Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa
File:                     3231322e322e3233362e302f32342d3234203d3e203632313634.roa (raw, json)
Hash identifier:          hYVDhA7clFCFhyHx8qb8eGJJtW1LMi+8HW6eGQBn2Ks=
Subject key identifier:   C8:A3:40:41:EC:B0:A9:1F:B1:82:2C:A1:37:A1:93:D6:AF:13:14:8A
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       0AC4FDF29A7D6E01FFC01726FD6B40DC180EDDCF
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa
Signing time:             Thu 05 Feb 2026 11:55:36 +0000
ROA not before:           Thu 05 Feb 2026 11:50:36 +0000
ROA not after:            Thu 04 Feb 2027 11:55:36 +0000
asID:                     62164
IP address blocks:        212.2.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:c4:fd:f2:9a:7d:6e:01:ff:c0:17:26:fd:6b:40:dc:18:0e:dd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  5 11:50:36 2026 GMT
            Not After : Feb  4 11:55:36 2027 GMT
        Subject: CN=C8A34041ECB0A91FB1822CA137A193D6AF13148A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:65:92:ff:0f:8a:0f:19:93:25:6b:6f:1f:9a:
                    27:3f:cb:bc:7f:3e:43:30:66:9c:40:a8:fd:bc:fb:
                    80:87:06:8c:fe:7b:31:80:1b:d4:a5:c2:87:37:2f:
                    cb:a8:b7:b6:66:65:5e:fd:37:66:8f:5e:91:39:8d:
                    c5:24:39:12:df:e9:68:f7:16:6a:11:f5:a3:6b:34:
                    2b:a1:e3:55:ce:a4:45:b8:5e:48:a4:89:55:e6:03:
                    ec:0c:f4:6a:e2:83:f4:a6:c9:5c:9d:09:83:8f:a5:
                    1c:b4:3d:8e:fe:88:08:b0:b0:f3:4d:71:ae:c2:f0:
                    c5:c8:c3:ba:2e:f9:5d:e5:de:cb:57:aa:ce:43:b2:
                    12:30:e5:ea:03:c4:d5:53:86:37:97:0a:e5:21:79:
                    37:dc:14:9a:4d:8c:60:94:67:db:d1:25:35:ef:c0:
                    6d:af:33:de:85:0f:0f:3b:9a:57:87:ae:a4:59:87:
                    32:b7:15:23:64:a9:52:69:8d:2c:4e:16:62:41:d5:
                    88:0a:3d:f4:ba:5d:0e:5c:57:32:82:b4:5d:7d:ea:
                    30:72:d5:e4:ec:b6:e4:cc:b5:63:21:e5:78:71:6a:
                    e8:f5:30:ff:c1:30:c3:de:7c:11:98:10:4d:3c:b8:
                    95:c2:95:c7:09:c0:62:5c:fd:ab:97:8d:54:16:f0:
                    d6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A3:40:41:EC:B0:A9:1F:B1:82:2C:A1:37:A1:93:D6:AF:13:14:8A
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/3231322e322e3233362e302f32342d3234203d3e203632313634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.2.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:2d:9b:3a:53:c0:8e:15:29:a2:40:8c:9b:16:1b:21:26:4d:
         4b:05:a3:51:49:55:35:bc:85:09:37:34:06:81:43:6f:0b:1b:
         19:52:38:ba:f1:f5:5d:ae:5b:d5:7b:1f:6c:cf:e4:e5:32:b8:
         f0:51:6e:25:d2:3c:4e:53:8b:ea:65:79:8d:4c:8b:92:76:50:
         b5:f5:39:c4:fb:31:2c:61:e3:57:18:4f:63:26:db:39:da:80:
         a9:d1:fa:c0:3f:c2:e2:73:9a:83:65:80:0d:69:5f:2f:9e:65:
         c9:31:94:65:9b:50:0f:bf:c4:5d:3f:3d:63:ea:8d:40:21:f1:
         dd:c5:5a:08:3f:da:a4:06:5e:96:c4:27:e6:d3:eb:e2:a6:5c:
         9e:c0:84:5c:a4:5d:89:c7:34:3a:1e:31:c5:a3:ea:fa:19:e4:
         f8:4d:43:d0:d0:29:a8:1f:43:a3:af:83:02:c9:89:e4:66:3c:
         97:06:81:f5:a3:d3:a9:88:9c:ea:4a:5a:97:d8:da:bc:65:b7:
         cc:c4:60:ca:4c:d0:39:24:1d:c8:0b:23:3b:34:7a:8a:3f:99:
         2a:01:77:73:3c:14:73:57:5c:65:68:b2:13:a2:ad:70:ec:ac:
         5a:15:4a:01:db:a7:5f:50:c3:e4:b9:0d:a3:e5:8b:e0:c9:8d:
         fa:25:96:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCsT98pp9bgH/wBcm/WtA3BgO3c8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzZaFw0yNzAyMDQxMTU1MzZaMDMxMTAvBgNV
BAMTKEM4QTM0MDQxRUNCMEE5MUZCMTgyMkNBMTM3QTE5M0Q2QUYxMzE0OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwZZL/D4oPGZMla28fmic/y7x/
PkMwZpxAqP28+4CHBoz+ezGAG9Slwoc3L8uot7ZmZV79N2aPXpE5jcUkORLf6Wj3
FmoR9aNrNCuh41XOpEW4XkikiVXmA+wM9Grig/SmyVydCYOPpRy0PY7+iAiwsPNN
ca7C8MXIw7ou+V3l3stXqs5DshIw5eoDxNVThjeXCuUheTfcFJpNjGCUZ9vRJTXv
wG2vM96FDw87mleHrqRZhzK3FSNkqVJpjSxOFmJB1YgKPfS6XQ5cVzKCtF196jBy
1eTstuTMtWMh5Xhxauj1MP/BMMPefBGYEE08uJXClccJwGJc/auXjVQW8NYZAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUyKNAQeywqR+xgiyhN6GT1q8TFIowHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzIzMTMyMmUzMjJlMzIzMzM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMjMxMzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANQC
7DANBgkqhkiG9w0BAQsFAAOCAQEADi2bOlPAjhUpokCMmxYbISZNSwWjUUlVNbyF
CTc0BoFDbwsbGVI4uvH1Xa5b1XsfbM/k5TK48FFuJdI8TlOL6mV5jUyLknZQtfU5
xPsxLGHjVxhPYybbOdqAqdH6wD/C4nOag2WADWlfL55lyTGUZZtQD7/EXT89Y+qN
QCHx3cVaCD/apAZelsQn5tPr4qZcnsCEXKRdicc0Oh4xxaPq+hnk+E1D0NApqB9D
o6+DAsmJ5GY8lwaB9aPTqYic6kpal9javGW3zMRgykzQOSQdyAsjOzR6ij+ZKgF3
czwUc1dcZWiyE6KtcOysWhVKAdunX1DD5LkNo+WL4MmN+iWWsA==
-----END CERTIFICATE-----