Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e34342e302f32322d3234203d3e2032383536.roa
File:                     35312e3134362e34342e302f32322d3234203d3e2032383536.roa (raw, json)
Hash identifier:          Fm0VGPMT7OyVH49nbGy50G/k+GnUmbeL0jUau3oSyZU=
Subject key identifier:   EA:88:E0:BC:DF:E0:8F:CD:E2:D7:7B:5F:A6:74:08:CF:D8:39:36:19
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       06DE8BE91F477038C0841F4CEDDD474C8BAC3ED8
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e34342e302f32322d3234203d3e2032383536.roa
Signing time:             Fri 27 Feb 2026 13:11:46 +0000
ROA not before:           Fri 27 Feb 2026 13:06:46 +0000
ROA not after:            Fri 26 Feb 2027 13:11:46 +0000
asID:                     2856
IP address blocks:        51.146.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:de:8b:e9:1f:47:70:38:c0:84:1f:4c:ed:dd:47:4c:8b:ac:3e:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 27 13:06:46 2026 GMT
            Not After : Feb 26 13:11:46 2027 GMT
        Subject: CN=EA88E0BCDFE08FCDE2D77B5FA67408CFD8393619
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:08:08:a2:a1:b3:6e:d7:5d:e1:cd:51:ee:6c:
                    8d:0e:f8:7e:20:ee:1c:71:6e:f3:17:1b:fe:1e:07:
                    9c:8b:8e:cf:fd:71:74:37:84:91:13:9c:5c:df:3b:
                    da:c2:da:65:a4:c9:85:d0:f3:c3:0d:b0:bf:5d:1d:
                    85:30:1c:c3:f0:ff:4e:63:64:ed:cc:bc:8d:6c:1b:
                    c7:fc:4b:39:21:af:8c:c2:37:03:76:29:79:e6:32:
                    3b:02:3d:78:a8:2f:ea:c5:4c:76:8a:74:bf:e1:0e:
                    08:70:a8:ad:ad:20:22:56:81:c5:d7:67:f1:1d:d2:
                    c5:d9:0e:ec:1a:82:48:6e:17:ab:d5:d6:58:8b:0d:
                    8f:00:a8:99:b1:2c:94:49:d3:92:83:94:13:d6:86:
                    19:9a:c8:fa:1d:19:2c:91:43:c5:af:50:c5:b2:d8:
                    9f:54:32:a1:56:a6:b1:23:df:a0:6a:18:e5:28:3b:
                    c3:16:80:c9:2d:76:58:c5:6f:23:12:6e:e6:64:7d:
                    b7:53:dd:54:9d:a3:fb:fb:0e:38:49:d8:c5:4f:19:
                    c8:9a:13:3b:f4:19:fb:28:17:22:af:d5:22:b9:e1:
                    dd:37:2b:d0:82:f2:59:19:26:19:61:a3:87:de:b7:
                    16:37:24:1f:7c:8b:47:43:b8:63:ff:2a:da:3b:5a:
                    99:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:88:E0:BC:DF:E0:8F:CD:E2:D7:7B:5F:A6:74:08:CF:D8:39:36:19
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e34342e302f32322d3234203d3e2032383536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:cf:09:33:40:36:46:58:1d:3c:f6:e1:05:7d:6f:35:e3:b1:
         44:8b:35:f4:78:53:0f:41:c2:2c:95:3a:50:f4:e5:f9:9d:52:
         82:fb:a7:4a:e9:d8:c6:82:48:71:63:1c:0a:88:0a:42:df:55:
         07:aa:ba:e2:19:e4:4d:cd:24:f0:94:93:2d:70:42:49:b7:80:
         d1:79:09:9c:3b:dc:a9:72:2c:51:ca:9d:91:dd:8b:3e:69:d8:
         68:2c:e7:7c:b4:b6:ba:5f:85:3d:68:50:7e:57:e6:57:7c:78:
         d8:6b:d3:18:78:82:52:d2:e1:69:1c:3c:4b:9b:5b:40:1b:b8:
         03:fc:b0:69:2a:3c:c3:5c:95:e2:08:90:24:b0:f4:cd:11:8b:
         9c:86:8f:9d:f1:62:58:5c:a6:6c:4f:38:e6:21:94:b0:fd:5f:
         b2:e0:c7:f0:a0:57:32:ec:a4:1a:73:9e:21:b9:d5:ff:b6:b6:
         51:0e:0d:25:1b:23:dd:7b:97:12:b4:d0:2d:39:47:7a:3d:d6:
         f7:a5:48:af:0e:01:d1:26:cb:02:0f:3a:1b:50:02:7e:b5:df:
         21:7c:25:fe:34:7a:a5:fb:95:07:61:29:97:aa:29:16:3e:b9:
         1c:a0:96:9d:91:d5:e8:61:31:62:34:e4:6f:55:fe:cf:0c:3d:
         fa:62:8d:a4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBt6L6R9HcDjAhB9M7d1HTIusPtgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjcxMzA2NDZaFw0yNzAyMjYxMzExNDZaMDMxMTAvBgNV
BAMTKEVBODhFMEJDREZFMDhGQ0RFMkQ3N0I1RkE2NzQwOENGRDgzOTM2MTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdCAiiobNu113hzVHubI0O+H4g
7hxxbvMXG/4eB5yLjs/9cXQ3hJETnFzfO9rC2mWkyYXQ88MNsL9dHYUwHMPw/05j
ZO3MvI1sG8f8Szkhr4zCNwN2KXnmMjsCPXioL+rFTHaKdL/hDghwqK2tICJWgcXX
Z/Ed0sXZDuwagkhuF6vV1liLDY8AqJmxLJRJ05KDlBPWhhmayPodGSyRQ8WvUMWy
2J9UMqFWprEj36BqGOUoO8MWgMktdljFbyMSbuZkfbdT3VSdo/v7DjhJ2MVPGcia
Ezv0GfsoFyKv1SK54d03K9CC8lkZJhlho4fetxY3JB98i0dDuGP/Kto7WplxAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU6ojgvN/gj83i13tfpnQIz9g5NhkwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzNDM0
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzODM1MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIzkiww
DQYJKoZIhvcNAQELBQADggEBAHPPCTNANkZYHTz24QV9bzXjsUSLNfR4Uw9BwiyV
OlD05fmdUoL7p0rp2MaCSHFjHAqICkLfVQequuIZ5E3NJPCUky1wQkm3gNF5CZw7
3KlyLFHKnZHdiz5p2Ggs53y0trpfhT1oUH5X5ld8eNhr0xh4glLS4WkcPEubW0Ab
uAP8sGkqPMNcleIIkCSw9M0Ri5yGj53xYlhcpmxPOOYhlLD9X7Lgx/CgVzLspBpz
niG51f+2tlEODSUbI917lxK00C05R3o91velSK8OAdEmywIPOhtQAn613yF8Jf40
eqX7lQdhKZeqKRY+uRyglp2R1ehhMWI05G9V/s8MPfpijaQ=
-----END CERTIFICATE-----