Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132312e302f32342d3234203d3e20383334.roa
File:                     3231332e3135372e3132312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ymSjuPXVAPbWpsdUxy4NAbVAbZwcrZUHC9CvHZBpiEw=
Subject key identifier:   07:99:C9:34:33:96:A4:BB:26:B7:34:12:96:2D:EE:A1:C8:88:D2:AA
Certificate issuer:       /CN=8184669b0189b7fabe05e700325a0d74957beb27
Certificate serial:       4F1D0E4270F7910265F81B5AA2B75B5678DADF6B
Authority key identifier: 81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132312e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Feb 2026 09:47:47 +0000
ROA not before:           Tue 17 Feb 2026 09:42:47 +0000
ROA not after:            Tue 16 Feb 2027 09:47:47 +0000
asID:                     834
IP address blocks:        213.157.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:1d:0e:42:70:f7:91:02:65:f8:1b:5a:a2:b7:5b:56:78:da:df:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8184669b0189b7fabe05e700325a0d74957beb27
        Validity
            Not Before: Feb 17 09:42:47 2026 GMT
            Not After : Feb 16 09:47:47 2027 GMT
        Subject: CN=0799C9343396A4BB26B73412962DEEA1C888D2AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:db:5b:e2:90:6c:fe:88:ee:a2:72:7b:0f:1b:
                    39:f7:df:04:0a:71:b2:48:e8:5c:ea:f9:bd:a0:0c:
                    ed:9e:d4:97:4c:bc:32:4b:fd:03:32:4b:02:7a:bd:
                    2f:b2:9a:39:33:a7:5d:14:ca:f3:0e:3a:3a:c6:a4:
                    2c:08:eb:09:eb:78:16:67:c7:d2:b7:72:c3:cc:51:
                    fc:6b:04:b0:e1:3b:09:40:66:46:34:e5:26:cb:d7:
                    0e:ab:23:04:bf:e4:46:7b:3f:d3:65:a3:d4:39:a4:
                    84:89:05:ec:6e:b3:8a:94:bd:4b:53:81:c9:f9:da:
                    3e:30:29:69:db:42:1c:ab:80:d3:37:d8:21:e1:68:
                    87:29:55:34:0a:94:79:18:a5:4c:77:66:50:e3:4c:
                    8b:bc:6d:dc:04:de:4d:a7:8e:3f:f0:6b:3b:85:42:
                    3a:e4:28:24:a3:99:24:b2:24:12:00:48:41:06:b4:
                    f9:e8:6e:fc:22:a5:32:17:99:b2:8e:d2:ba:f6:60:
                    8b:2d:ea:75:fc:61:35:98:ed:c8:46:4d:43:2a:2b:
                    37:a5:52:cd:cf:84:4e:9d:4d:7f:20:17:86:bb:6a:
                    e5:87:cf:37:96:7f:88:5d:1c:38:7d:ca:9e:4e:f7:
                    98:e5:55:b4:5c:5d:0c:4b:ed:14:2a:d5:64:da:3d:
                    88:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:99:C9:34:33:96:A4:BB:26:B7:34:12:96:2D:EE:A1:C8:88:D2:AA
            X509v3 Authority Key Identifier:
                keyid:81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.157.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:60:90:1e:e2:81:91:70:88:b3:6d:ab:0a:26:27:97:fe:02:
         8c:a8:22:f3:19:2d:45:18:24:33:c6:1a:37:58:43:2a:76:c3:
         02:65:ca:fb:ba:2f:39:c4:e9:c0:bc:cb:06:46:07:6a:dd:65:
         48:50:76:a6:fe:33:d7:01:6f:2a:a4:28:2a:29:62:65:3c:a9:
         0b:90:ab:16:3f:a2:ea:51:1d:d4:06:f8:4c:40:90:b8:04:09:
         71:30:67:90:78:99:5a:e9:14:67:c1:35:51:e8:aa:34:ab:50:
         62:9a:3e:7d:46:3c:02:ff:4d:01:cb:74:68:f4:14:ee:bc:0b:
         ea:1f:f0:04:9e:11:78:96:c4:29:bc:e3:07:f1:2e:4b:c8:90:
         cd:51:03:82:f0:62:f1:5b:0f:9a:f6:62:c3:ea:25:88:d5:2a:
         6c:c8:5a:e2:3f:41:9e:41:5f:7b:3f:14:10:df:6a:4f:b2:91:
         83:be:fd:55:6a:38:50:f6:5c:26:cd:ea:d1:18:95:bb:ec:cc:
         ef:ad:39:97:6f:1a:fc:84:df:88:e0:01:78:6b:68:e2:1e:6f:
         84:51:d4:fb:65:ce:62:b2:26:42:4e:2c:0f:e8:87:db:5d:84:
         8c:2e:ce:14:8e:37:3a:6a:a5:7c:14:7a:12:7f:3d:fb:af:dc:
         c1:c3:be:33
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUTx0OQnD3kQJl+BtaordbVnja32swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODE4NDY2OWIwMTg5YjdmYWJlMDVlNzAwMzI1YTBkNzQ5
NTdiZWIyNzAeFw0yNjAyMTcwOTQyNDdaFw0yNzAyMTYwOTQ3NDdaMDMxMTAvBgNV
BAMTKDA3OTlDOTM0MzM5NkE0QkIyNkI3MzQxMjk2MkRFRUExQzg4OEQyQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr21vikGz+iO6icnsPGzn33wQK
cbJI6Fzq+b2gDO2e1JdMvDJL/QMySwJ6vS+ymjkzp10UyvMOOjrGpCwI6wnreBZn
x9K3csPMUfxrBLDhOwlAZkY05SbL1w6rIwS/5EZ7P9Nlo9Q5pISJBexus4qUvUtT
gcn52j4wKWnbQhyrgNM32CHhaIcpVTQKlHkYpUx3ZlDjTIu8bdwE3k2njj/wazuF
QjrkKCSjmSSyJBIASEEGtPnobvwipTIXmbKO0rr2YIst6nX8YTWY7chGTUMqKzel
Us3PhE6dTX8gF4a7auWHzzeWf4hdHDh9yp5O95jlVbRcXQxL7RQq1WTaPYhjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUB5nJNDOWpLsmtzQSli3uociI0qowHwYDVR0j
BBgwFoAUgYRmmwGJt/q+BecAMloNdJV76ycwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUtMGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJi
ZTI1LzAvODE4NDY2OUIwMTg5QjdGQUJFMDVFNzAwMzI1QTBENzQ5NTdCRUIyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2dZUm1td0dKdF9xLUJlY0FNbG9OZEpW
NzZ5Yy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUt
MGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJiZTI1LzAvMzIzMTMzMmUzMTM1MzcyZTMx
MzIzMTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWd
eTANBgkqhkiG9w0BAQsFAAOCAQEAdmCQHuKBkXCIs22rCiYnl/4CjKgi8xktRRgk
M8YaN1hDKnbDAmXK+7ovOcTpwLzLBkYHat1lSFB2pv4z1wFvKqQoKiliZTypC5Cr
Fj+i6lEd1Ab4TECQuAQJcTBnkHiZWukUZ8E1UeiqNKtQYpo+fUY8Av9NAct0aPQU
7rwL6h/wBJ4ReJbEKbzjB/EuS8iQzVEDgvBi8VsPmvZiw+oliNUqbMha4j9BnkFf
ez8UEN9qT7KRg779VWo4UPZcJs3q0RiVu+zM7605l28a/ITfiOABeGto4h5vhFHU
+2XOYrImQk4sD+iH212EjC7OFI43OmqlfBR6En89+6/cwcO+Mw==
-----END CERTIFICATE-----