Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3132382e302f32322d3234203d3e2032383536.roa
File:                     35312e3134362e3132382e302f32322d3234203d3e2032383536.roa (raw, json)
Hash identifier:          S4WyTuyU4+lKLsPjwGOnjPaHDx2xMIOOWLHuQuLor9c=
Subject key identifier:   66:64:1F:20:84:63:0D:27:97:39:A3:B0:18:DF:D9:3F:D5:CD:73:58
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6EC9BF91C325D11AB075E3D6A5B18CB090936DE3
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3132382e302f32322d3234203d3e2032383536.roa
Signing time:             Fri 27 Feb 2026 13:11:49 +0000
ROA not before:           Fri 27 Feb 2026 13:06:49 +0000
ROA not after:            Fri 26 Feb 2027 13:11:49 +0000
asID:                     2856
IP address blocks:        51.146.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:c9:bf:91:c3:25:d1:1a:b0:75:e3:d6:a5:b1:8c:b0:90:93:6d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 27 13:06:49 2026 GMT
            Not After : Feb 26 13:11:49 2027 GMT
        Subject: CN=66641F2084630D279739A3B018DFD93FD5CD7358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a6:ca:e0:11:31:fc:24:81:73:d6:bb:e1:11:
                    ba:a1:66:38:e5:73:e3:8c:af:df:fb:d2:84:bb:76:
                    12:08:07:f9:77:92:72:c2:1b:eb:80:50:32:3a:24:
                    eb:ea:20:39:1b:cd:72:1c:85:24:de:c5:84:70:f9:
                    bd:96:bc:86:d0:e3:d8:e9:3d:51:c5:8f:35:2b:f9:
                    74:6b:24:11:3e:4f:f9:9b:4d:b8:13:ea:b2:36:25:
                    2e:bd:4c:4c:35:a3:6b:7d:94:9b:41:49:75:2f:8f:
                    af:62:0e:69:36:1b:b8:92:0e:21:fc:ae:5e:a9:09:
                    08:0c:c4:a1:d8:0e:31:78:3f:a9:17:e3:a5:54:86:
                    f1:da:d4:2a:74:6c:b8:23:e5:fe:12:c0:4a:70:dc:
                    bf:3d:ec:4c:ed:72:83:21:70:05:47:c7:e3:18:94:
                    60:ea:e5:1e:f1:7e:da:05:9f:4e:f4:dc:c2:c4:b0:
                    6b:d0:31:68:64:45:c4:70:54:6c:52:14:46:6c:bb:
                    46:4f:c7:e3:00:58:c9:4b:e6:ed:07:89:e1:c6:80:
                    7b:90:4f:52:05:7d:d1:d8:42:8f:c5:9f:6f:68:1b:
                    37:61:60:dd:8e:18:86:b2:e3:a9:a6:6c:64:1d:2c:
                    12:25:e8:b5:40:99:f8:a4:de:67:1b:d8:22:cd:eb:
                    c4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:64:1F:20:84:63:0D:27:97:39:A3:B0:18:DF:D9:3F:D5:CD:73:58
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3132382e302f32322d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:e3:ef:95:0b:17:bb:80:7f:56:fd:ce:71:eb:b9:33:62:f8:
         d9:7c:9b:85:3b:b5:ad:09:17:e4:43:dc:4d:ad:34:b3:30:1f:
         fb:7a:a8:4d:27:f6:02:b2:02:59:b7:c7:5c:ba:a1:88:28:4f:
         41:eb:de:d6:ab:c7:51:6b:d3:21:b4:73:14:c3:14:36:c2:41:
         88:e8:e2:9a:0a:f6:90:21:ea:a5:b0:90:43:d9:26:d5:24:bf:
         36:2c:24:26:e4:7f:05:a7:03:76:7c:ad:7b:31:29:bb:29:0d:
         fd:d5:4b:bc:39:52:39:85:45:8a:79:77:4b:11:1b:88:89:b8:
         e4:2a:4f:e7:9a:1b:f2:04:49:e0:f1:ba:9d:93:fb:3e:c1:9f:
         db:70:05:6d:c4:ff:3a:54:12:4e:9e:81:93:c5:dc:f8:0f:23:
         b4:01:59:3c:1d:c8:29:7c:e6:8f:16:2d:10:78:9f:b6:cc:10:
         40:88:41:26:2e:e3:ee:03:e1:14:18:fb:19:49:25:31:3c:cc:
         c8:e6:c3:1f:8c:dd:bf:d6:d8:8a:73:f8:b2:25:19:3f:7a:05:
         6b:dc:84:00:97:bc:1c:20:0c:05:d4:a8:83:8c:a2:e5:fb:f3:
         63:6b:85:a9:93:4d:d1:48:ee:94:00:28:6f:4f:4c:a0:7e:22:
         1d:cb:b9:2c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUbsm/kcMl0RqwdePWpbGMsJCTbeMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjcxMzA2NDlaFw0yNzAyMjYxMzExNDlaMDMxMTAvBgNV
BAMTKDY2NjQxRjIwODQ2MzBEMjc5NzM5QTNCMDE4REZEOTNGRDVDRDczNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtpsrgETH8JIFz1rvhEbqhZjjl
c+OMr9/70oS7dhIIB/l3knLCG+uAUDI6JOvqIDkbzXIchSTexYRw+b2WvIbQ49jp
PVHFjzUr+XRrJBE+T/mbTbgT6rI2JS69TEw1o2t9lJtBSXUvj69iDmk2G7iSDiH8
rl6pCQgMxKHYDjF4P6kX46VUhvHa1Cp0bLgj5f4SwEpw3L897EztcoMhcAVHx+MY
lGDq5R7xftoFn0703MLEsGvQMWhkRcRwVGxSFEZsu0ZPx+MAWMlL5u0HieHGgHuQ
T1IFfdHYQo/Fn29oGzdhYN2OGIay46mmbGQdLBIl6LVAmfik3mcb2CLN68SbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUZmQfIIRjDSeXOaOwGN/ZP9XNc1gwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTMy
MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM4MzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjOS
gDANBgkqhkiG9w0BAQsFAAOCAQEADuPvlQsXu4B/Vv3Oceu5M2L42XybhTu1rQkX
5EPcTa00szAf+3qoTSf2ArICWbfHXLqhiChPQeve1qvHUWvTIbRzFMMUNsJBiOji
mgr2kCHqpbCQQ9km1SS/NiwkJuR/BacDdnytezEpuykN/dVLvDlSOYVFinl3SxEb
iIm45CpP55ob8gRJ4PG6nZP7PsGf23AFbcT/OlQSTp6Bk8Xc+A8jtAFZPB3IKXzm
jxYtEHiftswQQIhBJi7j7gPhFBj7GUklMTzMyObDH4zdv9bYinP4siUZP3oFa9yE
AJe8HCAMBdSog4yi5fvzY2uFqZNN0UjulAAob09MoH4iHcu5LA==
-----END CERTIFICATE-----