Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3136302e302f31392d3234203d3e20383334.roa
File:                     35312e3134362e3136302e302f31392d3234203d3e20383334.roa (raw, json)
Hash identifier:          UrvBzAsOmpyA7zI1nGsCuhKGn7xlajcmk9utxnxL10U=
Subject key identifier:   73:CA:E6:F8:88:F5:EE:F7:B8:E1:20:A7:8B:E7:30:F7:F0:B8:15:24
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7736A4F1C6ABC42F200C3B9F407005A7D5E8D662
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3136302e302f31392d3234203d3e20383334.roa
Signing time:             Fri 27 Feb 2026 13:13:24 +0000
ROA not before:           Fri 27 Feb 2026 13:08:24 +0000
ROA not after:            Fri 26 Feb 2027 13:13:24 +0000
asID:                     834
IP address blocks:        51.146.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:36:a4:f1:c6:ab:c4:2f:20:0c:3b:9f:40:70:05:a7:d5:e8:d6:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 27 13:08:24 2026 GMT
            Not After : Feb 26 13:13:24 2027 GMT
        Subject: CN=73CAE6F888F5EEF7B8E120A78BE730F7F0B81524
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:93:64:95:b4:e3:16:a8:00:56:7b:2e:9c:fa:
                    24:12:8a:42:4b:e5:db:e5:25:9a:50:6c:da:9f:0e:
                    d4:db:7a:c2:6f:80:4b:db:6a:f1:f9:5b:8a:bd:eb:
                    6e:8e:7f:96:4e:e5:44:c0:59:c1:67:8a:de:b1:55:
                    8f:c7:2a:2a:95:24:f3:c9:c5:5f:53:3b:a6:35:5f:
                    7e:44:f7:04:36:9a:8c:05:a8:66:c5:86:e0:e1:44:
                    2a:0c:05:0f:ea:61:42:cf:78:54:d8:38:06:07:25:
                    2b:4f:8f:54:c5:05:3f:d5:78:d5:07:be:db:34:36:
                    a5:6d:04:d1:08:db:c4:7c:09:b6:14:b6:4c:86:eb:
                    6f:f2:61:11:1c:da:0f:a2:42:dd:3f:c8:6c:cd:b9:
                    20:89:35:a3:be:15:54:a4:38:1f:67:5f:b7:0d:a6:
                    69:36:84:15:93:f7:40:18:5b:78:63:1d:68:4c:fe:
                    9f:ff:2a:2e:42:29:f6:da:91:0b:bf:70:4a:b7:54:
                    70:b9:cd:0a:6c:49:c3:b2:20:06:34:2f:b5:f5:e5:
                    a4:c4:0c:33:e2:8f:ad:8c:c7:f3:67:3c:eb:30:e6:
                    c7:5e:79:22:7e:e3:7c:e1:d8:3b:2b:e2:8b:45:68:
                    f9:8e:55:2d:f0:4d:b7:d2:dc:87:5d:64:35:c8:e2:
                    83:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:CA:E6:F8:88:F5:EE:F7:B8:E1:20:A7:8B:E7:30:F7:F0:B8:15:24
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3136302e302f31392d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         67:b9:b9:fe:a3:41:e4:83:b3:ef:5a:67:1d:82:61:26:ac:58:
         82:4f:6f:ab:56:63:42:db:1f:5d:29:b9:64:0f:d5:96:a2:cb:
         e5:0d:2c:4b:7b:0b:a0:11:94:1f:89:3e:64:96:fb:dc:fb:4c:
         91:74:86:6a:29:2b:33:a2:f7:30:1e:52:56:42:f3:2f:4e:18:
         f5:ec:d6:db:36:70:d5:0d:67:65:ef:46:1b:d3:d6:b9:30:b8:
         69:14:d2:81:e4:cb:26:7a:f9:07:9d:c2:94:e6:90:71:6a:34:
         73:4c:98:b1:1f:51:ef:a9:73:55:d3:e8:60:2e:3f:9e:0b:47:
         21:b6:ce:a4:bb:84:91:69:e4:f0:bf:6f:d0:5e:67:2b:77:af:
         23:1a:c2:72:5a:24:aa:10:11:e9:b6:0b:06:cf:e4:74:3e:6e:
         33:64:f6:8b:72:6b:56:93:ed:38:a7:8f:59:ac:3d:02:05:aa:
         91:d7:01:3d:68:2f:b7:4d:d9:f2:98:fc:36:19:57:36:b5:84:
         ac:bc:79:51:75:dc:7b:7e:5e:af:d2:44:f3:58:77:54:7c:af:
         37:95:34:e8:66:e1:79:c2:46:26:00:9c:b5:3b:47:56:30:ad:
         9d:3e:89:d4:7f:b0:45:31:2a:59:99:ab:d4:89:ae:88:ff:ec:
         d9:ad:dd:9a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdzak8carxC8gDDufQHAFp9Xo1mIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjcxMzA4MjRaFw0yNzAyMjYxMzEzMjRaMDMxMTAvBgNV
BAMTKDczQ0FFNkY4ODhGNUVFRjdCOEUxMjBBNzhCRTczMEY3RjBCODE1MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUk2SVtOMWqABWey6c+iQSikJL
5dvlJZpQbNqfDtTbesJvgEvbavH5W4q9626Of5ZO5UTAWcFnit6xVY/HKiqVJPPJ
xV9TO6Y1X35E9wQ2mowFqGbFhuDhRCoMBQ/qYULPeFTYOAYHJStPj1TFBT/VeNUH
vts0NqVtBNEI28R8CbYUtkyG62/yYREc2g+iQt0/yGzNuSCJNaO+FVSkOB9nX7cN
pmk2hBWT90AYW3hjHWhM/p//Ki5CKfbakQu/cEq3VHC5zQpsScOyIAY0L7X15aTE
DDPij62Mx/NnPOsw5sdeeSJ+43zh2Dsr4otFaPmOVS3wTbfS3IddZDXI4oNRAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUc8rm+Ij17ve44SCni+cw9/C4FSQwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM2
MzAyZTMwMmYzMTM5MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAUzkqAw
DQYJKoZIhvcNAQELBQADggEBAGe5uf6jQeSDs+9aZx2CYSasWIJPb6tWY0LbH10p
uWQP1Zaiy+UNLEt7C6ARlB+JPmSW+9z7TJF0hmopKzOi9zAeUlZC8y9OGPXs1ts2
cNUNZ2XvRhvT1rkwuGkU0oHkyyZ6+QedwpTmkHFqNHNMmLEfUe+pc1XT6GAuP54L
RyG2zqS7hJFp5PC/b9BeZyt3ryMawnJaJKoQEem2CwbP5HQ+bjNk9otya1aT7Tin
j1msPQIFqpHXAT1oL7dN2fKY/DYZVza1hKy8eVF13Ht+Xq/SRPNYd1R8rzeVNOhm
4XnCRiYAnLU7R1YwrZ0+idR/sEUxKlmZq9SJroj/7Nmt3Zo=
-----END CERTIFICATE-----