Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e302e302f32342d3234203d3e2035303635.roa
File:                     3138352e3138312e302e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          XgDvqjA1DUwIeQGus4KqsR+dQUTBQ2aN4efEM7LhMpY=
Subject key identifier:   32:C5:ED:5F:6E:68:E9:BC:92:94:27:82:FA:74:F3:95:83:E3:F0:17
Certificate issuer:       /CN=8f4ce7722f99075d94738b7e61070401269eb3d6
Certificate serial:       4B5F156A1D1461DC33C578E53C836860333BE706
Authority key identifier: 8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e302e302f32342d3234203d3e2035303635.roa
Signing time:             Wed 11 Feb 2026 12:55:38 +0000
ROA not before:           Wed 11 Feb 2026 12:50:38 +0000
ROA not after:            Wed 10 Feb 2027 12:55:38 +0000
asID:                     5065
IP address blocks:        185.181.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:5f:15:6a:1d:14:61:dc:33:c5:78:e5:3c:83:68:60:33:3b:e7:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4ce7722f99075d94738b7e61070401269eb3d6
        Validity
            Not Before: Feb 11 12:50:38 2026 GMT
            Not After : Feb 10 12:55:38 2027 GMT
        Subject: CN=32C5ED5F6E68E9BC92942782FA74F39583E3F017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:15:6f:60:a7:a9:b4:02:46:05:59:e0:c6:ee:
                    0a:c3:15:36:7b:ae:ee:e6:1c:92:00:d8:a9:93:56:
                    f9:95:24:1d:a0:a7:fb:b7:b3:15:70:fa:a6:c1:90:
                    e5:f5:d1:01:33:00:31:29:56:80:ef:37:25:23:af:
                    e9:41:98:58:f1:5a:41:51:54:68:80:72:da:12:7e:
                    d5:e1:fe:0a:32:a4:47:c1:5f:64:8a:16:bc:7c:dc:
                    36:8e:2f:52:db:02:b5:97:33:60:cb:75:cd:40:a1:
                    bd:02:fe:6f:ae:af:0f:55:83:cb:50:49:13:58:bd:
                    f1:63:ea:f7:cd:3c:45:bc:b5:e1:42:4c:b1:7f:a8:
                    93:b4:be:59:7d:1f:b9:c9:cb:4e:22:76:73:81:dd:
                    e0:e1:55:4b:18:7e:0b:22:21:2c:a0:b4:2f:d5:9b:
                    d8:fe:85:a5:ab:12:83:a7:25:40:3b:d4:d8:cd:79:
                    cd:9d:94:c8:a9:a7:c6:f5:b7:08:ba:1a:68:43:23:
                    09:70:25:a1:a3:0b:fc:25:a7:87:0e:5e:8f:aa:5f:
                    9b:02:a9:e9:fe:9e:41:6c:7f:f4:82:b6:48:9f:65:
                    bc:3e:6f:2d:c3:a0:08:fa:00:f3:85:9f:57:3d:eb:
                    ad:7c:f5:3e:c5:b2:87:04:9f:4d:bc:d0:2d:5f:c1:
                    0c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:C5:ED:5F:6E:68:E9:BC:92:94:27:82:FA:74:F3:95:83:E3:F0:17
            X509v3 Authority Key Identifier:
                keyid:8F:4C:E7:72:2F:99:07:5D:94:73:8B:7E:61:07:04:01:26:9E:B3:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/8F4CE7722F99075D94738B7E61070401269EB3D6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0znci-ZB12Uc4t-YQcEASaes9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aa977115-5110-4257-94ef-4d2b43884040/0/3138352e3138312e302e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:03:69:55:46:6c:ec:88:ea:c2:94:34:27:fd:ad:7d:5a:c0:
         1a:c1:78:0e:ae:30:5c:58:3f:77:48:c7:a8:d4:38:1e:43:f7:
         3c:61:23:57:eb:c1:9a:24:65:4a:84:8d:59:44:c7:da:34:00:
         eb:da:e2:aa:ba:3f:d8:7a:2c:48:79:9f:ee:f4:26:fa:70:8e:
         70:40:a8:b7:ef:e7:3f:3c:ea:56:53:29:03:ff:c8:03:ba:54:
         86:69:95:b3:de:4c:2f:17:f7:80:12:08:3c:df:73:8c:81:8b:
         95:e3:b5:d7:0e:02:da:f7:86:ce:c4:40:2d:84:b0:1e:24:4d:
         45:b1:e9:c7:31:33:73:55:f8:77:ea:58:7e:b8:8c:8d:66:e2:
         10:82:15:09:e7:b4:be:30:81:29:78:25:03:af:42:6b:69:d1:
         ae:ce:ad:f5:f7:be:87:59:e3:06:64:04:e6:cc:cf:6a:aa:0e:
         b1:05:8a:ea:fe:b9:5c:d6:df:b7:31:9c:94:33:c4:21:84:ae:
         ff:d4:fd:70:5e:11:43:46:39:9a:d4:cd:b0:81:bf:30:24:23:
         73:5d:a6:ff:26:9f:3c:fa:95:43:d5:04:d6:7b:e2:64:4c:d6:
         e0:ea:dc:db:65:c0:91:6d:27:86:6f:18:84:6d:eb:90:81:40:
         36:4e:58:8a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUS18Vah0UYdwzxXjlPINoYDM75wYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGY0Y2U3NzIyZjk5MDc1ZDk0NzM4YjdlNjEwNzA0MDEy
NjllYjNkNjAeFw0yNjAyMTExMjUwMzhaFw0yNzAyMTAxMjU1MzhaMDMxMTAvBgNV
BAMTKDMyQzVFRDVGNkU2OEU5QkM5Mjk0Mjc4MkZBNzRGMzk1ODNFM0YwMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7FW9gp6m0AkYFWeDG7grDFTZ7
ru7mHJIA2KmTVvmVJB2gp/u3sxVw+qbBkOX10QEzADEpVoDvNyUjr+lBmFjxWkFR
VGiActoSftXh/goypEfBX2SKFrx83DaOL1LbArWXM2DLdc1Aob0C/m+urw9Vg8tQ
SRNYvfFj6vfNPEW8teFCTLF/qJO0vll9H7nJy04idnOB3eDhVUsYfgsiISygtC/V
m9j+haWrEoOnJUA71NjNec2dlMipp8b1twi6GmhDIwlwJaGjC/wlp4cOXo+qX5sC
qen+nkFsf/SCtkifZbw+by3DoAj6APOFn1c966189T7FsocEn0280C1fwQy/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMsXtX25o6bySlCeC+nTzlYPj8BcwHwYDVR0j
BBgwFoAUj0znci+ZB12Uc4t+YQcEASaes9YwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUtNTExMC00MjU3LTk0ZWYtNGQyYjQzODg0
MDQwLzAvOEY0Q0U3NzIyRjk5MDc1RDk0NzM4QjdFNjEwNzA0MDEyNjlFQjNENi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2owem5jaS1aQjEyVWM0dC1ZUWNFQVNh
ZXM5WS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWE5NzcxMTUt
NTExMC00MjU3LTk0ZWYtNGQyYjQzODg0MDQwLzAvMzEzODM1MmUzMTM4MzEyZTMw
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMDM2MzUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5tQAw
DQYJKoZIhvcNAQELBQADggEBAL4DaVVGbOyI6sKUNCf9rX1awBrBeA6uMFxYP3dI
x6jUOB5D9zxhI1frwZokZUqEjVlEx9o0AOva4qq6P9h6LEh5n+70JvpwjnBAqLfv
5z886lZTKQP/yAO6VIZplbPeTC8X94ASCDzfc4yBi5XjtdcOAtr3hs7EQC2EsB4k
TUWx6ccxM3NV+HfqWH64jI1m4hCCFQnntL4wgSl4JQOvQmtp0a7OrfX3vodZ4wZk
BObMz2qqDrEFiur+uVzW37cxnJQzxCGErv/U/XBeEUNGOZrUzbCBvzAkI3Ndpv8m
nzz6lUPVBNZ74mRM1uDq3NtlwJFtJ4ZvGIRt65CBQDZOWIo=
-----END CERTIFICATE-----