Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134342e302f32302d3234203d3e20383334.roa
File:                     35312e3134362e3134342e302f32302d3234203d3e20383334.roa (raw, json)
Hash identifier:          pDQ3WR0jdLVstWBdKuQC4tyC3+04PI+4PjbzRvZdwNs=
Subject key identifier:   92:CA:1D:F8:C9:3E:FE:CC:3B:6A:00:9C:8D:D1:E6:6F:7F:E5:7E:43
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       254A68FEFDFD8FEDFBE54849314702DE3FCAAEEB
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134342e302f32302d3234203d3e20383334.roa
Signing time:             Fri 27 Feb 2026 13:13:24 +0000
ROA not before:           Fri 27 Feb 2026 13:08:24 +0000
ROA not after:            Fri 26 Feb 2027 13:13:24 +0000
asID:                     834
IP address blocks:        51.146.144.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:23:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:4a:68:fe:fd:fd:8f:ed:fb:e5:48:49:31:47:02:de:3f:ca:ae:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 27 13:08:24 2026 GMT
            Not After : Feb 26 13:13:24 2027 GMT
        Subject: CN=92CA1DF8C93EFECC3B6A009C8DD1E66F7FE57E43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:10:af:71:1f:24:35:00:56:da:34:5a:a2:f5:
                    df:7a:c3:ce:6d:cf:a8:15:94:66:81:f0:f0:76:da:
                    f2:b0:1e:87:e6:e1:d7:01:4a:62:2e:c4:cc:02:a6:
                    ad:51:2e:63:b5:1d:98:d2:2e:b5:8e:90:3d:24:74:
                    52:b2:04:18:3c:df:2c:05:b4:8f:3c:34:09:fc:b7:
                    75:ac:13:6e:3a:da:87:0d:cb:be:f3:de:97:a8:c6:
                    71:40:73:6b:4f:1f:24:15:75:fb:a0:b0:f6:1b:10:
                    df:47:f5:3c:c4:e8:b8:59:23:ca:f8:9c:2a:c3:16:
                    de:02:1f:23:76:fb:9b:56:ae:12:28:45:25:1c:07:
                    80:c9:46:93:c6:bb:fb:a3:23:03:95:c6:a1:b2:ec:
                    6c:af:72:10:9f:04:61:78:d5:dc:14:c7:61:01:aa:
                    7f:5b:e4:d2:cb:77:7b:e0:ed:31:b7:d0:de:9f:e0:
                    95:56:cf:97:1e:00:be:2c:e0:8a:02:4a:5d:a6:0d:
                    60:7e:7f:1a:67:db:b1:f7:bd:6d:55:c3:d8:ac:84:
                    dc:2e:68:7c:a8:f9:ff:5d:53:32:7c:60:f5:46:f4:
                    14:53:e3:94:74:93:78:e9:fb:30:02:56:6d:27:d2:
                    57:37:19:d2:d0:12:4a:7b:b5:42:2c:b4:25:9f:02:
                    cc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:CA:1D:F8:C9:3E:FE:CC:3B:6A:00:9C:8D:D1:E6:6F:7F:E5:7E:43
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3134342e302f32302d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         97:82:c3:55:ed:6e:b1:be:fa:64:6b:e5:e9:95:b3:39:04:09:
         69:c6:c1:e4:00:58:c2:e4:b8:b7:01:88:ca:80:4e:cb:b8:9a:
         53:24:7b:a3:7e:b5:67:d3:c5:b2:39:21:9e:4c:0f:9c:b3:53:
         f7:c3:9d:01:bc:51:64:e8:5e:39:55:a7:80:7b:2c:1d:a6:4d:
         18:77:f6:92:43:b7:ed:51:d9:c1:03:28:07:3b:1c:24:04:3e:
         c9:aa:cd:08:22:b7:77:6a:d2:4e:4b:5b:37:a7:ac:96:21:d5:
         2d:01:cd:d3:d5:42:ff:1a:9b:37:b6:96:b5:a8:c2:7a:25:d4:
         85:1d:c3:66:53:ac:be:77:2d:fc:3c:b7:f9:fc:05:d5:a0:f5:
         5a:17:65:6a:e3:d0:ff:77:8c:21:fb:45:de:0c:1e:1c:9a:27:
         2b:d0:e4:a1:f6:c0:47:e8:c2:f5:04:da:04:b8:91:07:34:ec:
         5b:d3:a4:a9:c9:21:ce:f2:e3:7a:7b:d6:f6:16:87:10:de:30:
         38:49:5f:71:1e:2c:4b:23:5f:54:02:b9:d4:66:c9:15:5f:94:
         71:52:cc:5d:91:ab:ff:29:29:3b:3e:fc:19:7d:2a:bf:23:6f:
         f0:1d:d9:80:dd:7e:0c:21:92:60:b7:c1:76:74:4c:4d:96:87:
         2c:0b:bf:a5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJUpo/v39j+375UhJMUcC3j/KruswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjcxMzA4MjRaFw0yNzAyMjYxMzEzMjRaMDMxMTAvBgNV
BAMTKDkyQ0ExREY4QzkzRUZFQ0MzQjZBMDA5QzhERDFFNjZGN0ZFNTdFNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjEK9xHyQ1AFbaNFqi9d96w85t
z6gVlGaB8PB22vKwHofm4dcBSmIuxMwCpq1RLmO1HZjSLrWOkD0kdFKyBBg83ywF
tI88NAn8t3WsE2462ocNy77z3peoxnFAc2tPHyQVdfugsPYbEN9H9TzE6LhZI8r4
nCrDFt4CHyN2+5tWrhIoRSUcB4DJRpPGu/ujIwOVxqGy7GyvchCfBGF41dwUx2EB
qn9b5NLLd3vg7TG30N6f4JVWz5ceAL4s4IoCSl2mDWB+fxpn27H3vW1Vw9ishNwu
aHyo+f9dUzJ8YPVG9BRT45R0k3jp+zACVm0n0lc3GdLQEkp7tUIstCWfAsxRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUksod+Mk+/sw7agCcjdHmb3/lfkMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM0
MzQyZTMwMmYzMjMwMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQzkpAw
DQYJKoZIhvcNAQELBQADggEBAJeCw1XtbrG++mRr5emVszkECWnGweQAWMLkuLcB
iMqATsu4mlMke6N+tWfTxbI5IZ5MD5yzU/fDnQG8UWToXjlVp4B7LB2mTRh39pJD
t+1R2cEDKAc7HCQEPsmqzQgit3dq0k5LWzenrJYh1S0BzdPVQv8amze2lrWownol
1IUdw2ZTrL53Lfw8t/n8BdWg9VoXZWrj0P93jCH7Rd4MHhyaJyvQ5KH2wEfowvUE
2gS4kQc07FvTpKnJIc7y43p71vYWhxDeMDhJX3EeLEsjX1QCudRmyRVflHFSzF2R
q/8pKTs+/Bl9Kr8jb/Ad2YDdfgwhkmC3wXZ0TE2WhywLv6U=
-----END CERTIFICATE-----