Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa
File:                     38322e3131382e33312e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          VEoo3CL9NzqZNAIdwihXM68+oDB2NsRHzlmj9zV4IGI=
Subject key identifier:   DD:D5:AE:03:D0:71:3D:28:27:CE:21:7C:92:6C:AC:75:2F:B6:5C:AD
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       3982F55FF67905320B6BC01EAAFB840FD4CD2BCA
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa
Signing time:             Thu 05 Feb 2026 11:55:36 +0000
ROA not before:           Thu 05 Feb 2026 11:50:36 +0000
ROA not after:            Thu 04 Feb 2027 11:55:36 +0000
asID:                     16509
IP address blocks:        82.118.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:82:f5:5f:f6:79:05:32:0b:6b:c0:1e:aa:fb:84:0f:d4:cd:2b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  5 11:50:36 2026 GMT
            Not After : Feb  4 11:55:36 2027 GMT
        Subject: CN=DDD5AE03D0713D2827CE217C926CAC752FB65CAD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:37:2c:a1:1c:7d:c5:a9:56:3b:a0:2d:a3:
                    15:ba:2b:8e:cf:6b:0f:e5:2d:f9:b4:66:13:20:3b:
                    f1:3c:1a:a6:31:ab:ef:34:88:5e:7a:e7:db:63:af:
                    00:c9:61:e0:e7:5b:2c:45:79:63:36:28:96:15:da:
                    93:04:33:50:29:90:5b:b9:74:7c:45:96:a4:41:e4:
                    ca:38:7a:89:fe:36:df:d6:f5:a1:b7:2b:b7:8b:51:
                    8e:8f:0c:04:cf:17:cd:d4:04:b6:88:1b:49:f8:60:
                    18:29:3a:95:15:9e:06:b4:08:77:00:da:e7:84:da:
                    52:14:90:1f:10:7d:2a:d2:6a:d8:fc:8f:cd:23:a5:
                    0b:2c:e2:e4:53:db:74:5a:b3:4e:bf:c2:05:67:0f:
                    01:e4:86:c9:e2:dd:eb:4d:51:80:34:fb:7b:9b:ab:
                    54:86:de:3a:0b:59:11:a5:74:fa:af:7e:95:3c:ab:
                    b4:8b:c3:e8:c0:9a:09:fa:78:96:76:57:1b:a0:f3:
                    2c:47:d9:db:ae:4c:d5:72:b1:23:ee:8d:80:1f:e5:
                    5a:74:91:d1:1d:8b:0b:ea:71:6a:47:37:5e:77:17:
                    d6:6c:c9:39:c3:18:a6:e0:ce:bc:18:9b:41:56:16:
                    c6:f5:5f:b6:02:97:df:b5:d5:8f:1f:6d:b2:a0:f0:
                    3a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D5:AE:03:D0:71:3D:28:27:CE:21:7C:92:6C:AC:75:2F:B6:5C:AD
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/38322e3131382e33312e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.118.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:9b:c6:28:52:46:2a:1c:76:13:bc:9e:80:29:a4:18:19:6f:
         70:d9:a5:a3:3c:4c:6c:81:ce:01:47:17:31:41:fc:b4:83:7b:
         85:4c:2f:89:c8:b9:87:ba:e2:2d:92:28:1d:18:91:0f:5e:ba:
         45:86:2b:a8:ee:b1:dd:c1:8f:99:4c:5d:bf:b6:f3:83:a6:5a:
         98:1b:a0:c1:e5:2e:c8:fc:23:65:c2:3e:77:7c:e1:e1:bd:bb:
         d0:20:e7:71:8f:c9:28:86:0e:5f:2f:0d:92:28:d9:ce:7d:61:
         33:20:71:8a:0e:82:0f:56:e5:3b:62:5d:c1:2d:4d:da:85:bc:
         92:a8:d1:5b:a6:5f:73:45:1e:cc:6f:04:67:4f:ed:32:b5:21:
         71:5e:ac:1c:cb:a5:97:0b:f6:16:5c:dc:d7:46:b1:36:26:80:
         8e:bc:f2:dc:85:d6:6b:81:b3:25:fc:0d:bb:30:fb:9e:1c:e1:
         73:2a:da:6b:b7:81:48:a9:67:b0:30:a0:0d:4d:c5:2e:4c:8d:
         83:37:cd:c7:6c:44:a6:73:08:99:07:e0:94:22:cf:3f:d4:87:
         ed:17:88:9e:a8:10:e1:f0:67:7d:fd:e9:c7:06:56:d2:09:b7:
         5d:3c:cc:21:c6:22:ed:99:0b:47:e0:7f:95:4b:37:e4:df:2c:
         de:6a:2e:43
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUOYL1X/Z5BTILa8AeqvuED9TNK8owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDUxMTUwMzZaFw0yNzAyMDQxMTU1MzZaMDMxMTAvBgNV
BAMTKERERDVBRTAzRDA3MTNEMjgyN0NFMjE3QzkyNkNBQzc1MkZCNjVDQUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0BDcsoRx9xalWO6AtoxW6K47P
aw/lLfm0ZhMgO/E8GqYxq+80iF5659tjrwDJYeDnWyxFeWM2KJYV2pMEM1ApkFu5
dHxFlqRB5Mo4eon+Nt/W9aG3K7eLUY6PDATPF83UBLaIG0n4YBgpOpUVnga0CHcA
2ueE2lIUkB8QfSrSatj8j80jpQss4uRT23Ras06/wgVnDwHkhsni3etNUYA0+3ub
q1SG3joLWRGldPqvfpU8q7SLw+jAmgn6eJZ2Vxug8yxH2duuTNVysSPujYAf5Vp0
kdEdiwvqcWpHN153F9ZsyTnDGKbgzrwYm0FWFsb1X7YCl9+11Y8fbbKg8DpzAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU3dWuA9BxPSgnziF8kmysdS+2XK0wHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzgzMjJlMzEzMTM4MmUzMzMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFJ2
HzANBgkqhkiG9w0BAQsFAAOCAQEAWJvGKFJGKhx2E7yegCmkGBlvcNmlozxMbIHO
AUcXMUH8tIN7hUwvici5h7riLZIoHRiRD166RYYrqO6x3cGPmUxdv7bzg6ZamBug
weUuyPwjZcI+d3zh4b270CDncY/JKIYOXy8NkijZzn1hMyBxig6CD1blO2JdwS1N
2oW8kqjRW6Zfc0UezG8EZ0/tMrUhcV6sHMullwv2Flzc10axNiaAjrzy3IXWa4Gz
JfwNuzD7nhzhcyraa7eBSKlnsDCgDU3FLkyNgzfNx2xEpnMImQfglCLPP9SH7ReI
nqgQ4fBnff3pxwZW0gm3XTzMIcYi7ZkLR+B/lUs35N8s3mouQw==
-----END CERTIFICATE-----