Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2037303138.roa
File:                     3139342e32362e322e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          ipi0vAcQv2svi+muK542zHAIeeVH19r0pk+yh9NadUY=
Subject key identifier:   71:F9:10:F2:8F:25:B8:EA:9F:78:81:83:88:0B:05:73:1F:AC:6E:5C
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       7D9FEBB4549E69EF8A7F2EFC2C65541C8109A2D6
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2037303138.roa
Signing time:             Tue 24 Feb 2026 06:55:39 +0000
ROA not before:           Tue 24 Feb 2026 06:50:39 +0000
ROA not after:            Tue 23 Feb 2027 06:55:39 +0000
asID:                     7018
IP address blocks:        194.26.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:9f:eb:b4:54:9e:69:ef:8a:7f:2e:fc:2c:65:54:1c:81:09:a2:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb 24 06:50:39 2026 GMT
            Not After : Feb 23 06:55:39 2027 GMT
        Subject: CN=71F910F28F25B8EA9F788183880B05731FAC6E5C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:5f:ef:77:90:1b:15:3c:cd:06:8a:d2:2e:f3:
                    cf:ef:32:28:ae:cd:61:bc:39:86:bd:24:0a:e4:84:
                    8c:f3:77:ef:46:2d:28:b0:5d:ff:22:26:6a:db:d4:
                    58:86:43:8b:da:b9:11:1d:33:a5:ff:2a:59:8d:f4:
                    fb:7c:eb:d0:de:5f:9c:74:0f:d1:a4:a2:0c:a0:26:
                    d3:e0:fc:26:63:4c:7e:06:a5:05:6f:3a:ee:bd:70:
                    54:6a:93:c5:3a:5d:50:04:00:cf:d5:b5:bd:10:87:
                    85:66:a1:b5:70:0d:61:bd:7d:08:22:ae:f6:f4:26:
                    3b:b6:39:d9:60:b8:ab:b1:fe:a1:57:45:0a:f0:05:
                    0e:77:1c:a4:8b:f5:82:09:2b:9e:dc:10:fe:80:72:
                    69:e3:82:45:04:62:52:0a:a4:38:8f:31:cd:7d:b6:
                    9d:7f:f6:3a:47:ae:d7:c1:be:7f:ed:c7:d6:86:b5:
                    c2:53:65:49:f0:44:f6:b2:a9:dd:13:65:e7:5f:5a:
                    ac:14:94:7e:2d:af:2a:0f:e5:09:57:cc:6e:d5:57:
                    bf:9d:76:32:fd:e8:fd:1f:f4:5f:ca:70:f9:c0:41:
                    d8:17:e6:1a:a4:5a:c5:b6:62:99:4e:e2:ec:c7:64:
                    f7:60:52:0b:b7:12:0f:18:aa:30:44:25:e9:84:72:
                    d8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F9:10:F2:8F:25:B8:EA:9F:78:81:83:88:0B:05:73:1F:AC:6E:5C
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:d1:ce:26:7a:d2:52:30:66:3a:4d:d0:16:34:ff:3e:21:66:
         f8:bb:9e:0e:f4:d3:25:a9:44:44:d4:2f:82:95:31:a6:d0:e6:
         1f:c2:34:65:8d:2d:23:45:1b:27:3b:f2:0c:d3:40:e5:03:f1:
         ed:b5:3c:5e:4b:4c:8b:29:1f:86:3e:7c:aa:da:ca:1a:74:cc:
         84:aa:23:a4:e7:ad:b8:6a:dd:1c:64:07:a8:66:6b:69:e5:0c:
         e9:f2:73:84:e0:4b:ee:3f:19:d6:24:de:b4:e2:1d:1d:6e:9e:
         e3:ac:7d:21:e5:0a:f2:b8:c6:91:04:2a:81:1e:86:96:9e:e2:
         25:ac:a4:fc:a0:1c:41:ee:7c:4c:76:1b:a3:6c:f4:59:9c:c0:
         60:ec:b5:56:97:de:ba:aa:cb:7b:e3:f4:04:2a:09:64:cc:2f:
         90:f7:d5:d9:9b:f6:0d:e2:df:41:43:4f:fb:26:e4:a2:00:77:
         30:48:4c:bb:7f:ef:ba:fb:8c:40:bf:a4:76:fe:6b:0b:6a:e5:
         67:78:7b:81:b3:63:19:65:4f:fd:c6:01:46:22:1f:be:ed:e9:
         e1:ea:a8:21:ef:d2:a8:18:5e:db:05:f7:5a:78:8b:2e:e1:ce:
         de:88:14:84:cc:2f:7b:9d:84:ce:29:cf:16:a3:e3:28:1f:60:
         49:51:a1:ff
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUfZ/rtFSeae+Kfy78LGVUHIEJotYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMjQwNjUwMzlaFw0yNzAyMjMwNjU1MzlaMDMxMTAvBgNV
BAMTKDcxRjkxMEYyOEYyNUI4RUE5Rjc4ODE4Mzg4MEIwNTczMUZBQzZFNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQX+93kBsVPM0GitIu88/vMiiu
zWG8OYa9JArkhIzzd+9GLSiwXf8iJmrb1FiGQ4vauREdM6X/KlmN9Pt869DeX5x0
D9GkogygJtPg/CZjTH4GpQVvOu69cFRqk8U6XVAEAM/Vtb0Qh4VmobVwDWG9fQgi
rvb0Jju2OdlguKux/qFXRQrwBQ53HKSL9YIJK57cEP6AcmnjgkUEYlIKpDiPMc19
tp1/9jpHrtfBvn/tx9aGtcJTZUnwRPayqd0TZedfWqwUlH4tryoP5QlXzG7VV7+d
djL96P0f9F/KcPnAQdgX5hqkWsW2YplO4uzHZPdgUgu3Eg8YqjBEJemEctjpAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUcfkQ8o8luOqfeIGDiAsFcx+sblwwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzAzMTM4LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhoCMA0G
CSqGSIb3DQEBCwUAA4IBAQCm0c4metJSMGY6TdAWNP8+IWb4u54O9NMlqURE1C+C
lTGm0OYfwjRljS0jRRsnO/IM00DlA/HttTxeS0yLKR+GPnyq2soadMyEqiOk5624
at0cZAeoZmtp5Qzp8nOE4EvuPxnWJN604h0dbp7jrH0h5QryuMaRBCqBHoaWnuIl
rKT8oBxB7nxMdhujbPRZnMBg7LVWl966qst74/QEKglkzC+Q99XZm/YN4t9BQ0/7
JuSiAHcwSEy7f++6+4xAv6R2/msLauVneHuBs2MZZU/9xgFGIh++7enh6qgh79Ko
GF7bBfdaeIsu4c7eiBSEzC97nYTOKc8Wo+MoH2BJUaH/
-----END CERTIFICATE-----