Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134302e302f32322d3234203d3e2032383536.roa
File:                     35312e3134362e3134302e302f32322d3234203d3e2032383536.roa (raw, json)
Hash identifier:          Yb0HUrsXjACJboIEJxolEwQYMNUkR1sKrCTM+fj1/3k=
Subject key identifier:   38:D4:24:7F:0F:5A:22:B7:00:1E:BC:8A:BF:0F:A4:69:E8:F4:DF:47
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       2B63770F85722A15A0C4690A4043A230D28E69C5
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134302e302f32322d3234203d3e2032383536.roa
Signing time:             Fri 27 Feb 2026 13:11:52 +0000
ROA not before:           Fri 27 Feb 2026 13:06:52 +0000
ROA not after:            Fri 26 Feb 2027 13:11:52 +0000
asID:                     2856
IP address blocks:        51.146.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:63:77:0f:85:72:2a:15:a0:c4:69:0a:40:43:a2:30:d2:8e:69:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 27 13:06:52 2026 GMT
            Not After : Feb 26 13:11:52 2027 GMT
        Subject: CN=38D4247F0F5A22B7001EBC8ABF0FA469E8F4DF47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bd:db:57:93:42:c3:c5:db:da:b4:96:52:b9:
                    b9:09:ea:67:56:da:9e:22:a0:27:e5:2d:83:3b:a1:
                    3d:98:67:57:68:56:f2:7d:5e:6e:16:36:07:57:bd:
                    6d:e1:24:f7:7e:9c:39:46:4c:ef:11:90:46:d0:c0:
                    bd:6b:2e:3d:f4:53:8e:48:0a:62:b1:60:4b:a9:0b:
                    87:a7:61:cf:00:4e:86:88:bf:02:a3:5e:cc:9b:4f:
                    74:13:a6:4a:24:b4:58:c7:c4:8c:75:22:99:86:00:
                    24:c5:64:7e:a1:54:5e:91:1a:4c:b1:2f:1c:da:e4:
                    6d:c3:40:c8:11:97:39:19:fc:72:63:69:6f:51:5c:
                    f1:43:6f:e3:f8:fc:7c:83:d8:a8:ee:65:c9:ba:e8:
                    fc:3a:68:5e:3a:de:ef:06:1e:6b:d1:b6:0d:8c:10:
                    14:11:b5:90:d7:71:da:1c:9d:ff:89:24:c9:90:4c:
                    cf:ed:fc:92:5f:a5:7b:83:91:ce:79:a4:cc:09:4a:
                    52:bf:72:ba:d8:ed:b6:68:00:ff:21:54:65:ed:12:
                    08:80:e6:d2:7a:77:f5:fa:5d:76:15:f7:51:86:63:
                    d1:0c:c2:45:81:77:26:ec:2c:15:d1:52:10:8e:81:
                    bf:0d:f3:2c:c4:69:dd:3b:5a:a0:d6:80:d1:79:77:
                    b2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D4:24:7F:0F:5A:22:B7:00:1E:BC:8A:BF:0F:A4:69:E8:F4:DF:47
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134302e302f32322d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:f5:17:41:a0:82:bc:ff:22:54:8f:ce:03:d7:a4:4f:b4:98:
         1e:46:a6:bb:af:d2:b2:5f:47:5e:14:96:95:a1:97:00:2c:9c:
         14:9d:a6:c6:85:a7:70:f4:76:89:55:0d:fe:03:42:8d:48:ff:
         c7:4c:20:41:e2:84:87:e1:19:1b:eb:41:dd:08:3d:1a:51:a4:
         e7:90:72:eb:b8:65:0f:27:1c:0d:93:3d:15:a1:21:4b:4e:b1:
         b1:23:85:d9:ca:e8:3e:75:ca:41:ae:af:07:1a:7d:6a:53:eb:
         6c:f9:99:fb:89:32:3f:b9:3a:4e:25:04:3b:cb:83:cf:83:29:
         b0:9e:8b:43:c4:a0:d3:8e:8e:ab:23:41:83:0d:62:09:df:dc:
         d4:26:0c:9e:09:6c:a8:b7:d1:32:0d:d8:83:5f:55:87:4a:a8:
         89:ba:24:66:9f:7b:ac:55:3a:ff:0a:91:f2:88:a7:96:95:0e:
         67:00:bc:36:12:6e:41:e6:e4:8c:ed:77:9d:59:f6:0a:2f:7d:
         7e:e1:26:7d:ef:87:df:b1:b6:d0:14:87:b5:35:65:d1:f2:c6:
         ca:d0:37:86:49:b3:a8:e3:af:f4:3a:98:39:00:92:cb:91:76:
         fb:c8:f8:76:f5:e5:48:dd:b4:7c:e9:fb:bc:34:94:8f:42:5b:
         d0:b7:66:b1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK2N3D4VyKhWgxGkKQEOiMNKOacUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjcxMzA2NTJaFw0yNzAyMjYxMzExNTJaMDMxMTAvBgNV
BAMTKDM4RDQyNDdGMEY1QTIyQjcwMDFFQkM4QUJGMEZBNDY5RThGNERGNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgvdtXk0LDxdvatJZSubkJ6mdW
2p4ioCflLYM7oT2YZ1doVvJ9Xm4WNgdXvW3hJPd+nDlGTO8RkEbQwL1rLj30U45I
CmKxYEupC4enYc8AToaIvwKjXsybT3QTpkoktFjHxIx1IpmGACTFZH6hVF6RGkyx
Lxza5G3DQMgRlzkZ/HJjaW9RXPFDb+P4/HyD2KjuZcm66Pw6aF463u8GHmvRtg2M
EBQRtZDXcdocnf+JJMmQTM/t/JJfpXuDkc55pMwJSlK/crrY7bZoAP8hVGXtEgiA
5tJ6d/X6XXYV91GGY9EMwkWBdybsLBXRUhCOgb8N8yzEad07WqDWgNF5d7JFAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUONQkfw9aIrcAHryKvw+kaej030cwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM0
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM4MzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjOS
jDANBgkqhkiG9w0BAQsFAAOCAQEAN/UXQaCCvP8iVI/OA9ekT7SYHkamu6/Ssl9H
XhSWlaGXACycFJ2mxoWncPR2iVUN/gNCjUj/x0wgQeKEh+EZG+tB3Qg9GlGk55By
67hlDyccDZM9FaEhS06xsSOF2croPnXKQa6vBxp9alPrbPmZ+4kyP7k6TiUEO8uD
z4MpsJ6LQ8Sg046OqyNBgw1iCd/c1CYMnglsqLfRMg3Yg19Vh0qoibokZp97rFU6
/wqR8oinlpUOZwC8NhJuQebkjO13nVn2Ci99fuEmfe+H37G20BSHtTVl0fLGytA3
hkmzqOOv9DqYOQCSy5F2+8j4dvXlSN20fOn7vDSUj0Jb0LdmsQ==
-----END CERTIFICATE-----