Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/3138352e322e35302e302f32342d3234203d3e203137353631.roa
File:                     3138352e322e35302e302f32342d3234203d3e203137353631.roa (raw, json)
Hash identifier:          qB0BB6ZhKcaJO+ugI4LyxfHcrE+NQHHBJFGIgs1wC9c=
Subject key identifier:   18:55:B2:51:ED:E7:9F:37:20:15:86:4E:AB:7C:24:AB:49:8D:E2:57
Certificate issuer:       /CN=a29ef21c1397ab4b2f08778305a37ffd1cc25c4e
Certificate serial:       631CE56A3B7745D4D45B1502BD5928111AA375E4
Authority key identifier: A2:9E:F2:1C:13:97:AB:4B:2F:08:77:83:05:A3:7F:FD:1C:C2:5C:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/op7yHBOXq0svCHeDBaN__RzCXE4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/3138352e322e35302e302f32342d3234203d3e203137353631.roa
Signing time:             Thu 09 Apr 2026 08:33:18 +0000
ROA not before:           Thu 09 Apr 2026 08:28:18 +0000
ROA not after:            Thu 08 Apr 2027 08:33:18 +0000
asID:                     17561
IP address blocks:        185.2.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/A29EF21C1397AB4B2F08778305A37FFD1CC25C4E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/A29EF21C1397AB4B2F08778305A37FFD1CC25C4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/op7yHBOXq0svCHeDBaN__RzCXE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:1c:e5:6a:3b:77:45:d4:d4:5b:15:02:bd:59:28:11:1a:a3:75:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a29ef21c1397ab4b2f08778305a37ffd1cc25c4e
        Validity
            Not Before: Apr  9 08:28:18 2026 GMT
            Not After : Apr  8 08:33:18 2027 GMT
        Subject: CN=1855B251EDE79F372015864EAB7C24AB498DE257
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:46:ff:c1:82:68:d3:75:aa:8d:c8:c6:a4:b4:
                    ad:dd:74:b0:01:7e:19:02:98:00:8a:dd:5d:fc:b0:
                    c4:86:59:28:63:f6:0a:9c:03:f4:59:32:e2:1a:4b:
                    5c:90:b3:d6:bd:6c:b5:15:6c:98:a2:cc:35:dc:0d:
                    f8:f4:82:68:49:65:d5:c1:39:3f:81:93:f0:89:a4:
                    95:ef:1d:fe:dd:f2:93:44:8e:69:73:41:48:2a:59:
                    95:da:72:e7:ef:0d:bf:80:24:a1:cb:53:df:95:0e:
                    e6:10:4d:ba:10:80:db:65:fe:c8:37:24:8d:a4:79:
                    d5:32:30:46:87:8a:5e:58:03:ae:4c:50:35:6f:02:
                    0b:72:95:2e:64:61:59:ab:f0:0e:e9:f3:b2:8f:74:
                    1e:f6:32:d4:ce:27:1f:2a:0a:ba:e9:cf:8d:1b:88:
                    2e:c8:60:fc:bf:d2:39:b6:90:fb:ec:ba:30:a5:5a:
                    9f:a2:0e:df:0e:d9:ae:32:45:01:52:7b:cb:be:a4:
                    54:2c:b7:71:b4:db:fe:dc:78:30:be:22:eb:26:82:
                    7d:29:c8:94:b8:be:76:3e:7d:0e:c5:40:b3:f0:a1:
                    af:8b:d9:34:f2:c1:fd:99:98:c6:c4:2b:c7:c4:5f:
                    22:31:87:ec:bb:8f:dc:c6:43:20:62:29:bd:24:35:
                    f8:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:55:B2:51:ED:E7:9F:37:20:15:86:4E:AB:7C:24:AB:49:8D:E2:57
            X509v3 Authority Key Identifier:
                keyid:A2:9E:F2:1C:13:97:AB:4B:2F:08:77:83:05:A3:7F:FD:1C:C2:5C:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/A29EF21C1397AB4B2F08778305A37FFD1CC25C4E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/op7yHBOXq0svCHeDBaN__RzCXE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/3138352e322e35302e302f32342d3234203d3e203137353631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:cf:50:cf:ab:75:ff:b6:ca:b9:3b:2b:7a:d3:8e:1f:f5:40:
         2c:ab:57:1d:12:ef:82:ad:64:de:41:57:b6:be:c3:5d:6b:8a:
         c3:0c:95:77:24:85:26:4f:cb:d6:b1:01:03:16:a0:a4:af:63:
         c5:0c:db:53:ad:a2:1d:b7:64:40:d6:53:99:28:e8:89:c9:ef:
         1d:1e:9a:ee:f9:42:bc:dd:76:e4:28:18:a1:c7:e0:3a:7f:f2:
         7e:e7:19:ab:79:0e:61:b3:35:38:1e:0d:61:ae:81:3a:3f:57:
         ae:41:92:0e:b0:21:5b:cd:6c:38:2b:1b:c6:68:c2:26:32:c2:
         2d:c4:fc:65:e4:a6:50:49:74:27:6f:c3:06:18:df:e1:fe:f8:
         1c:a7:a1:f8:ba:36:db:b1:aa:78:9c:49:3e:c2:2b:b8:4f:c0:
         e8:3d:39:75:eb:83:b3:4e:b2:55:f2:7d:39:f4:97:94:4f:e6:
         b3:b9:81:d3:cc:5b:d4:8e:f4:56:52:e3:d4:f1:24:7f:c0:3e:
         51:6b:cc:f5:3a:f1:9c:0e:e4:e1:de:4d:27:dd:35:cc:9d:4e:
         49:6e:c7:80:0a:fb:f5:98:94:e5:34:f3:89:6f:58:0e:df:eb:
         d6:ad:03:f7:14:37:b8:6d:ac:1b:e9:0b:0f:c7:0f:39:82:79:
         8f:c2:b1:f3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUYxzlajt3RdTUWxUCvVkoERqjdeQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTI5ZWYyMWMxMzk3YWI0YjJmMDg3NzgzMDVhMzdmZmQx
Y2MyNWM0ZTAeFw0yNjA0MDkwODI4MThaFw0yNzA0MDgwODMzMThaMDMxMTAvBgNV
BAMTKDE4NTVCMjUxRURFNzlGMzcyMDE1ODY0RUFCN0MyNEFCNDk4REUyNTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrRv/BgmjTdaqNyMaktK3ddLAB
fhkCmACK3V38sMSGWShj9gqcA/RZMuIaS1yQs9a9bLUVbJiizDXcDfj0gmhJZdXB
OT+Bk/CJpJXvHf7d8pNEjmlzQUgqWZXacufvDb+AJKHLU9+VDuYQTboQgNtl/sg3
JI2kedUyMEaHil5YA65MUDVvAgtylS5kYVmr8A7p87KPdB72MtTOJx8qCrrpz40b
iC7IYPy/0jm2kPvsujClWp+iDt8O2a4yRQFSe8u+pFQst3G02/7ceDC+Iusmgn0p
yJS4vnY+fQ7FQLPwoa+L2TTywf2ZmMbEK8fEXyIxh+y7j9zGQyBiKb0kNfjpAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUGFWyUe3nnzcgFYZOq3wkq0mN4lcwHwYDVR0j
BBgwFoAUop7yHBOXq0svCHeDBaN//RzCXE4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYtNzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1
NmI2LzIvQTI5RUYyMUMxMzk3QUI0QjJGMDg3NzgzMDVBMzdGRkQxQ0MyNUM0RS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL29wN3lIQk9YcTBzdkNIZURCYU5fX1J6
Q1hFNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYt
NzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1NmI2LzIvMzEzODM1MmUzMjJlMzUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzczNTM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5AjIw
DQYJKoZIhvcNAQELBQADggEBAIbPUM+rdf+2yrk7K3rTjh/1QCyrVx0S74KtZN5B
V7a+w11risMMlXckhSZPy9axAQMWoKSvY8UM21Otoh23ZEDWU5ko6InJ7x0emu75
QrzdduQoGKHH4Dp/8n7nGat5DmGzNTgeDWGugTo/V65Bkg6wIVvNbDgrG8ZowiYy
wi3E/GXkplBJdCdvwwYY3+H++Bynofi6NtuxqnicST7CK7hPwOg9OXXrg7NOslXy
fTn0l5RP5rO5gdPMW9SO9FZS49TxJH/APlFrzPU68ZwO5OHeTSfdNcydTklux4AK
+/WYlOU084lvWA7f69atA/cUN7htrBvpCw/HDzmCeY/CsfM=
-----END CERTIFICATE-----