Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e35322e302f32322d3234203d3e20383334.roa
File:                     35312e3134362e35322e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          gKgw0ieSnSKGZDGei+xo9/AjjLmOmoiXS1EPSGjOr2k=
Subject key identifier:   FD:AE:D7:B8:1C:36:34:15:F1:35:2C:F1:E3:AB:EE:62:F5:5A:91:43
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       72384427C95017BF79BAE66784316B177A26F101
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e35322e302f32322d3234203d3e20383334.roa
Signing time:             Wed 25 Feb 2026 15:08:29 +0000
ROA not before:           Wed 25 Feb 2026 15:03:29 +0000
ROA not after:            Wed 24 Feb 2027 15:08:29 +0000
asID:                     834
IP address blocks:        51.146.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:38:44:27:c9:50:17:bf:79:ba:e6:67:84:31:6b:17:7a:26:f1:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Feb 25 15:03:29 2026 GMT
            Not After : Feb 24 15:08:29 2027 GMT
        Subject: CN=FDAED7B81C363415F1352CF1E3ABEE62F55A9143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:db:b5:4a:07:c0:35:d3:50:3c:38:10:18:86:
                    9f:75:17:63:70:67:35:b3:43:e6:98:67:af:7e:1e:
                    50:cf:31:8d:31:5e:f2:cc:42:b2:5b:83:cf:aa:62:
                    09:51:5b:72:41:37:79:ad:14:f1:f5:fe:d1:e0:7a:
                    f4:55:27:04:19:10:0f:a9:4a:8d:54:44:96:1f:60:
                    b2:66:9f:83:0c:3f:50:b9:40:8b:c7:9c:5b:45:80:
                    cf:f6:c6:a2:48:b5:95:28:5a:40:24:32:37:8b:7e:
                    bf:81:27:b3:23:44:bf:78:31:54:37:be:07:e3:19:
                    28:c6:26:3e:ee:49:58:36:8f:4c:37:da:f0:ba:c5:
                    11:7b:25:3e:b8:88:05:5d:34:2e:20:23:39:d9:d8:
                    ef:91:bc:89:c6:64:1f:d5:40:f2:21:41:96:b4:12:
                    e5:11:57:90:85:3c:31:20:d5:9d:00:37:13:f5:21:
                    d3:3c:5f:60:df:12:a1:bb:a0:0c:be:0b:51:44:28:
                    6d:7b:05:63:83:a5:83:ab:61:67:5c:81:68:09:c3:
                    13:54:69:c0:c1:b3:95:aa:9c:1a:2b:f9:eb:e0:2b:
                    fb:7a:2c:b2:26:ee:8c:a4:c6:65:5e:a1:37:aa:02:
                    74:77:a0:0f:f2:a6:48:7f:b1:a7:e6:2f:21:7d:4e:
                    38:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:AE:D7:B8:1C:36:34:15:F1:35:2C:F1:E3:AB:EE:62:F5:5A:91:43
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e35322e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:51:ad:e9:6a:03:cc:d0:36:b3:62:bc:36:0d:72:0b:1d:f7:
         6d:50:06:34:0e:76:ad:ed:86:0e:64:fb:99:10:0a:47:a4:2d:
         4a:b8:f1:9f:9f:cb:b0:3c:ec:f2:70:a8:0e:bd:83:0c:5d:91:
         5a:0f:a2:34:ad:40:e3:1b:7f:92:b4:76:23:c3:84:ea:30:b0:
         4f:a3:be:9e:18:05:44:75:b8:cb:56:f5:ea:7b:41:56:f2:66:
         c9:10:0c:b9:7c:a5:52:d4:bb:4c:f0:55:65:5c:68:f4:c4:15:
         67:5b:07:6c:51:8f:c6:94:62:55:3f:51:48:f4:04:e8:d7:c8:
         dd:d8:6f:e4:66:0b:6e:1b:89:87:a9:49:d2:dd:6d:b9:4d:e8:
         36:53:3a:8b:40:46:1e:3f:70:bb:e3:93:d6:b7:be:17:fc:d8:
         76:8c:e2:58:b9:6f:00:84:f6:52:d2:cc:c5:86:5e:38:11:8f:
         21:6c:3c:a8:5d:f3:3b:2e:69:5d:e9:47:4b:36:ec:f5:0d:3b:
         3e:2e:11:f8:ee:96:91:fb:4f:c4:b1:0e:ec:e8:00:79:f1:67:
         5e:10:bf:82:56:48:ce:d5:7e:e3:f5:6a:09:82:f5:de:a8:5f:
         9d:ca:5a:53:63:c7:5c:5b:82:d4:6b:9a:fd:17:4d:91:13:60:
         90:c9:27:53
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUcjhEJ8lQF795uuZnhDFrF3om8QEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAyMjUxNTAzMjlaFw0yNzAyMjQxNTA4MjlaMDMxMTAvBgNV
BAMTKEZEQUVEN0I4MUMzNjM0MTVGMTM1MkNGMUUzQUJFRTYyRjU1QTkxNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl27VKB8A101A8OBAYhp91F2Nw
ZzWzQ+aYZ69+HlDPMY0xXvLMQrJbg8+qYglRW3JBN3mtFPH1/tHgevRVJwQZEA+p
So1URJYfYLJmn4MMP1C5QIvHnFtFgM/2xqJItZUoWkAkMjeLfr+BJ7MjRL94MVQ3
vgfjGSjGJj7uSVg2j0w32vC6xRF7JT64iAVdNC4gIznZ2O+RvInGZB/VQPIhQZa0
EuURV5CFPDEg1Z0ANxP1IdM8X2DfEqG7oAy+C1FEKG17BWODpYOrYWdcgWgJwxNU
acDBs5WqnBor+evgK/t6LLIm7oykxmVeoTeqAnR3oA/ypkh/safmLyF9TjgFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU/a7XuBw2NBXxNSzx46vuYvVakUMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzNTMy
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCM5I0MA0G
CSqGSIb3DQEBCwUAA4IBAQBaUa3pagPM0DazYrw2DXILHfdtUAY0Dnat7YYOZPuZ
EApHpC1KuPGfn8uwPOzycKgOvYMMXZFaD6I0rUDjG3+StHYjw4TqMLBPo76eGAVE
dbjLVvXqe0FW8mbJEAy5fKVS1LtM8FVlXGj0xBVnWwdsUY/GlGJVP1FI9ATo18jd
2G/kZgtuG4mHqUnS3W25Teg2UzqLQEYeP3C745PWt74X/Nh2jOJYuW8AhPZS0szF
hl44EY8hbDyoXfM7Lmld6UdLNuz1DTs+LhH47paR+0/EsQ7s6AB58WdeEL+CVkjO
1X7j9WoJgvXeqF+dylpTY8dcW4LUa5r9F02RE2CQySdT
-----END CERTIFICATE-----