Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3139322e302f31382d3234203d3e20383334.roa
File:                     35312e3134362e3139322e302f31382d3234203d3e20383334.roa (raw, json)
Hash identifier:          J+RBCXar17//4RORCdvEk46wkGS6mSEbntY/NamDUx4=
Subject key identifier:   AC:B9:43:6B:D8:32:C1:56:F7:44:1B:E5:DC:61:E3:21:63:3F:92:9D
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       74FD6F81E5587CF018200ECD2E7207A469D5E5A4
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3139322e302f31382d3234203d3e20383334.roa
Signing time:             Fri 27 Feb 2026 13:13:24 +0000
ROA not before:           Fri 27 Feb 2026 13:08:24 +0000
ROA not after:            Fri 26 Feb 2027 13:13:24 +0000
asID:                     834
IP address blocks:        51.146.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:fd:6f:81:e5:58:7c:f0:18:20:0e:cd:2e:72:07:a4:69:d5:e5:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 27 13:08:24 2026 GMT
            Not After : Feb 26 13:13:24 2027 GMT
        Subject: CN=ACB9436BD832C156F7441BE5DC61E321633F929D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9e:c4:de:4d:db:9d:5d:ed:b4:52:67:0d:15:
                    b4:72:4f:ae:70:ea:54:43:f9:8e:6e:94:a8:57:d7:
                    05:01:bc:3c:17:51:4f:8f:03:75:6b:22:02:0d:ba:
                    e3:98:ec:5f:8c:7e:71:b4:93:57:31:7a:2f:39:26:
                    a2:65:9a:0c:58:54:b1:57:09:da:da:40:0c:e9:26:
                    9b:78:08:a3:4a:e0:0b:ea:00:3f:1d:21:06:ec:33:
                    af:f9:d4:2f:e5:60:b3:5d:64:5e:01:de:45:91:7b:
                    0d:ef:a6:ce:3a:88:54:e9:55:83:94:e8:3d:13:6e:
                    9b:1a:40:3b:b3:31:57:17:59:d7:16:bf:ca:3d:72:
                    fa:52:ee:fd:fb:00:db:48:af:55:58:9f:58:f1:7f:
                    d4:bf:09:1e:a3:6b:a7:95:28:b5:6e:dd:1b:8c:a4:
                    c2:58:76:e4:b2:f0:93:2f:4c:12:32:f3:54:8d:ac:
                    54:de:11:b7:a3:5f:a2:d1:a1:0b:dd:41:40:62:2e:
                    24:71:12:75:f0:c9:fa:c8:a4:db:76:fb:6f:51:00:
                    d8:27:c4:c0:97:1c:42:fe:5e:e1:9e:38:71:10:3f:
                    3a:54:29:9b:fa:9f:93:71:f6:66:a0:df:d9:18:71:
                    e4:02:32:ba:7c:31:aa:07:d4:2a:36:73:2b:d3:40:
                    b0:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:B9:43:6B:D8:32:C1:56:F7:44:1B:E5:DC:61:E3:21:63:3F:92:9D
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3139322e302f31382d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         12:d9:4b:b2:34:05:55:30:b0:f8:80:e9:24:03:7d:de:ff:e7:
         11:74:67:76:06:51:bb:6f:3d:71:d6:c2:70:d4:f7:0a:39:3b:
         35:6e:cd:46:d5:01:f6:39:6c:b9:59:c1:68:b2:15:0f:bb:ed:
         9f:ca:03:bb:da:e9:02:8b:3a:81:e5:56:7c:ee:91:d4:c4:0c:
         82:0c:88:4c:f0:2b:b8:cf:a6:db:f0:d0:a9:d9:31:ab:85:5d:
         04:fb:1a:10:91:92:81:86:a5:9b:51:06:0d:6c:60:c0:d2:fd:
         0c:9e:bc:f5:2f:a4:22:22:24:b6:ef:44:c4:6d:a6:92:56:86:
         32:7d:7c:8d:49:85:09:32:87:5e:f2:21:ef:f5:4c:13:8b:f8:
         ab:c1:e6:2f:1e:a9:af:56:29:73:98:53:06:76:41:69:c9:0e:
         b3:ec:1a:56:82:ed:1d:e5:b9:1e:9a:9e:d8:5f:f3:ec:bb:fa:
         c4:c7:ba:d1:78:79:0c:ec:f5:51:cb:76:35:48:d2:e5:04:7d:
         d2:d0:28:ea:c9:e5:6f:e9:f4:b5:31:20:a4:46:08:43:d6:7a:
         a5:9b:19:5a:7d:8c:84:9a:d3:fa:25:b9:9c:32:7e:64:16:64:
         9c:36:c7:dc:69:c3:95:ce:2b:05:2c:3e:38:1d:2a:32:d6:76:
         f2:95:fb:f6
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUdP1vgeVYfPAYIA7NLnIHpGnV5aQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjcxMzA4MjRaFw0yNzAyMjYxMzEzMjRaMDMxMTAvBgNV
BAMTKEFDQjk0MzZCRDgzMkMxNTZGNzQ0MUJFNURDNjFFMzIxNjMzRjkyOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWnsTeTdudXe20UmcNFbRyT65w
6lRD+Y5ulKhX1wUBvDwXUU+PA3VrIgINuuOY7F+MfnG0k1cxei85JqJlmgxYVLFX
CdraQAzpJpt4CKNK4AvqAD8dIQbsM6/51C/lYLNdZF4B3kWRew3vps46iFTpVYOU
6D0TbpsaQDuzMVcXWdcWv8o9cvpS7v37ANtIr1VYn1jxf9S/CR6ja6eVKLVu3RuM
pMJYduSy8JMvTBIy81SNrFTeEbejX6LRoQvdQUBiLiRxEnXwyfrIpNt2+29RANgn
xMCXHEL+XuGeOHEQPzpUKZv6n5Nx9mag39kYceQCMrp8MaoH1Co2cyvTQLADAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUrLlDa9gywVb3RBvl3GHjIWM/kp0wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM5
MzIyZTMwMmYzMTM4MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAYzksAw
DQYJKoZIhvcNAQELBQADggEBABLZS7I0BVUwsPiA6SQDfd7/5xF0Z3YGUbtvPXHW
wnDU9wo5OzVuzUbVAfY5bLlZwWiyFQ+77Z/KA7va6QKLOoHlVnzukdTEDIIMiEzw
K7jPptvw0KnZMauFXQT7GhCRkoGGpZtRBg1sYMDS/QyevPUvpCIiJLbvRMRtppJW
hjJ9fI1JhQkyh17yIe/1TBOL+KvB5i8eqa9WKXOYUwZ2QWnJDrPsGlaC7R3luR6a
nthf8+y7+sTHutF4eQzs9VHLdjVI0uUEfdLQKOrJ5W/p9LUxIKRGCEPWeqWbGVp9
jISa0/oluZwyfmQWZJw2x9xpw5XOKwUsPjgdKjLWdvKV+/Y=
-----END CERTIFICATE-----