Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/3139332e332e3136352e302f32342d3234203d3e203434333535.roa
File:                     3139332e332e3136352e302f32342d3234203d3e203434333535.roa (raw, json)
Hash identifier:          gH72txr/t2MPAImozX8PI2GcImrMvbNUKeyyf51HbrU=
Subject key identifier:   A2:86:F6:CD:FA:55:4B:5B:1F:66:74:2F:54:FD:52:A9:09:F2:77:C8
Certificate issuer:       /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial:       04AB81DE0ED4F489F2DF7FA34C028ABB2932149C
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/3139332e332e3136352e302f32342d3234203d3e203434333535.roa
Signing time:             Tue 12 May 2026 20:16:01 +0000
ROA not before:           Tue 12 May 2026 20:11:01 +0000
ROA not after:            Tue 11 May 2027 20:16:01 +0000
asID:                     44355
IP address blocks:        193.3.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 20:58:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:ab:81:de:0e:d4:f4:89:f2:df:7f:a3:4c:02:8a:bb:29:32:14:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
        Validity
            Not Before: May 12 20:11:01 2026 GMT
            Not After : May 11 20:16:01 2027 GMT
        Subject: CN=A286F6CDFA554B5B1F66742F54FD52A909F277C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a3:4c:40:2a:d6:c8:03:80:45:af:d0:ec:92:
                    70:12:b7:79:a2:37:53:c9:52:f9:51:06:b3:98:ab:
                    56:85:b9:0e:4a:92:8f:5b:07:69:40:39:b8:60:81:
                    47:14:b8:bc:46:da:4e:91:ca:f6:e1:40:ca:f3:18:
                    1b:53:f3:da:0d:94:78:47:12:ef:6e:cc:d6:5c:8b:
                    b4:87:89:a7:ca:65:87:94:f0:08:18:c9:fe:5d:1a:
                    0e:13:cc:21:5f:e7:bc:b9:d1:76:33:3b:40:38:8b:
                    d3:45:d2:ac:bb:de:9e:f3:54:c8:9e:1b:0c:f0:ce:
                    1d:7c:b4:92:67:ef:5c:93:92:f7:91:fb:c2:b2:6c:
                    82:a0:bc:80:28:d6:d8:3c:67:57:c5:3f:70:e0:18:
                    71:0e:d2:2f:c1:fe:0a:a7:ba:ed:0b:a8:a6:da:c4:
                    68:2d:d1:0c:7c:01:93:31:7c:57:f6:71:be:2f:4d:
                    ac:ce:1f:46:bd:84:a8:bd:c4:1c:e6:f2:61:37:9b:
                    aa:fd:cd:99:cd:f4:c2:79:cb:50:28:05:fd:78:0c:
                    64:be:45:15:68:b8:d1:a8:c1:23:0e:c5:62:98:98:
                    f4:a7:e3:75:2b:da:59:0b:a8:b8:30:32:fb:49:d3:
                    c9:2c:83:89:23:11:85:c2:4b:c7:df:71:c4:6a:07:
                    82:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:86:F6:CD:FA:55:4B:5B:1F:66:74:2F:54:FD:52:A9:09:F2:77:C8
            X509v3 Authority Key Identifier:
                keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/3139332e332e3136352e302f32342d3234203d3e203434333535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:31:2d:9a:09:d8:89:0a:b7:e5:6a:fc:30:b7:02:d5:0a:87:
         de:e2:0a:96:8d:44:43:17:a6:7b:f9:86:8d:ae:44:96:2f:78:
         8c:c1:41:6a:4c:58:7c:91:82:46:19:39:b1:7d:e9:70:cf:52:
         8a:c4:ec:75:77:43:72:15:6d:30:7a:b4:98:74:aa:d9:74:ed:
         fd:c4:1c:bd:ee:c3:b9:65:a3:55:70:92:0f:10:f0:fb:72:aa:
         0b:f1:ec:c0:b4:bc:92:51:09:24:31:e9:be:b5:b4:8b:61:bd:
         2d:cc:32:61:0c:03:82:9c:92:b0:67:e8:87:e8:f6:ac:0a:2b:
         02:ef:f7:b4:68:65:e1:1c:02:d1:2b:8d:e6:24:c6:72:31:7a:
         cc:3c:98:5f:52:f5:fb:b1:59:ff:db:9d:6c:85:44:a8:7b:2c:
         13:2e:59:38:54:13:71:06:19:c0:d3:f0:42:a5:af:47:a4:ac:
         e3:44:96:e4:56:c9:86:c4:41:52:11:0a:75:e5:62:ab:68:ab:
         e5:1c:f5:fa:63:b8:bb:30:78:24:d2:71:95:81:16:0b:35:75:
         e8:18:3b:8b:6c:ad:4b:16:7c:84:89:dc:42:8c:9a:be:07:2e:
         f9:83:63:9b:d5:3c:1e:8e:22:01:ae:b6:0b:98:ad:61:d1:20:
         25:16:36:9b
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBKuB3g7U9Iny33+jTAKKuykyFJwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNjA1MTIyMDExMDFaFw0yNzA1MTEyMDE2MDFaMDMxMTAvBgNV
BAMTKEEyODZGNkNERkE1NTRCNUIxRjY2NzQyRjU0RkQ1MkE5MDlGMjc3QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIo0xAKtbIA4BFr9DsknASt3mi
N1PJUvlRBrOYq1aFuQ5Kko9bB2lAObhggUcUuLxG2k6RyvbhQMrzGBtT89oNlHhH
Eu9uzNZci7SHiafKZYeU8AgYyf5dGg4TzCFf57y50XYzO0A4i9NF0qy73p7zVMie
Gwzwzh18tJJn71yTkveR+8KybIKgvIAo1tg8Z1fFP3DgGHEO0i/B/gqnuu0LqKba
xGgt0Qx8AZMxfFf2cb4vTazOH0a9hKi9xBzm8mE3m6r9zZnN9MJ5y1AoBf14DGS+
RRVouNGowSMOxWKYmPSn43Ur2lkLqLgwMvtJ08ksg4kjEYXCS8ffccRqB4JJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUoob2zfpVS1sfZnQvVP1SqQnyd8gwHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzEzOTMzMmUzMzJlMzEzNjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNDMzMzUzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMED
pTANBgkqhkiG9w0BAQsFAAOCAQEAbTEtmgnYiQq35Wr8MLcC1QqH3uIKlo1EQxem
e/mGja5Eli94jMFBakxYfJGCRhk5sX3pcM9SisTsdXdDchVtMHq0mHSq2XTt/cQc
ve7DuWWjVXCSDxDw+3KqC/HswLS8klEJJDHpvrW0i2G9LcwyYQwDgpySsGfoh+j2
rAorAu/3tGhl4RwC0SuN5iTGcjF6zDyYX1L1+7FZ/9udbIVEqHssEy5ZOFQTcQYZ
wNPwQqWvR6Ss40SW5FbJhsRBUhEKdeViq2ir5Rz1+mO4uzB4JNJxlYEWCzV16Bg7
i2ytSxZ8hIncQoyavgcu+YNjm9U8Ho4iAa62C5itYdEgJRY2mw==
-----END CERTIFICATE-----