Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3137352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          OPG+cHcdeQiB4XD0saQ4iB15uei/R+LiPjH8fQvBMds=
Subject key identifier:   8D:69:DF:45:0B:05:AB:93:F1:EA:D1:25:B0:F7:04:5E:F4:B3:9C:E6
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       54972DF48D96B08BFBD691F0655FB2B99E3DCC79
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa
Signing time:             Thu 19 Feb 2026 09:10:39 +0000
ROA not before:           Thu 19 Feb 2026 09:05:39 +0000
ROA not after:            Thu 18 Feb 2027 09:10:39 +0000
asID:                     834
IP address blocks:        109.110.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:42:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:97:2d:f4:8d:96:b0:8b:fb:d6:91:f0:65:5f:b2:b9:9e:3d:cc:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Feb 19 09:05:39 2026 GMT
            Not After : Feb 18 09:10:39 2027 GMT
        Subject: CN=8D69DF450B05AB93F1EAD125B0F7045EF4B39CE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1f:08:1d:ad:83:50:ff:91:e1:6a:1e:9e:0b:
                    53:54:3b:02:e0:22:48:c4:e0:fe:2e:39:93:18:28:
                    08:10:d8:86:f7:d4:3c:a4:42:b7:25:ac:ce:c6:3e:
                    43:61:4b:36:67:2b:0b:87:72:bc:2b:b8:86:98:14:
                    7c:1a:7a:0a:fb:ea:6a:af:63:ec:17:89:a5:5e:b7:
                    3e:18:61:1a:b2:6b:ff:e6:f3:05:de:9a:ca:db:09:
                    bd:01:64:38:08:6a:36:41:6b:f6:12:dc:56:56:64:
                    d2:78:c9:cf:68:d3:6f:f8:a5:b8:fb:20:91:a7:67:
                    8e:de:aa:f7:dc:5b:b2:1f:c1:23:18:a0:20:8c:95:
                    8e:4a:b7:b5:b3:e5:86:b1:a6:97:a3:16:9a:f1:3f:
                    6d:19:04:d1:ae:6f:33:72:a1:04:6d:fa:6d:c1:db:
                    5f:87:b3:c0:61:75:4a:2d:e6:0c:f7:f6:9f:24:dd:
                    9e:9f:5c:7f:79:d1:48:d3:e2:ad:0e:b9:b5:04:b5:
                    fe:41:c6:4e:de:ec:42:21:23:b4:f7:cd:11:ae:88:
                    06:ad:59:e3:06:7f:02:14:73:6d:82:e4:4f:10:e3:
                    d5:7f:3e:27:02:d8:94:aa:f8:65:14:c6:c0:87:c6:
                    50:5c:9f:10:00:d2:a2:d7:9e:84:7a:7b:6e:9b:76:
                    fa:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:69:DF:45:0B:05:AB:93:F1:EA:D1:25:B0:F7:04:5E:F4:B3:9C:E6
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:68:af:8c:b8:71:6b:ad:9b:df:c9:7c:78:b9:67:92:54:b4:
         5a:2f:5d:9f:64:22:1f:ba:2f:63:92:af:63:cb:0a:32:86:e9:
         10:d3:02:4a:c3:c1:34:e4:c0:88:23:8e:74:43:d6:3c:6b:ac:
         20:4a:ae:4d:e5:5d:ac:15:26:d0:4e:cd:91:30:f7:a1:c3:4c:
         5d:77:99:55:c5:66:94:9f:c9:4f:57:06:e3:37:4d:1e:2a:72:
         a6:e5:9a:0e:88:00:22:49:dd:8f:ae:86:8a:fe:5e:d1:75:e8:
         c7:81:85:b4:d6:7c:0c:d3:0f:65:57:e5:8c:18:dd:05:cf:81:
         f8:35:79:2c:c1:82:0f:95:2f:1b:03:af:24:1b:2e:9a:6a:76:
         f1:4b:12:8c:b6:b7:9e:af:79:ee:f2:21:ad:b2:67:59:be:2c:
         4c:99:83:6e:88:23:4f:89:64:2c:2a:95:e4:39:c1:97:b9:60:
         f3:e3:d3:b3:b2:6a:34:eb:56:67:15:05:ba:bd:d5:5b:2f:25:
         41:d9:5d:e5:11:2a:80:ee:6b:e1:a5:e3:33:3e:e2:ff:28:61:
         af:7f:0f:5f:d2:8f:8c:51:74:ba:31:69:4c:04:13:f2:7e:10:
         a2:0d:c9:96:0d:52:73:9e:a8:ba:03:19:0c:cc:7c:43:a3:e5:
         c5:15:ff:0e
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVJct9I2WsIv71pHwZV+yuZ49zHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjAyMTkwOTA1MzlaFw0yNzAyMTgwOTEwMzlaMDMxMTAvBgNV
BAMTKDhENjlERjQ1MEIwNUFCOTNGMUVBRDEyNUIwRjcwNDVFRjRCMzlDRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHwgdrYNQ/5Hhah6eC1NUOwLg
IkjE4P4uOZMYKAgQ2Ib31DykQrclrM7GPkNhSzZnKwuHcrwruIaYFHwaegr76mqv
Y+wXiaVetz4YYRqya//m8wXemsrbCb0BZDgIajZBa/YS3FZWZNJ4yc9o02/4pbj7
IJGnZ47eqvfcW7IfwSMYoCCMlY5Kt7Wz5YaxppejFprxP20ZBNGubzNyoQRt+m3B
21+Hs8BhdUot5gz39p8k3Z6fXH950UjT4q0OubUEtf5Bxk7e7EIhI7T3zRGuiAat
WeMGfwIUc22C5E8Q49V/PicC2JSq+GUUxsCHxlBcnxAA0qLXnoR6e26bdvpBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjWnfRQsFq5Px6tElsPcEXvSznOYwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzczNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
rzANBgkqhkiG9w0BAQsFAAOCAQEAeGivjLhxa62b38l8eLlnklS0Wi9dn2QiH7ov
Y5KvY8sKMobpENMCSsPBNOTAiCOOdEPWPGusIEquTeVdrBUm0E7NkTD3ocNMXXeZ
VcVmlJ/JT1cG4zdNHipypuWaDogAIkndj66Giv5e0XXox4GFtNZ8DNMPZVfljBjd
Bc+B+DV5LMGCD5UvGwOvJBsummp28UsSjLa3nq957vIhrbJnWb4sTJmDbogjT4lk
LCqV5DnBl7lg8+PTs7JqNOtWZxUFur3VWy8lQdld5REqgO5r4aXjMz7i/yhhr38P
X9KPjFF0ujFpTAQT8n4Qog3Jlg1Sc56ougMZDMx8Q6PlxRX/Dg==
-----END CERTIFICATE-----