Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132332e302f32342d3234203d3e20383334.roa
File:                     3231332e3135372e3132332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          YU9Gu8DbwidmuJEj2bOkpyHE/QfDjQi5W4EwB2IqhYg=
Subject key identifier:   5E:2C:E8:F3:4D:8B:8E:68:C8:B2:A3:7B:E8:92:66:40:97:C3:D1:5C
Certificate issuer:       /CN=8184669b0189b7fabe05e700325a0d74957beb27
Certificate serial:       30AA6C7268003FB4B0F60779D84421FA359D1A5A
Authority key identifier: 81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 17 Feb 2026 09:47:47 +0000
ROA not before:           Tue 17 Feb 2026 09:42:47 +0000
ROA not after:            Tue 16 Feb 2027 09:47:47 +0000
asID:                     834
IP address blocks:        213.157.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:aa:6c:72:68:00:3f:b4:b0:f6:07:79:d8:44:21:fa:35:9d:1a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8184669b0189b7fabe05e700325a0d74957beb27
        Validity
            Not Before: Feb 17 09:42:47 2026 GMT
            Not After : Feb 16 09:47:47 2027 GMT
        Subject: CN=5E2CE8F34D8B8E68C8B2A37BE892664097C3D15C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1a:b2:d0:a0:5b:77:d7:69:c1:f7:65:6b:14:
                    a6:db:06:91:4a:f5:68:50:91:06:ed:b0:77:72:35:
                    23:92:db:76:1e:9c:a0:40:7e:e5:d8:e9:ed:10:a8:
                    a6:5a:c5:a6:1d:a8:dd:13:08:98:9a:8d:3f:e2:f8:
                    52:62:be:93:ae:b4:17:f5:46:dc:fd:5b:b8:27:43:
                    b7:58:58:38:b5:f3:65:31:6a:f1:9e:b0:a4:e2:73:
                    11:b2:09:2b:32:c4:8a:74:19:2a:d9:21:9e:48:5b:
                    fd:6c:e7:be:aa:b0:67:80:bd:94:a0:ea:84:bb:13:
                    69:23:0a:72:2e:e7:06:10:19:aa:22:15:31:2e:7e:
                    b9:25:30:22:c2:63:8b:ea:6b:45:58:1c:f2:8f:a4:
                    92:c9:70:a1:fa:29:36:d7:dc:54:50:be:94:63:78:
                    f4:ba:b5:79:02:75:b0:81:32:9e:96:a8:9d:80:5b:
                    7f:24:63:64:91:7a:5f:1a:e9:a3:92:ac:98:fc:94:
                    b6:5b:af:d6:e7:86:e5:e1:ad:e0:6d:81:70:e2:c6:
                    be:fc:6c:7f:e4:fb:7c:cc:20:73:28:c5:85:07:10:
                    17:34:0e:f6:c5:a5:44:44:c9:8c:69:45:0d:8e:fe:
                    a2:27:58:94:45:57:1a:e4:9c:34:f4:09:d9:61:ee:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:2C:E8:F3:4D:8B:8E:68:C8:B2:A3:7B:E8:92:66:40:97:C3:D1:5C
            X509v3 Authority Key Identifier:
                keyid:81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.157.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:18:b1:22:8b:58:e4:d7:67:f8:48:7c:f1:57:b8:1d:71:ad:
         7f:23:74:13:3c:7c:06:00:c6:44:05:dc:df:6d:f3:6c:84:23:
         42:8f:f0:9b:70:8b:fb:96:78:f6:1b:06:41:a6:34:f5:34:10:
         46:49:4f:5f:e7:6e:e5:a6:3f:cf:05:f7:f9:63:a5:07:e8:50:
         49:2c:ce:c7:0c:87:b0:1a:e0:99:56:77:a6:3b:d4:15:1a:b6:
         be:bb:c2:ad:ac:9d:05:d7:07:53:18:3e:75:c6:60:1b:75:4f:
         31:86:0c:7f:83:1a:a1:b1:7b:cd:93:e3:1c:14:dd:b8:12:68:
         13:05:00:cd:d9:fd:ad:5e:e0:7b:f8:5f:9f:2f:98:9b:44:0e:
         29:85:e4:e8:1b:fd:e5:c9:6e:55:ff:c9:aa:1f:af:31:88:bd:
         02:c1:c9:6b:9b:a9:e2:2a:a3:8f:30:80:37:f8:48:f9:e4:d0:
         48:a0:10:82:d9:83:f3:18:9b:a1:9c:24:57:74:a7:a7:a0:f3:
         46:7a:ed:66:85:c4:93:6b:f6:aa:0f:75:fa:96:5c:da:e3:eb:
         10:be:22:90:27:ba:f3:9d:b1:50:2d:30:79:2c:a8:6f:e4:af:
         03:4f:4b:8f:fb:45:f5:5d:f1:34:26:38:7b:d3:92:57:5a:08:
         4e:83:90:44
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMKpscmgAP7Sw9gd52EQh+jWdGlowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODE4NDY2OWIwMTg5YjdmYWJlMDVlNzAwMzI1YTBkNzQ5
NTdiZWIyNzAeFw0yNjAyMTcwOTQyNDdaFw0yNzAyMTYwOTQ3NDdaMDMxMTAvBgNV
BAMTKDVFMkNFOEYzNEQ4QjhFNjhDOEIyQTM3QkU4OTI2NjQwOTdDM0QxNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrGrLQoFt312nB92VrFKbbBpFK
9WhQkQbtsHdyNSOS23YenKBAfuXY6e0QqKZaxaYdqN0TCJiajT/i+FJivpOutBf1
Rtz9W7gnQ7dYWDi182UxavGesKTicxGyCSsyxIp0GSrZIZ5IW/1s576qsGeAvZSg
6oS7E2kjCnIu5wYQGaoiFTEufrklMCLCY4vqa0VYHPKPpJLJcKH6KTbX3FRQvpRj
ePS6tXkCdbCBMp6WqJ2AW38kY2SRel8a6aOSrJj8lLZbr9bnhuXhreBtgXDixr78
bH/k+3zMIHMoxYUHEBc0DvbFpUREyYxpRQ2O/qInWJRFVxrknDT0Cdlh7uDNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXizo802LjmjIsqN76JJmQJfD0VwwHwYDVR0j
BBgwFoAUgYRmmwGJt/q+BecAMloNdJV76ycwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUtMGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJi
ZTI1LzAvODE4NDY2OUIwMTg5QjdGQUJFMDVFNzAwMzI1QTBENzQ5NTdCRUIyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2dZUm1td0dKdF9xLUJlY0FNbG9OZEpW
NzZ5Yy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUt
MGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJiZTI1LzAvMzIzMTMzMmUzMTM1MzcyZTMx
MzIzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWd
ezANBgkqhkiG9w0BAQsFAAOCAQEAVxixIotY5Ndn+Eh88Ve4HXGtfyN0Ezx8BgDG
RAXc323zbIQjQo/wm3CL+5Z49hsGQaY09TQQRklPX+du5aY/zwX3+WOlB+hQSSzO
xwyHsBrgmVZ3pjvUFRq2vrvCraydBdcHUxg+dcZgG3VPMYYMf4MaobF7zZPjHBTd
uBJoEwUAzdn9rV7ge/hfny+Ym0QOKYXk6Bv95cluVf/Jqh+vMYi9AsHJa5up4iqj
jzCAN/hI+eTQSKAQgtmD8xiboZwkV3Snp6DzRnrtZoXEk2v2qg91+pZc2uPrEL4i
kCe6852xUC0weSyob+SvA09Lj/tF9V3xNCY4e9OSV1oIToOQRA==
-----END CERTIFICATE-----