Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/3138352e322e35312e302f32342d3234203d3e203137353631.roa
File:                     3138352e322e35312e302f32342d3234203d3e203137353631.roa (raw, json)
Hash identifier:          35sh4qa6md8PSSqaFmFo8K1ywirF77Kr0DSJ4bj3Ok0=
Subject key identifier:   D1:90:A6:2D:B8:1B:1D:A9:C4:35:49:E1:6E:93:6B:47:3B:A2:65:BD
Certificate issuer:       /CN=a29ef21c1397ab4b2f08778305a37ffd1cc25c4e
Certificate serial:       02FBEC1B08C9B6D234FE527C817E2AD9F1601EF9
Authority key identifier: A2:9E:F2:1C:13:97:AB:4B:2F:08:77:83:05:A3:7F:FD:1C:C2:5C:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/op7yHBOXq0svCHeDBaN__RzCXE4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/3138352e322e35312e302f32342d3234203d3e203137353631.roa
Signing time:             Thu 09 Apr 2026 08:33:19 +0000
ROA not before:           Thu 09 Apr 2026 08:28:19 +0000
ROA not after:            Thu 08 Apr 2027 08:33:19 +0000
asID:                     17561
IP address blocks:        185.2.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/A29EF21C1397AB4B2F08778305A37FFD1CC25C4E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/A29EF21C1397AB4B2F08778305A37FFD1CC25C4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/op7yHBOXq0svCHeDBaN__RzCXE4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:fb:ec:1b:08:c9:b6:d2:34:fe:52:7c:81:7e:2a:d9:f1:60:1e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a29ef21c1397ab4b2f08778305a37ffd1cc25c4e
        Validity
            Not Before: Apr  9 08:28:19 2026 GMT
            Not After : Apr  8 08:33:19 2027 GMT
        Subject: CN=D190A62DB81B1DA9C43549E16E936B473BA265BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:18:47:bf:78:2a:ab:77:2c:7a:fb:f0:c6:ee:
                    2d:7b:6e:58:1c:55:7e:79:15:46:b9:e3:55:f2:6b:
                    a4:29:bf:44:86:69:38:d4:19:ee:e7:73:46:97:04:
                    a4:67:8a:15:26:18:a1:e1:d0:0a:c7:d8:00:11:91:
                    82:f0:7c:2b:b5:5c:c7:cb:5b:d9:a1:4f:f9:34:c4:
                    a6:4a:e0:9e:13:d9:64:cd:fa:62:82:a3:a6:e1:93:
                    52:09:84:ee:b4:07:39:a8:3a:a8:97:bc:26:b2:d1:
                    70:56:8b:61:42:24:d8:7a:ac:92:68:e5:4c:4b:77:
                    79:f1:aa:e7:72:b3:c7:27:46:5a:6b:95:50:e0:92:
                    28:05:dc:61:79:58:ae:be:87:53:dd:92:e7:bc:59:
                    1c:e6:20:78:24:25:8e:11:60:8f:2a:b8:c2:87:59:
                    19:6d:0a:6c:85:57:6f:e1:6c:db:e4:56:e7:57:cf:
                    60:82:9a:1d:cd:b4:e3:5b:77:64:ac:8d:9e:71:ad:
                    8f:e7:3f:b8:f8:9b:eb:6f:f4:9d:c5:ad:ce:d5:86:
                    59:3f:a9:a4:74:9a:61:15:af:c4:e9:47:b0:15:8d:
                    3d:bf:e5:1a:59:f9:6f:0a:00:e2:a5:bd:10:5e:83:
                    5d:cf:1d:9d:c2:45:1c:a6:78:77:c3:8d:7f:3a:28:
                    eb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:90:A6:2D:B8:1B:1D:A9:C4:35:49:E1:6E:93:6B:47:3B:A2:65:BD
            X509v3 Authority Key Identifier:
                keyid:A2:9E:F2:1C:13:97:AB:4B:2F:08:77:83:05:A3:7F:FD:1C:C2:5C:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/A29EF21C1397AB4B2F08778305A37FFD1CC25C4E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/op7yHBOXq0svCHeDBaN__RzCXE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/be41704f-7815-4f2c-a503-58ae08e556b6/2/3138352e322e35312e302f32342d3234203d3e203137353631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:45:48:52:f0:23:85:79:92:6f:1e:60:46:2f:f4:17:77:07:
         02:1c:f0:6c:42:5d:7a:13:fd:be:d5:73:c6:e4:ba:0b:90:16:
         95:66:3c:23:90:2e:6b:ac:15:d7:4a:a0:16:67:5a:bb:d2:c6:
         ac:14:d9:ef:2e:3a:1d:8f:3d:72:28:70:65:d2:5b:f2:f8:2c:
         bc:4f:6a:65:5f:19:2a:4d:1f:c8:0d:06:46:36:46:c0:1b:a7:
         a8:13:e4:37:41:ff:e0:22:69:cd:1b:13:76:ce:0a:2e:b2:55:
         35:99:48:a6:75:d9:79:fe:93:69:2a:0d:91:3a:ce:03:a9:ab:
         8a:29:29:71:83:3a:4b:4c:d8:9e:97:6f:87:6b:64:eb:64:bb:
         e0:f3:57:ee:40:23:82:ad:25:30:6e:30:f5:3c:af:6e:95:52:
         99:40:78:8e:6b:0b:13:1d:47:f7:77:80:3b:e5:ef:d2:7d:dd:
         3a:37:4a:05:9e:f2:ea:b9:f9:67:36:d3:a9:6c:7b:2d:b8:80:
         fa:68:31:eb:5b:34:07:96:d8:f2:75:c2:6e:3d:5b:10:91:ac:
         bd:cd:85:b5:1c:3f:84:23:bc:59:4c:a9:fc:f5:ff:18:6b:4e:
         d5:a0:fe:79:fa:bd:90:aa:30:ef:01:9b:e3:8d:71:67:95:6b:
         fa:90:68:99
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUAvvsGwjJttI0/lJ8gX4q2fFgHvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTI5ZWYyMWMxMzk3YWI0YjJmMDg3NzgzMDVhMzdmZmQx
Y2MyNWM0ZTAeFw0yNjA0MDkwODI4MTlaFw0yNzA0MDgwODMzMTlaMDMxMTAvBgNV
BAMTKEQxOTBBNjJEQjgxQjFEQTlDNDM1NDlFMTZFOTM2QjQ3M0JBMjY1QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3GEe/eCqrdyx6+/DG7i17blgc
VX55FUa541Xya6Qpv0SGaTjUGe7nc0aXBKRnihUmGKHh0ArH2AARkYLwfCu1XMfL
W9mhT/k0xKZK4J4T2WTN+mKCo6bhk1IJhO60BzmoOqiXvCay0XBWi2FCJNh6rJJo
5UxLd3nxqudys8cnRlprlVDgkigF3GF5WK6+h1Pdkue8WRzmIHgkJY4RYI8quMKH
WRltCmyFV2/hbNvkVudXz2CCmh3NtONbd2SsjZ5xrY/nP7j4m+tv9J3Frc7Vhlk/
qaR0mmEVr8TpR7AVjT2/5RpZ+W8KAOKlvRBeg13PHZ3CRRymeHfDjX86KOvLAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0ZCmLbgbHanENUnhbpNrRzuiZb0wHwYDVR0j
BBgwFoAUop7yHBOXq0svCHeDBaN//RzCXE4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYtNzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1
NmI2LzIvQTI5RUYyMUMxMzk3QUI0QjJGMDg3NzgzMDVBMzdGRkQxQ0MyNUM0RS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL29wN3lIQk9YcTBzdkNIZURCYU5fX1J6
Q1hFNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYmU0MTcwNGYt
NzgxNS00ZjJjLWE1MDMtNThhZTA4ZTU1NmI2LzIvMzEzODM1MmUzMjJlMzUzMTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzczNTM2MzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5AjMw
DQYJKoZIhvcNAQELBQADggEBAFJFSFLwI4V5km8eYEYv9Bd3BwIc8GxCXXoT/b7V
c8bkuguQFpVmPCOQLmusFddKoBZnWrvSxqwU2e8uOh2PPXIocGXSW/L4LLxPamVf
GSpNH8gNBkY2RsAbp6gT5DdB/+Aiac0bE3bOCi6yVTWZSKZ12Xn+k2kqDZE6zgOp
q4opKXGDOktM2J6Xb4drZOtku+DzV+5AI4KtJTBuMPU8r26VUplAeI5rCxMdR/d3
gDvl79J93To3SgWe8uq5+Wc206lsey24gPpoMetbNAeW2PJ1wm49WxCRrL3NhbUc
P4QjvFlMqfz1/xhrTtWg/nn6vZCqMO8Bm+ONcWeVa/qQaJk=
-----END CERTIFICATE-----