Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/f0e48da2-bf3d-4f94-9c13-c08c1190de18/0/3139342e36312e302e302f32342d3234203d3e20323133323136.roa
File:                     3139342e36312e302e302f32342d3234203d3e20323133323136.roa (raw, json)
Hash identifier:          cDv+tCpd/eaVv7HBUSB+v0knElafCYH9RP9hQp1KhK8=
Subject key identifier:   2A:49:F7:C1:99:16:47:B1:E5:32:E2:A1:09:CC:00:F6:F4:AD:32:82
Certificate issuer:       /CN=0177dcd7bee1190629437ca4c8ab83e3ad15c7a9
Certificate serial:       486CC8F25AF4F294F095786A5EE00E489EAAF6E4
Authority key identifier: 01:77:DC:D7:BE:E1:19:06:29:43:7C:A4:C8:AB:83:E3:AD:15:C7:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AXfc177hGQYpQ3ykyKuD460Vx6k.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/f0e48da2-bf3d-4f94-9c13-c08c1190de18/0/3139342e36312e302e302f32342d3234203d3e20323133323136.roa
Signing time:             Wed 15 Apr 2026 19:34:25 +0000
ROA not before:           Wed 15 Apr 2026 19:29:25 +0000
ROA not after:            Wed 14 Apr 2027 19:34:25 +0000
asID:                     213216
IP address blocks:        194.61.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/f0e48da2-bf3d-4f94-9c13-c08c1190de18/0/0177DCD7BEE1190629437CA4C8AB83E3AD15C7A9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/f0e48da2-bf3d-4f94-9c13-c08c1190de18/0/0177DCD7BEE1190629437CA4C8AB83E3AD15C7A9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AXfc177hGQYpQ3ykyKuD460Vx6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:33:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:6c:c8:f2:5a:f4:f2:94:f0:95:78:6a:5e:e0:0e:48:9e:aa:f6:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0177dcd7bee1190629437ca4c8ab83e3ad15c7a9
        Validity
            Not Before: Apr 15 19:29:25 2026 GMT
            Not After : Apr 14 19:34:25 2027 GMT
        Subject: CN=2A49F7C1991647B1E532E2A109CC00F6F4AD3282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:4b:14:e5:b7:97:36:fb:19:da:93:1b:61:26:
                    45:52:36:a4:80:12:15:ae:b5:aa:e8:5e:5e:2f:ff:
                    29:4c:62:38:3f:af:6c:c0:b6:ba:46:c6:d8:84:10:
                    5f:8d:fc:74:a6:79:97:2d:30:1e:f4:5c:14:b8:cf:
                    ce:18:15:db:82:40:73:38:cf:32:43:39:e0:8a:57:
                    7d:4a:4d:80:89:68:29:42:d1:04:d5:c7:21:98:de:
                    f4:15:94:32:ba:66:a9:a8:fb:50:20:25:58:1d:7a:
                    1d:56:c5:6a:fa:10:0e:c3:6d:53:2f:4f:47:f3:ca:
                    f4:7b:20:1f:86:ea:a7:af:3d:a9:f4:50:3f:14:6c:
                    2d:45:48:74:b0:18:a3:e6:dc:45:ad:16:e5:a8:6a:
                    37:63:fe:d2:97:1c:ed:90:5b:dc:08:79:bf:21:59:
                    df:0e:dc:36:ee:7f:2b:15:cc:ce:0f:4d:43:67:7d:
                    0c:d1:08:42:13:0d:1e:53:55:85:b4:17:2e:53:96:
                    45:a3:99:a9:01:44:52:d1:f1:12:0e:10:a3:88:cb:
                    59:eb:98:a4:d4:91:3c:e4:90:13:b3:11:fc:07:40:
                    95:70:ea:4c:9b:69:ee:36:81:6c:62:95:50:2e:af:
                    3c:82:49:35:8c:04:f1:4f:ae:4f:58:1a:66:8c:09:
                    98:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:49:F7:C1:99:16:47:B1:E5:32:E2:A1:09:CC:00:F6:F4:AD:32:82
            X509v3 Authority Key Identifier:
                keyid:01:77:DC:D7:BE:E1:19:06:29:43:7C:A4:C8:AB:83:E3:AD:15:C7:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/f0e48da2-bf3d-4f94-9c13-c08c1190de18/0/0177DCD7BEE1190629437CA4C8AB83E3AD15C7A9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AXfc177hGQYpQ3ykyKuD460Vx6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/f0e48da2-bf3d-4f94-9c13-c08c1190de18/0/3139342e36312e302e302f32342d3234203d3e20323133323136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:15:89:6f:d5:7c:91:bb:bf:d7:b5:29:ff:36:50:fb:99:19:
         5a:64:d2:58:e5:b4:4d:36:fd:2c:c0:2e:76:0d:38:ec:ef:9f:
         52:a7:f8:f1:c4:9d:ed:aa:1f:ca:52:30:e7:bd:4d:1f:dd:86:
         97:ca:cd:85:6f:66:ff:bf:cb:61:b0:27:56:d1:67:4f:21:81:
         4f:cf:d7:3a:12:b9:b3:fa:0a:c4:50:94:07:5a:90:ea:34:9a:
         53:82:e9:21:e0:3c:7f:e7:10:f8:05:c0:1c:a4:9f:fe:e9:bc:
         14:ef:d0:8b:17:0e:41:38:27:63:5e:3e:5e:92:9f:bb:b6:6e:
         85:60:9b:e4:f7:50:ad:c9:23:e8:74:8e:22:78:ae:4d:45:76:
         48:cc:35:a5:1b:d0:9d:e1:57:61:8b:b1:1b:c2:5a:4c:49:55:
         6a:46:54:7e:7c:e6:90:59:ce:a3:02:51:83:2c:66:de:13:85:
         f8:96:5b:a6:52:d7:3c:4f:99:ef:93:31:e3:ab:8e:66:3f:2f:
         12:89:4a:d1:1e:3e:96:dd:38:dc:e0:47:df:c4:70:2f:18:20:
         da:32:4d:1a:d9:28:5d:6a:66:fa:46:81:30:b2:eb:c7:f9:d5:
         b2:fa:77:01:00:9f:6a:d8:e6:b6:d2:ef:03:23:e7:a5:1c:b5:
         9b:7e:15:2d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUSGzI8lr08pTwlXhqXuAOSJ6q9uQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDE3N2RjZDdiZWUxMTkwNjI5NDM3Y2E0YzhhYjgzZTNh
ZDE1YzdhOTAeFw0yNjA0MTUxOTI5MjVaFw0yNzA0MTQxOTM0MjVaMDMxMTAvBgNV
BAMTKDJBNDlGN0MxOTkxNjQ3QjFFNTMyRTJBMTA5Q0MwMEY2RjRBRDMyODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxSxTlt5c2+xnakxthJkVSNqSA
EhWutaroXl4v/ylMYjg/r2zAtrpGxtiEEF+N/HSmeZctMB70XBS4z84YFduCQHM4
zzJDOeCKV31KTYCJaClC0QTVxyGY3vQVlDK6Zqmo+1AgJVgdeh1WxWr6EA7DbVMv
T0fzyvR7IB+G6qevPan0UD8UbC1FSHSwGKPm3EWtFuWoajdj/tKXHO2QW9wIeb8h
Wd8O3DbufysVzM4PTUNnfQzRCEITDR5TVYW0Fy5TlkWjmakBRFLR8RIOEKOIy1nr
mKTUkTzkkBOzEfwHQJVw6kybae42gWxilVAurzyCSTWMBPFPrk9YGmaMCZgvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUKkn3wZkWR7HlMuKhCcwA9vStMoIwHwYDVR0j
BBgwFoAUAXfc177hGQYpQ3ykyKuD460Vx6kwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZjBlNDhkYTItYmYzZC00Zjk0LTljMTMtYzA4YzExOTBk
ZTE4LzAvMDE3N0RDRDdCRUUxMTkwNjI5NDM3Q0E0QzhBQjgzRTNBRDE1QzdBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0FYZmMxNzdoR1FZcFEzeWt5S3VENDYw
Vng2ay5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZjBlNDhkYTIt
YmYzZC00Zjk0LTljMTMtYzA4YzExOTBkZTE4LzAvMzEzOTM0MmUzNjMxMmUzMDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMzMyMzEzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI9
ADANBgkqhkiG9w0BAQsFAAOCAQEAlxWJb9V8kbu/17Up/zZQ+5kZWmTSWOW0TTb9
LMAudg047O+fUqf48cSd7aofylIw571NH92Gl8rNhW9m/7/LYbAnVtFnTyGBT8/X
OhK5s/oKxFCUB1qQ6jSaU4LpIeA8f+cQ+AXAHKSf/um8FO/QixcOQTgnY14+XpKf
u7ZuhWCb5PdQrckj6HSOIniuTUV2SMw1pRvQneFXYYuxG8JaTElVakZUfnzmkFnO
owJRgyxm3hOF+JZbplLXPE+Z75Mx46uOZj8vEolK0R4+lt043OBH38RwLxgg2jJN
GtkoXWpm+kaBMLLrx/nVsvp3AQCfatjmttLvAyPnpRy1m34VLQ==
-----END CERTIFICATE-----