Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138332e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3138332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          rNxWgij58+G6kdc0ACRuic1h4Li6U2ijAn2ltDq0pBM=
Subject key identifier:   08:5A:02:68:3B:B9:F8:7E:0D:2E:78:7E:BA:59:06:DB:B5:C1:55:38
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       52362AB7F1CD07AAFA7135D7FB0B764029A7E474
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138332e302f32342d3234203d3e20383334.roa
Signing time:             Wed 18 Feb 2026 18:15:54 +0000
ROA not before:           Wed 18 Feb 2026 18:10:54 +0000
ROA not after:            Wed 17 Feb 2027 18:15:54 +0000
asID:                     834
IP address blocks:        109.110.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 05:42:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:36:2a:b7:f1:cd:07:aa:fa:71:35:d7:fb:0b:76:40:29:a7:e4:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Feb 18 18:10:54 2026 GMT
            Not After : Feb 17 18:15:54 2027 GMT
        Subject: CN=085A02683BB9F87E0D2E787EBA5906DBB5C15538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:6b:b7:e1:10:6c:66:dc:95:54:e4:bf:33:0d:
                    c2:b0:eb:c1:d4:4b:70:00:75:95:ce:db:95:88:4b:
                    eb:47:63:10:2b:b5:b4:57:45:43:fe:a1:0c:ca:a2:
                    4d:b4:98:4a:67:3f:1f:1c:c7:3f:24:42:cb:cd:1a:
                    37:f4:b3:c5:02:62:e8:af:d2:f1:72:16:b8:c0:5b:
                    81:a2:9f:0e:10:0b:17:c7:61:63:ad:83:21:84:48:
                    ff:c5:81:06:d2:cd:2d:5e:66:d7:d8:85:50:09:9a:
                    82:aa:0c:d3:63:fc:ca:75:78:80:e0:ba:85:8c:c4:
                    6d:37:1d:04:ef:62:d4:53:2b:8e:46:10:96:17:4e:
                    76:1f:d8:19:24:96:58:c4:a8:9a:c2:2b:ca:62:e4:
                    76:fb:f4:7a:9f:8d:3e:a5:d8:ab:23:3a:26:4d:f6:
                    08:c3:35:4c:00:21:26:82:9b:f7:3d:d6:f3:72:78:
                    db:47:87:0e:9d:fd:f7:dd:07:68:ce:68:da:c5:bb:
                    0e:c3:5e:aa:37:36:8b:d2:48:12:c2:27:5b:0b:b6:
                    58:5c:a0:57:b6:85:47:d5:69:fb:7a:58:96:c4:7f:
                    21:55:9e:e5:fe:03:90:7c:e2:88:c8:13:9f:f9:ce:
                    1d:6e:74:b3:83:40:20:a5:d8:b7:d6:31:2b:d7:43:
                    4b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5A:02:68:3B:B9:F8:7E:0D:2E:78:7E:BA:59:06:DB:B5:C1:55:38
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:5e:2e:7a:52:57:62:ab:f4:92:3f:c3:21:c0:49:ec:0a:12:
         d8:d2:e8:d8:f7:7a:03:a1:84:26:a6:6b:5f:b8:86:a4:9e:29:
         86:59:7c:cf:46:69:15:e4:4c:f9:f4:c0:f5:cb:65:b3:1d:55:
         5b:52:e4:44:e3:fa:88:8a:91:fe:dd:18:8a:f0:d3:8a:08:b9:
         cc:27:b1:36:a5:a4:1d:68:19:9d:a8:d5:cb:49:60:89:ac:ab:
         d8:60:9f:0c:2b:e6:da:6d:91:2e:be:3b:cf:d3:86:f4:29:a9:
         7a:86:88:9d:13:74:1c:5c:90:6c:16:38:6e:6a:d3:f7:d4:92:
         fe:79:0d:46:1c:3f:34:98:35:61:fc:4d:b0:ab:31:f4:ee:12:
         3f:12:b4:81:a7:e7:e8:3f:80:d7:b2:c4:9b:13:08:f4:ac:c5:
         c7:1d:b5:40:de:35:46:81:b1:28:f1:45:75:81:fc:a5:f7:60:
         a2:7d:08:34:b9:7b:f5:49:e5:82:2c:47:dd:8d:db:b4:a0:80:
         87:32:ae:0c:b0:c4:3d:e2:c0:ac:73:1d:f7:07:ef:d3:81:89:
         80:97:c7:da:37:67:51:b9:6e:94:1d:51:e2:33:9e:4f:9b:32:
         2c:ce:2e:6b:5a:df:60:e3:f2:1a:49:6d:14:46:d0:9d:3a:a6:
         b2:b3:ab:64
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUUjYqt/HNB6r6cTXX+wt2QCmn5HQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjAyMTgxODEwNTRaFw0yNzAyMTcxODE1NTRaMDMxMTAvBgNV
BAMTKDA4NUEwMjY4M0JCOUY4N0UwRDJFNzg3RUJBNTkwNkRCQjVDMTU1MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXa7fhEGxm3JVU5L8zDcKw68HU
S3AAdZXO25WIS+tHYxArtbRXRUP+oQzKok20mEpnPx8cxz8kQsvNGjf0s8UCYuiv
0vFyFrjAW4Ginw4QCxfHYWOtgyGESP/FgQbSzS1eZtfYhVAJmoKqDNNj/Mp1eIDg
uoWMxG03HQTvYtRTK45GEJYXTnYf2BkklljEqJrCK8pi5Hb79HqfjT6l2KsjOiZN
9gjDNUwAISaCm/c91vNyeNtHhw6d/ffdB2jOaNrFuw7DXqo3NovSSBLCJ1sLtlhc
oFe2hUfVaft6WJbEfyFVnuX+A5B84ojIE5/5zh1udLODQCCl2LfWMSvXQ0sNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUCFoCaDu5+H4NLnh+ulkG27XBVTgwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzgzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
tzANBgkqhkiG9w0BAQsFAAOCAQEAh14uelJXYqv0kj/DIcBJ7AoS2NLo2Pd6A6GE
JqZrX7iGpJ4phll8z0ZpFeRM+fTA9ctlsx1VW1LkROP6iIqR/t0YivDTigi5zCex
NqWkHWgZnajVy0lgiayr2GCfDCvm2m2RLr47z9OG9CmpeoaInRN0HFyQbBY4bmrT
99SS/nkNRhw/NJg1YfxNsKsx9O4SPxK0gafn6D+A17LEmxMI9KzFxx21QN41RoGx
KPFFdYH8pfdgon0INLl79UnlgixH3Y3btKCAhzKuDLDEPeLArHMd9wfv04GJgJfH
2jdnUblulB1R4jOeT5syLM4ua1rfYOPyGkltFEbQnTqmsrOrZA==
-----END CERTIFICATE-----