Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e32312e302f32342d3234203d3e2037303138.roa
File:                     3139342e32362e32312e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          kBcBHXRMQfVwN+zg5BZ4LCUyMZ6cS1mQp15ihx19Joc=
Subject key identifier:   71:3C:34:4C:CC:22:1D:78:7D:D1:C8:AF:B8:6D:13:E0:A7:21:64:D3
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       19510DDDE9DCE12ADB07C72B8C1DC8334487135C
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e32312e302f32342d3234203d3e2037303138.roa
Signing time:             Tue 24 Feb 2026 06:55:40 +0000
ROA not before:           Tue 24 Feb 2026 06:50:40 +0000
ROA not after:            Tue 23 Feb 2027 06:55:40 +0000
asID:                     7018
IP address blocks:        194.26.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:51:0d:dd:e9:dc:e1:2a:db:07:c7:2b:8c:1d:c8:33:44:87:13:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Feb 24 06:50:40 2026 GMT
            Not After : Feb 23 06:55:40 2027 GMT
        Subject: CN=713C344CCC221D787DD1C8AFB86D13E0A72164D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a2:f1:aa:5e:3a:93:d4:b6:51:8b:cd:94:bc:
                    86:2b:0a:e5:57:a7:b7:6a:8b:db:c3:7b:37:aa:05:
                    3e:47:e9:eb:fc:6e:00:e2:e8:72:75:86:17:ab:37:
                    55:87:33:34:76:f9:20:e1:be:d7:a2:e8:c7:df:e0:
                    af:6f:1f:b3:f1:64:30:0c:e3:d2:43:85:20:ab:51:
                    56:3f:2b:4b:31:8d:aa:49:45:8d:9b:29:7f:8d:19:
                    d3:cc:7a:5c:dc:e1:99:dd:dc:4b:c8:85:2b:a2:f3:
                    a7:0c:b8:c3:5a:a9:ce:e0:9b:00:24:97:0a:5f:64:
                    0f:a6:47:e5:4d:37:d1:c6:ad:36:cf:8c:3d:e5:83:
                    e5:c8:0e:38:42:23:df:a7:28:7a:a2:0f:58:f8:71:
                    ce:11:b8:a6:06:69:c8:c1:01:e7:b2:d7:06:89:09:
                    5d:b0:1f:6b:5b:c9:95:bb:12:49:2b:08:e3:e9:80:
                    10:90:77:f6:94:ab:f5:8e:d2:6e:5f:bb:0e:8d:a4:
                    86:89:f6:c0:82:66:40:af:b3:c4:fe:79:32:86:32:
                    bd:19:9a:2b:02:c9:20:1f:bc:bc:dd:5f:83:c6:9f:
                    f3:16:3e:b0:c5:16:aa:97:9e:d8:7f:f6:09:a7:44:
                    32:85:00:cf:0f:b9:e8:19:54:55:3f:9d:2c:b5:12:
                    17:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:3C:34:4C:CC:22:1D:78:7D:D1:C8:AF:B8:6D:13:E0:A7:21:64:D3
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e32312e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:b4:d3:e7:cc:d5:73:be:77:1b:f1:c7:90:c6:2e:6a:ff:4d:
         c7:72:6f:66:05:ff:d2:d2:9c:a3:10:81:11:0e:3f:91:17:16:
         24:bc:82:c2:bb:d1:e5:e4:e0:2e:4a:e1:0a:60:8e:6d:37:ca:
         75:b6:1a:0b:bf:5f:db:f2:17:ba:67:29:02:64:a3:a6:12:3e:
         fd:89:93:bb:65:6f:df:41:d0:d2:c6:c7:c9:55:3d:ba:38:76:
         04:b5:d4:16:d5:5b:79:dc:23:08:a0:7d:a1:e2:83:58:3d:9b:
         bd:55:8e:9f:43:3b:f0:81:07:70:a1:ed:ba:6b:1f:f0:b5:44:
         51:b5:de:5d:ee:ad:cc:13:77:96:0c:a7:cb:71:8e:07:05:6d:
         89:97:9d:17:0d:c1:b7:85:f9:4c:9f:e2:eb:25:93:a7:45:a8:
         ea:81:c0:30:a8:3a:44:dd:dd:7a:e1:c2:f3:18:a9:00:80:33:
         34:1b:e5:fe:c5:b9:69:bb:6e:3b:99:39:22:ed:a0:db:f1:55:
         62:9e:24:ea:87:fd:21:bf:f1:81:48:c0:d4:d8:9e:40:71:46:
         a4:c9:6f:05:81:e0:b8:ba:0b:85:ec:00:60:a5:04:30:18:be:
         5a:6d:09:66:b9:62:f4:ac:64:75:52:b6:9b:49:97:c2:8b:07:
         66:c6:94:58
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUGVEN3enc4SrbB8crjB3IM0SHE1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNjAyMjQwNjUwNDBaFw0yNzAyMjMwNjU1NDBaMDMxMTAvBgNV
BAMTKDcxM0MzNDRDQ0MyMjFENzg3REQxQzhBRkI4NkQxM0UwQTcyMTY0RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSovGqXjqT1LZRi82UvIYrCuVX
p7dqi9vDezeqBT5H6ev8bgDi6HJ1hherN1WHMzR2+SDhvtei6Mff4K9vH7PxZDAM
49JDhSCrUVY/K0sxjapJRY2bKX+NGdPMelzc4Znd3EvIhSui86cMuMNaqc7gmwAk
lwpfZA+mR+VNN9HGrTbPjD3lg+XIDjhCI9+nKHqiD1j4cc4RuKYGacjBAeey1waJ
CV2wH2tbyZW7EkkrCOPpgBCQd/aUq/WO0m5fuw6NpIaJ9sCCZkCvs8T+eTKGMr0Z
misCySAfvLzdX4PGn/MWPrDFFqqXnth/9gmnRDKFAM8PuegZVFU/nSy1Ehc1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUcTw0TMwiHXh90civuG0T4KchZNMwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDMxMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCGhUw
DQYJKoZIhvcNAQELBQADggEBAEK00+fM1XO+dxvxx5DGLmr/Tcdyb2YF/9LSnKMQ
gREOP5EXFiS8gsK70eXk4C5K4Qpgjm03ynW2Ggu/X9vyF7pnKQJko6YSPv2Jk7tl
b99B0NLGx8lVPbo4dgS11BbVW3ncIwigfaHig1g9m71Vjp9DO/CBB3Ch7bprH/C1
RFG13l3urcwTd5YMp8txjgcFbYmXnRcNwbeF+Uyf4uslk6dFqOqBwDCoOkTd3Xrh
wvMYqQCAMzQb5f7FuWm7bjuZOSLtoNvxVWKeJOqH/SG/8YFIwNTYnkBxRqTJbwWB
4Li6C4XsAGClBDAYvlptCWa5YvSsZHVStptJl8KLB2bGlFg=
-----END CERTIFICATE-----