Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3138352e39332e33342e302f32342d3234203d3e203239383032.roa
File:                     3138352e39332e33342e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          VjOyuuwqMWWSBgaw3cJ9x4QAJ2ozG4BNAEHHIwbQwOM=
Subject key identifier:   4D:7A:DD:74:4A:60:59:28:63:DF:FD:CB:BC:69:D1:5D:4A:D8:44:67
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       0912AFC4BA4318C3172603F0EDD32BD712F98CB6
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3138352e39332e33342e302f32342d3234203d3e203239383032.roa
Signing time:             Tue 03 Feb 2026 14:38:47 +0000
ROA not before:           Tue 03 Feb 2026 14:33:47 +0000
ROA not after:            Tue 02 Feb 2027 14:38:47 +0000
asID:                     29802
IP address blocks:        185.93.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:12:af:c4:ba:43:18:c3:17:26:03:f0:ed:d3:2b:d7:12:f9:8c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: Feb  3 14:33:47 2026 GMT
            Not After : Feb  2 14:38:47 2027 GMT
        Subject: CN=4D7ADD744A60592863DFFDCBBC69D15D4AD84467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:32:e7:40:c4:06:f7:f5:57:c1:d2:11:ab:63:
                    92:f6:2f:7d:80:b9:e9:93:cc:59:d1:53:96:cd:5a:
                    44:e4:f2:ce:6b:36:5e:ba:49:73:82:26:aa:c7:a6:
                    66:9a:d7:1c:fa:b3:a1:8a:10:f9:02:a0:9b:9d:cb:
                    0f:10:d2:67:4b:b3:49:1b:ba:1e:be:ae:a5:23:c0:
                    eb:60:dc:1b:92:f8:81:2c:df:37:2c:68:c8:a4:a6:
                    d1:c8:26:9e:d6:32:54:2d:66:24:b9:29:e9:0d:ba:
                    28:c6:3e:dc:2c:45:f0:df:9c:b9:2d:4f:1d:8b:14:
                    85:3d:4a:61:4a:11:4d:e4:3a:3f:52:86:d1:ca:c9:
                    c7:95:54:d0:2e:ef:82:16:58:53:ab:ae:6b:e0:ee:
                    24:7b:f9:a0:74:ba:c5:cf:ba:bd:74:f3:28:80:61:
                    96:60:09:bb:cc:08:2f:db:72:cf:8b:84:05:ac:ae:
                    38:58:c3:7b:2d:c2:b3:bf:60:e5:85:c5:2e:b6:6e:
                    42:24:cf:65:b8:48:48:f7:9c:bb:97:8a:f1:2a:fd:
                    1c:de:49:54:83:3b:a4:18:bf:cd:23:b9:51:87:43:
                    13:fd:17:9d:25:59:5e:af:78:ba:97:de:45:d6:0a:
                    8b:0d:2a:f5:5b:88:1a:85:21:a7:74:99:5b:82:06:
                    b1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:7A:DD:74:4A:60:59:28:63:DF:FD:CB:BC:69:D1:5D:4A:D8:44:67
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/3138352e39332e33342e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:6c:f8:a3:84:b5:05:31:db:2e:5a:44:7c:8e:ae:78:7c:37:
         30:cf:29:8c:24:56:36:1b:ef:4a:68:06:71:45:00:95:48:de:
         87:87:44:1d:00:46:59:48:f7:14:4d:e2:d3:4e:23:d8:df:48:
         a9:8b:c3:d6:94:c5:0f:31:22:34:b8:23:44:21:1e:b6:27:49:
         34:c9:c6:85:3d:8e:51:60:49:50:89:a5:c0:b5:27:8d:87:38:
         0b:c7:e2:c3:5a:83:e7:64:bf:1c:17:3c:f9:3c:c2:dc:39:ff:
         5b:45:b7:27:6c:10:d5:36:35:9b:73:bb:dc:49:d4:52:ba:a7:
         75:e8:5e:e8:d8:f4:e4:65:d9:0a:f1:fa:c1:6d:f7:ab:16:12:
         7a:c4:f4:1f:00:77:07:b6:21:52:c3:a2:b8:77:2e:13:04:b2:
         6b:f2:0a:1f:d2:e4:6d:4f:c1:b1:fb:10:e4:df:f9:f5:71:57:
         ba:17:fa:8a:98:45:a8:f3:6c:6c:dd:04:f3:71:34:ce:5b:d8:
         27:dc:c9:13:d5:aa:1a:15:c8:79:38:2b:ea:6f:40:05:44:69:
         5f:fa:64:4d:dc:a0:42:98:80:b0:cc:49:96:8a:24:c8:c2:80:
         3a:f0:1c:95:3a:75:a2:82:ab:f2:30:47:e6:0a:4b:10:52:80:
         14:45:6b:ba
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCRKvxLpDGMMXJgPw7dMr1xL5jLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNDdaFw0yNzAyMDIxNDM4NDdaMDMxMTAvBgNV
BAMTKDREN0FERDc0NEE2MDU5Mjg2M0RGRkRDQkJDNjlEMTVENEFEODQ0NjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrMudAxAb39VfB0hGrY5L2L32A
uemTzFnRU5bNWkTk8s5rNl66SXOCJqrHpmaa1xz6s6GKEPkCoJudyw8Q0mdLs0kb
uh6+rqUjwOtg3BuS+IEs3zcsaMikptHIJp7WMlQtZiS5KekNuijGPtwsRfDfnLkt
Tx2LFIU9SmFKEU3kOj9ShtHKyceVVNAu74IWWFOrrmvg7iR7+aB0usXPur108yiA
YZZgCbvMCC/bcs+LhAWsrjhYw3stwrO/YOWFxS62bkIkz2W4SEj3nLuXivEq/Rze
SVSDO6QYv80juVGHQxP9F50lWV6veLqX3kXWCosNKvVbiBqFIad0mVuCBrEnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUTXrddEpgWShj3/3LvGnRXUrYRGcwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzEzODM1MmUzOTMzMmUzMzM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALld
IjANBgkqhkiG9w0BAQsFAAOCAQEAR2z4o4S1BTHbLlpEfI6ueHw3MM8pjCRWNhvv
SmgGcUUAlUjeh4dEHQBGWUj3FE3i004j2N9IqYvD1pTFDzEiNLgjRCEetidJNMnG
hT2OUWBJUImlwLUnjYc4C8fiw1qD52S/HBc8+TzC3Dn/W0W3J2wQ1TY1m3O73EnU
Urqndehe6Nj05GXZCvH6wW33qxYSesT0HwB3B7YhUsOiuHcuEwSya/IKH9LkbU/B
sfsQ5N/59XFXuhf6iphFqPNsbN0E83E0zlvYJ9zJE9WqGhXIeTgr6m9ABURpX/pk
TdygQpiAsMxJlookyMKAOvAclTp1ooKr8jBH5gpLEFKAFEVrug==
-----END CERTIFICATE-----