjtnNTn7FpO9sB3IOcWEqbyB3qNOxAYh9NFcoqi1238=
Subject key identifier:   58:33:2B:34:27:D4:1C:EB:14:8C:E7:06:A0:76:67:41:16:76:FD:E1
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       79054056AB9C6D69D6E62EB147105715B99A4C4F
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2036303739.roa
Signing time:             Fri 13 Feb 2026 02:59:18 +0000
ROA not before:           Fri 13 Feb 2026 02:54:18 +0000
ROA not after:            Fri 12 Feb 2027 02:59:18 +0000
asID:                     6079
IP address blocks:        194.26.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:05:40:56:ab:9c:6d:69:d6:e6:2e:b1:47:10:57:15:b9:9a:4c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb 13 02:54:18 2026 GMT
            Not After : Feb 12 02:59:18 2027 GMT
        Subject: CN=58332B3427D41CEB148CE706A07667411676FDE1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7e:96:f8:b7:d3:49:df:a4:ff:0c:f7:3d:aa:
                    44:2a:00:90:b4:39:8d:df:9c:43:20:3b:54:dc:7e:
                    cf:74:8b:28:c5:b0:5b:2a:cf:26:da:c0:43:07:0e:
                    33:31:22:6c:05:e8:48:dd:12:23:af:5c:fb:e8:93:
                    ec:75:b4:4f:b6:e7:a3:d7:1f:3c:41:f9:e8:62:86:
                    de:79:bd:7d:6b:fe:2e:10:83:e3:6f:e2:5c:16:c1:
                    a9:9a:1d:c1:53:2d:6e:07:e3:1d:81:7b:01:15:be:
                    f6:5e:6e:1f:89:c7:06:b5:8f:d0:1e:86:03:f9:e5:
                    fe:9f:ec:4f:ed:7f:38:b3:a2:a5:f1:c2:46:40:e7:
                    ee:75:85:4e:80:78:21:6a:f9:b3:44:cf:be:ab:cf:
                    30:4b:9e:68:4c:33:37:e5:40:82:bd:21:40:1c:d5:
                    d9:93:a6:a3:c3:c2:51:7f:83:44:e9:0c:cf:9c:24:
                    e9:06:39:13:5e:d1:37:18:29:f2:6c:59:9b:6b:a4:
                    cc:82:22:86:67:e9:62:fd:3f:99:3e:12:dd:b4:05:
                    48:90:74:54:28:53:32:f9:e6:5b:b8:61:f8:58:09:
                    a8:42:53:e1:bc:19:d6:b9:54:06:a0:06:89:b6:d2:
                    1f:d0:44:53:ff:b8:3d:e5:c6:b4:38:0f:06:a7:3e:
                    d9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:33:2B:34:27:D4:1C:EB:14:8C:E7:06:A0:76:67:41:16:76:FD:E1
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:1f:df:73:18:18:e0:8f:79:bc:cd:8a:e6:ec:af:e1:f4:b7:
         84:36:b6:ef:aa:83:dd:8e:97:c9:bc:56:39:a1:a5:b8:a2:05:
         67:29:da:ad:42:f4:44:b3:6e:f7:f8:a4:4d:c3:00:bb:aa:66:
         d8:17:77:1e:ca:ef:c9:95:4b:b4:73:17:89:32:06:98:2f:b8:
         08:72:7c:72:f7:f5:41:ce:c3:88:38:76:32:fb:c6:df:9a:b3:
         a0:96:97:14:7c:e0:34:7a:a8:08:4e:7c:64:cb:85:f8:76:65:
         49:75:a8:cd:ce:f5:a0:c6:ba:42:1d:3d:1b:44:f7:98:8a:bb:
         ca:6f:95:cb:e6:6b:cd:3b:1a:31:05:0d:55:5c:35:8c:91:6f:
         3e:9e:f2:64:09:e5:d6:6f:7b:81:fc:4a:1b:28:64:7b:72:76:
         ea:8b:58:5c:7b:f2:e2:50:b7:0f:0e:8b:d5:5a:dc:68:08:6e:
         fa:02:7e:ef:a4:26:ad:c9:18:4c:53:5c:e4:34:38:e1:0c:45:
         98:ef:52:6e:fc:e0:7d:61:3d:b5:ef:96:0a:c9:2d:4e:16:18:
         e2:49:91:1f:16:1f:83:8c:76:43:5c:03:7f:6c:34:bf:0a:5f:
         79:5e:df:bc:88:8c:0e:a8:c6:eb:ed:19:56:77:25:fd:7c:67:
         00:a0:6a:c6
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUeQVAVqucbWnW5i6xRxBXFbmaTE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMTMwMjU0MThaFw0yNzAyMTIwMjU5MThaMDMxMTAvBgNV
BAMTKDU4MzMyQjM0MjdENDFDRUIxNDhDRTcwNkEwNzY2NzQxMTY3NkZERTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGfpb4t9NJ36T/DPc9qkQqAJC0
OY3fnEMgO1Tcfs90iyjFsFsqzybawEMHDjMxImwF6EjdEiOvXPvok+x1tE+256PX
HzxB+ehiht55vX1r/i4Qg+Nv4lwWwamaHcFTLW4H4x2BewEVvvZebh+Jxwa1j9Ae
hgP55f6f7E/tfzizoqXxwkZA5+51hU6AeCFq+bNEz76rzzBLnmhMMzflQIK9IUAc
1dmTpqPDwlF/g0TpDM+cJOkGORNe0TcYKfJsWZtrpMyCIoZn6WL9P5k+Et20BUiQ
dFQoUzL55lu4YfhYCahCU+G8Gda5VAagBom20h/QRFP/uD3lxrQ4DwanPtm5AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUWDMrNCfUHOsUjOcGoHZnQRZ2/eEwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzAzNzM5LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhoCMA0G
CSqGSIb3DQEBCwUAA4IBAQANH99zGBjgj3m8zYrm7K/h9LeENrbvqoPdjpfJvFY5
oaW4ogVnKdqtQvREs273+KRNwwC7qmbYF3ceyu/JlUu0cxeJMgaYL7gIcnxy9/VB
zsOIOHYy+8bfmrOglpcUfOA0eqgITnxky4X4dmVJdajNzvWgxrpCHT0bRPeYirvK
b5XL5mvNOxoxBQ1VXDWMkW8+nvJkCeXWb3uB/EobKGR7cnbqi1hce/LiULcPDovV
WtxoCG76An7vpCatyRhMU1zkNDjhDEWY71Ju/OB9YT2175YKyS1OFhjiSZEfFh+D
jHZDXAN/bDS/Cl95Xt+8iIwOqMbr7RlWdyX9fGcAoGrG
-----END CERTIFICATE-----