Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37392e302f32342d3234203d3e2033333230.roa
File:                     3231332e3133392e37392e302f32342d3234203d3e2033333230.roa (raw, json)
Hash identifier:          f7C4581jJeKKnyLKipb2ZqdzpdWZFHeKPCD6CEFc/5E=
Subject key identifier:   82:5C:AB:15:6B:1E:1E:76:25:26:B6:D4:16:21:96:FF:8F:F9:BF:A4
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       5B3F9D32738C3B1AC1C675E0C693BAEC3706DC
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37392e302f32342d3234203d3e2033333230.roa
Signing time:             Thu 08 Jan 2026 00:55:33 +0000
ROA not before:           Thu 08 Jan 2026 00:50:33 +0000
ROA not after:            Thu 07 Jan 2027 00:55:33 +0000
asID:                     3320
IP address blocks:        213.139.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:3f:9d:32:73:8c:3b:1a:c1:c6:75:e0:c6:93:ba:ec:37:06:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jan  8 00:50:33 2026 GMT
            Not After : Jan  7 00:55:33 2027 GMT
        Subject: CN=825CAB156B1E1E762526B6D4162196FF8FF9BFA4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:40:54:56:6f:d6:15:9e:8e:1f:a4:5e:8a:4c:
                    4d:78:68:ee:22:33:2b:3f:46:3c:78:07:13:9b:1b:
                    c1:55:6b:c4:fd:25:59:ea:ba:f6:37:3a:b9:14:80:
                    fd:67:a1:09:5d:2a:95:43:a3:e8:7a:dc:52:b2:cf:
                    70:26:4f:b7:45:63:07:72:ea:79:d1:e5:c6:33:59:
                    79:9d:70:30:b1:38:64:fc:fc:8f:56:d7:d4:3c:f3:
                    80:78:9f:fd:05:e5:9c:05:88:9c:7f:b3:aa:9b:f3:
                    90:2d:81:8d:aa:4d:de:d2:68:07:cd:42:6e:b4:29:
                    3d:c0:b5:0e:68:02:b8:cb:8a:63:36:92:b3:2e:e7:
                    0e:e7:3a:51:f4:df:a0:5a:6e:8c:ee:92:dc:0b:74:
                    a7:9c:0c:67:37:2f:38:ed:69:42:67:15:16:ba:14:
                    cb:6a:3e:29:10:e2:b1:ec:c9:0a:88:b7:5d:3d:f4:
                    03:6c:f2:21:4c:3e:de:4f:da:40:4f:14:24:f3:76:
                    f2:6a:4d:a2:f5:31:d7:e9:88:01:09:df:6f:21:3c:
                    b5:26:3c:de:a9:44:dc:0d:5b:c4:79:ed:6a:b9:13:
                    fa:c6:41:1b:e8:68:b2:37:bb:44:f8:33:52:0e:85:
                    d4:fd:94:ea:f7:1a:9d:63:c4:c7:ad:91:3f:f4:3b:
                    ed:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:5C:AB:15:6B:1E:1E:76:25:26:B6:D4:16:21:96:FF:8F:F9:BF:A4
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37392e302f32342d3234203d3e2033333230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ef:7d:3d:77:55:89:79:8c:fe:11:9e:06:e3:ba:fe:18:e2:
         ea:26:aa:bf:98:25:47:77:86:79:d6:5c:82:4e:3e:76:ff:97:
         9e:99:07:5f:3d:93:67:f3:68:b3:d0:e4:a1:5a:ad:61:db:63:
         9d:9c:71:8a:33:86:48:89:26:b0:74:ab:8e:bf:6a:56:57:d0:
         6e:d6:56:dc:cd:c5:02:37:9e:f3:14:70:09:6c:3f:cb:26:b2:
         87:58:34:42:8e:80:52:dd:c8:a8:26:b5:e4:68:ab:00:cd:08:
         86:a7:a7:9f:a1:f2:37:d4:7c:a6:8a:8b:5b:54:b5:95:7f:80:
         cf:8d:7a:f0:8a:b1:0b:d3:17:c5:f1:5c:a9:d5:3d:ca:0d:1a:
         f1:fb:ae:72:df:98:b6:14:1f:1d:71:9c:6b:e3:50:24:80:55:
         7d:a6:92:ed:ea:b4:2a:44:9d:09:2d:ca:1b:9b:c9:78:f5:eb:
         be:d0:74:94:5a:80:47:c6:22:7a:b7:57:f2:42:eb:d4:39:1d:
         08:31:41:38:64:ef:b3:a0:9d:6f:0c:78:7d:3d:01:73:4f:8d:
         51:56:a0:7b:5d:28:e6:e0:09:c2:9f:7b:14:18:02:2b:71:ae:
         b8:e3:e4:ce:ec:01:9b:51:65:0d:16:51:e5:05:23:a9:7d:a6:
         a8:eb:82:24
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgITWz+dMnOMOxrBxnXgxpO67DcG3DANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhiNjgzZjJlYjUwYzU5OTlhNzc0NTZlODgyNjgzMTYwOWQ0
OGM3ZDNlMB4XDTI2MDEwODAwNTAzM1oXDTI3MDEwNzAwNTUzM1owMzExMC8GA1UE
AxMoODI1Q0FCMTU2QjFFMUU3NjI1MjZCNkQ0MTYyMTk2RkY4RkY5QkZBNDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRAVFZv1hWejh+kXopMTXho7iIz
Kz9GPHgHE5sbwVVrxP0lWeq69jc6uRSA/WehCV0qlUOj6HrcUrLPcCZPt0VjB3Lq
edHlxjNZeZ1wMLE4ZPz8j1bX1DzzgHif/QXlnAWInH+zqpvzkC2BjapN3tJoB81C
brQpPcC1DmgCuMuKYzaSsy7nDuc6UfTfoFpujO6S3At0p5wMZzcvOO1pQmcVFroU
y2o+KRDisezJCoi3XT30A2zyIUw+3k/aQE8UJPN28mpNovUx1+mIAQnfbyE8tSY8
3qlE3A1bxHntarkT+sZBG+hosje7RPgzUg6F1P2U6vcanWPEx62RP/Q77WsCAwEA
AaOCAjswggI3MB0GA1UdDgQWBBSCXKsVax4ediUmttQWIZb/j/m/pDAfBgNVHSME
GDAWgBS2g/LrUMWZmndFbogmgxYJ1Ix9PjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9hMDFjMTRmYi1iNjYwLTQ4OWQtOWU5Zi05NDAyZTllMmMy
ZTIvMC9CNjgzRjJFQjUwQzU5OTlBNzc0NTZFODgyNjgzMTYwOUQ0OEM3RDNFLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvdG9QeTYxREZtWnAzUlc2SUpvTVdDZFNN
ZlQ0LmNlcjCBqwYIKwYBBQUHAQsEgZ4wgZswgZgGCCsGAQUFBzALhoGLcnN5bmM6
Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9hMDFjMTRmYi1i
NjYwLTQ4OWQtOWU5Zi05NDAyZTllMmMyZTIvMC8zMjMxMzMyZTMxMzMzOTJlMzcz
OTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzMzMjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YtP
MA0GCSqGSIb3DQEBCwUAA4IBAQAn7309d1WJeYz+EZ4G47r+GOLqJqq/mCVHd4Z5
1lyCTj52/5eemQdfPZNn82iz0OShWq1h22OdnHGKM4ZIiSawdKuOv2pWV9Bu1lbc
zcUCN57zFHAJbD/LJrKHWDRCjoBS3cioJrXkaKsAzQiGp6efofI31HymiotbVLWV
f4DPjXrwirEL0xfF8Vyp1T3KDRrx+65y35i2FB8dcZxr41AkgFV9ppLt6rQqRJ0J
Lcobm8l49eu+0HSUWoBHxiJ6t1fyQuvUOR0IMUE4ZO+zoJ1vDHh9PQFzT41RVqB7
XSjm4AnCn3sUGAIrca644+TO7AGbUWUNFlHlBSOpfaao64Ik
-----END CERTIFICATE-----