Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e34382e302f32322d3232203d3e2035363530.roa
File:                     35312e3134362e34382e302f32322d3232203d3e2035363530.roa (raw, json)
Hash identifier:          yCYnj0CdZKu1L3em7LegUOQirjQsAXri/WyGskxx+3k=
Subject key identifier:   1A:32:82:63:14:BB:9E:A2:EA:D8:80:F8:39:E9:BD:D2:D3:94:F6:4C
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3A1CCF140A8C51337B745C6E9E5157F45711C1FD
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e34382e302f32322d3232203d3e2035363530.roa
Signing time:             Wed 25 Feb 2026 15:06:56 +0000
ROA not before:           Wed 25 Feb 2026 15:01:56 +0000
ROA not after:            Wed 24 Feb 2027 15:06:56 +0000
asID:                     5650
IP address blocks:        51.146.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:1c:cf:14:0a:8c:51:33:7b:74:5c:6e:9e:51:57:f4:57:11:c1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 25 15:01:56 2026 GMT
            Not After : Feb 24 15:06:56 2027 GMT
        Subject: CN=1A32826314BB9EA2EAD880F839E9BDD2D394F64C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:85:f8:42:d5:35:a7:32:1b:07:99:28:86:d7:
                    d1:88:55:18:e3:fc:a0:14:ab:fa:ef:3d:0d:8d:56:
                    c4:ff:0c:c0:99:ed:35:09:cc:92:79:c4:92:ad:63:
                    20:03:89:f9:a4:2f:7e:16:3a:ca:5e:99:75:36:5d:
                    f3:60:3c:db:72:97:6e:ba:da:f5:61:52:7e:79:4e:
                    9d:f4:87:28:a4:ce:56:ec:db:92:48:14:12:64:b4:
                    6c:a5:90:3f:5f:b8:9f:db:c4:0b:e6:b6:fb:14:7b:
                    6d:85:d0:4b:ab:76:1e:6a:ea:ba:8d:b9:01:9d:1c:
                    ee:b0:17:2e:6b:cf:29:d4:b0:c8:40:5d:2c:d1:73:
                    81:a4:01:b2:ab:3b:65:90:d4:0d:e4:9f:86:31:6f:
                    83:b1:51:4a:b6:48:bb:d0:4a:d4:d4:83:0f:dc:2c:
                    8f:ec:aa:fa:bb:3d:4d:e6:bf:cf:19:37:5f:8b:cc:
                    ad:47:ed:5a:b4:95:ff:fe:31:ba:ec:bb:f2:ee:67:
                    9d:82:1c:a1:90:8c:e8:4a:58:39:ab:e7:b8:54:3f:
                    58:bb:e0:cf:bc:70:36:5d:19:e2:e6:f7:ac:8c:10:
                    55:51:ee:b3:d0:7b:d8:73:c8:18:4d:4e:8e:ba:42:
                    15:a6:c4:0a:86:bb:30:e7:75:4a:c6:4d:e4:55:32:
                    ab:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:32:82:63:14:BB:9E:A2:EA:D8:80:F8:39:E9:BD:D2:D3:94:F6:4C
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e34382e302f32322d3232203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:0e:6e:53:93:61:90:9d:58:1a:ef:17:97:b5:38:e7:a2:28:
         c0:ab:d2:ac:e5:d5:ee:f6:de:03:02:2d:40:e4:92:97:4b:18:
         f0:54:21:f8:26:39:e4:4c:7a:75:b2:a9:bb:6a:0a:33:4e:47:
         49:be:c1:fa:63:50:f9:77:df:9c:b2:3a:b9:1e:9f:66:20:91:
         9b:88:64:c0:ef:0c:32:39:98:87:d2:dc:89:98:e1:82:fa:c2:
         50:05:cc:5c:ae:b3:a2:75:20:80:e6:e9:8e:aa:d2:fc:0c:bc:
         5e:25:92:7b:2a:d7:ed:e2:45:65:d1:29:a7:9c:53:a3:eb:cc:
         1a:0a:7f:fe:5d:d8:e4:22:4b:cb:9a:6e:d0:45:71:7f:a0:1b:
         e3:b3:06:ed:b8:bc:50:63:b5:e7:07:1d:82:77:a0:02:aa:36:
         51:38:27:7d:69:02:37:02:25:95:1d:83:38:16:36:74:2a:09:
         93:97:01:e5:45:56:b8:70:57:ab:4c:c2:2a:d9:79:5a:33:bc:
         06:6e:d6:81:67:e3:a3:9a:65:54:4e:41:dc:e8:01:24:f9:76:
         74:4c:e0:5a:51:fd:bd:20:c9:e7:61:da:c4:34:37:c8:71:5a:
         df:de:3a:76:69:b4:21:6c:69:c1:69:7b:d0:d8:54:74:ed:74:
         9e:08:09:fc
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOhzPFAqMUTN7dFxunlFX9FcRwf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjUxNTAxNTZaFw0yNzAyMjQxNTA2NTZaMDMxMTAvBgNV
BAMTKDFBMzI4MjYzMTRCQjlFQTJFQUQ4ODBGODM5RTlCREQyRDM5NEY2NEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGhfhC1TWnMhsHmSiG19GIVRjj
/KAUq/rvPQ2NVsT/DMCZ7TUJzJJ5xJKtYyADifmkL34WOspemXU2XfNgPNtyl266
2vVhUn55Tp30hyikzlbs25JIFBJktGylkD9fuJ/bxAvmtvsUe22F0Eurdh5q6rqN
uQGdHO6wFy5rzynUsMhAXSzRc4GkAbKrO2WQ1A3kn4Yxb4OxUUq2SLvQStTUgw/c
LI/sqvq7PU3mv88ZN1+LzK1H7Vq0lf/+Mbrsu/LuZ52CHKGQjOhKWDmr57hUP1i7
4M+8cDZdGeLm96yMEFVR7rPQe9hzyBhNTo66QhWmxAqGuzDndUrGTeRVMquXAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUGjKCYxS7nqLq2ID4Oem90tOU9kwwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzNDM4
MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzUzNjM1MzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIzkjAw
DQYJKoZIhvcNAQELBQADggEBADsOblOTYZCdWBrvF5e1OOeiKMCr0qzl1e723gMC
LUDkkpdLGPBUIfgmOeRMenWyqbtqCjNOR0m+wfpjUPl335yyOrken2YgkZuIZMDv
DDI5mIfS3ImY4YL6wlAFzFyus6J1IIDm6Y6q0vwMvF4lknsq1+3iRWXRKaecU6Pr
zBoKf/5d2OQiS8uabtBFcX+gG+OzBu24vFBjtecHHYJ3oAKqNlE4J31pAjcCJZUd
gzgWNnQqCZOXAeVFVrhwV6tMwirZeVozvAZu1oFn46OaZVROQdzoAST5dnRM4FpR
/b0gyedh2sQ0N8hxWt/eOnZptCFsacFpe9DYVHTtdJ4ICfw=
-----END CERTIFICATE-----