Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36312e302f32342d3234203d3e203239383032.roa
File:                     38352e3135382e36312e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          0ZHSMMa0OXGLMveAG/+qCeGbmG05YERZzKND6n6nsPE=
Subject key identifier:   59:02:65:D7:E7:BA:1F:E0:66:BB:CB:73:5A:93:9E:98:6F:1F:7E:65
Certificate issuer:       /CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
Certificate serial:       2A4239D54A6A78852C4B517A31F890A29F6394A3
Authority key identifier: AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36312e302f32342d3234203d3e203239383032.roa
Signing time:             Tue 03 Feb 2026 14:38:48 +0000
ROA not before:           Tue 03 Feb 2026 14:33:48 +0000
ROA not after:            Tue 02 Feb 2027 14:38:48 +0000
asID:                     29802
IP address blocks:        85.158.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:42:39:d5:4a:6a:78:85:2c:4b:51:7a:31:f8:90:a2:9f:63:94:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f26ea1f10da4a16cad9c7a6510856fbabb8d
        Validity
            Not Before: Feb  3 14:33:48 2026 GMT
            Not After : Feb  2 14:38:48 2027 GMT
        Subject: CN=590265D7E7BA1FE066BBCB735A939E986F1F7E65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fa:1a:ea:2b:5c:72:9c:54:2f:8c:0a:fa:46:
                    e0:78:f4:d2:7b:7b:b7:0a:10:23:88:a4:7b:98:7c:
                    78:b0:3d:72:81:68:f5:e4:ff:83:ec:f8:c8:bc:7f:
                    4a:8c:d4:a4:3d:16:e6:52:93:1a:4f:a4:5a:50:ed:
                    cf:4b:35:3f:d1:c1:22:83:48:b7:1b:3a:0c:97:0b:
                    98:4f:4d:26:ea:22:4d:48:1f:52:28:fd:07:39:66:
                    50:ad:23:34:ca:9c:68:5c:bc:19:4e:fa:10:76:4e:
                    17:38:43:c7:7c:52:99:28:34:36:9d:b6:d8:e0:4d:
                    bd:03:24:44:ea:a6:88:c2:c9:ee:a6:5b:03:90:7a:
                    ad:a7:aa:71:22:0a:e7:66:46:58:c3:a2:1e:0d:c2:
                    2f:7c:1f:ab:58:c4:aa:02:fe:44:5f:75:42:6d:0c:
                    4c:56:40:d9:55:01:69:6c:58:b3:0a:d3:52:a8:44:
                    7d:b6:19:97:dd:0b:a0:ad:a7:96:7e:2c:d0:81:c5:
                    17:37:9c:de:c8:1c:65:16:cc:44:b8:f2:1d:29:8a:
                    7a:f7:7c:b4:e5:31:0a:6c:a6:da:fc:92:4f:fc:d4:
                    18:b4:84:42:9d:8b:d8:8d:7e:56:d6:c9:ac:fd:dd:
                    9d:56:88:21:d4:de:4d:22:30:32:a8:3d:ed:30:b9:
                    7f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:02:65:D7:E7:BA:1F:E0:66:BB:CB:73:5A:93:9E:98:6F:1F:7E:65
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F2:6E:A1:F1:0D:A4:A1:6C:AD:9C:7A:65:10:85:6F:BA:BB:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/AFF6F26EA1F10DA4A16CAD9C7A6510856FBABB8D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_bybqHxDaShbK2cemUQhW-6u40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ab9f5497-2b95-4a42-80d0-5c41f807b61f/0/38352e3135382e36312e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:e9:b5:51:5a:dd:36:79:0c:29:58:6a:ed:bf:89:09:d0:65:
         7f:5f:d1:64:13:87:b0:56:03:9c:22:cc:25:74:c8:43:34:91:
         fc:c4:75:a2:79:b3:a8:c2:04:a1:c1:7a:40:24:6a:bf:e9:26:
         37:ca:ba:99:92:be:60:f1:21:62:9a:5b:57:c4:a4:88:36:2c:
         37:34:da:27:00:4c:ca:c4:65:eb:1c:7a:2f:52:b2:62:ad:be:
         9a:00:ac:4d:c8:10:02:a5:b1:20:d3:44:8a:05:50:a5:f6:b6:
         75:43:5f:6b:a6:60:ff:5e:f7:43:2a:0d:ba:3e:98:21:a5:22:
         b5:62:32:cd:97:bd:8e:d0:aa:89:56:97:2e:27:e3:ec:12:5b:
         97:32:c3:ad:33:9c:1c:44:71:9e:09:9c:fe:00:d2:a8:45:a4:
         37:0b:22:7b:83:44:2f:20:31:3c:78:d7:85:c2:63:67:e7:f5:
         06:fb:f6:a4:d0:0c:2a:98:a8:05:ba:4d:df:a4:8c:36:fb:85:
         c7:57:60:87:0e:cb:9d:81:a9:08:55:e1:c7:4c:47:1f:3e:12:
         e6:c7:87:f4:6a:15:f9:17:50:54:d2:5d:d5:ca:d2:e3:cd:a8:
         0f:2d:47:45:43:93:cd:b6:91:99:01:55:de:8f:0a:b1:41:db:
         e2:9a:ed:08
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKkI51UpqeIUsS1F6MfiQop9jlKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWZmNmYyNmVhMWYxMGRhNGExNmNhZDljN2E2NTEwODU2
ZmJhYmI4ZDAeFw0yNjAyMDMxNDMzNDhaFw0yNzAyMDIxNDM4NDhaMDMxMTAvBgNV
BAMTKDU5MDI2NUQ3RTdCQTFGRTA2NkJCQ0I3MzVBOTM5RTk4NkYxRjdFNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG+hrqK1xynFQvjAr6RuB49NJ7
e7cKECOIpHuYfHiwPXKBaPXk/4Ps+Mi8f0qM1KQ9FuZSkxpPpFpQ7c9LNT/RwSKD
SLcbOgyXC5hPTSbqIk1IH1Io/Qc5ZlCtIzTKnGhcvBlO+hB2Thc4Q8d8UpkoNDad
ttjgTb0DJETqpojCye6mWwOQeq2nqnEiCudmRljDoh4Nwi98H6tYxKoC/kRfdUJt
DExWQNlVAWlsWLMK01KoRH22GZfdC6Ctp5Z+LNCBxRc3nN7IHGUWzES48h0pinr3
fLTlMQpsptr8kk/81Bi0hEKdi9iNflbWyaz93Z1WiCHU3k0iMDKoPe0wuX9DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUWQJl1+e6H+Bmu8tzWpOemG8ffmUwHwYDVR0j
BBgwFoAUr/bybqHxDaShbK2cemUQhW+6u40wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTctMmI5NS00YTQyLTgwZDAtNWM0MWY4MDdi
NjFmLzAvQUZGNkYyNkVBMUYxMERBNEExNkNBRDlDN0E2NTEwODU2RkJBQkI4RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3JfYnlicUh4RGFTaGJLMmNlbVVRaFct
NnU0MC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWI5ZjU0OTct
MmI5NS00YTQyLTgwZDAtNWM0MWY4MDdiNjFmLzAvMzgzNTJlMzEzNTM4MmUzNjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFWe
PTANBgkqhkiG9w0BAQsFAAOCAQEApOm1UVrdNnkMKVhq7b+JCdBlf1/RZBOHsFYD
nCLMJXTIQzSR/MR1onmzqMIEocF6QCRqv+kmN8q6mZK+YPEhYppbV8SkiDYsNzTa
JwBMysRl6xx6L1KyYq2+mgCsTcgQAqWxINNEigVQpfa2dUNfa6Zg/173QyoNuj6Y
IaUitWIyzZe9jtCqiVaXLifj7BJblzLDrTOcHERxngmc/gDSqEWkNwsie4NELyAx
PHjXhcJjZ+f1Bvv2pNAMKpioBbpN36SMNvuFx1dghw7LnYGpCFXhx0xHHz4S5seH
9GoV+RdQVNJd1crS482oDy1HRUOTzbaRmQFV3o8KsUHb4prtCA==
-----END CERTIFICATE-----