Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e20323136313832.roa
File:                     39322e3131342e342e302f32342d3234203d3e20323136313832.roa (raw, json)
Hash identifier:          iZcvzrTApwMe/mgD5dwZ8ER2vxVuWX1nP07r98rondE=
Subject key identifier:   BE:1B:BD:98:21:3D:34:76:29:CD:25:57:AB:57:E7:45:A3:00:C6:29
Certificate issuer:       /CN=0d059f10d18d00052c808eb8069f90d47e30564a
Certificate serial:       7A6FA7C9D75F9E19D74D0883E9F41EDE2EE4EEDE
Authority key identifier: 0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e20323136313832.roa
Signing time:             Tue 03 Feb 2026 02:55:36 +0000
ROA not before:           Tue 03 Feb 2026 02:50:36 +0000
ROA not after:            Tue 02 Feb 2027 02:55:36 +0000
asID:                     216182
IP address blocks:        92.114.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:30:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:6f:a7:c9:d7:5f:9e:19:d7:4d:08:83:e9:f4:1e:de:2e:e4:ee:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d059f10d18d00052c808eb8069f90d47e30564a
        Validity
            Not Before: Feb  3 02:50:36 2026 GMT
            Not After : Feb  2 02:55:36 2027 GMT
        Subject: CN=BE1BBD98213D347629CD2557AB57E745A300C629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:3d:fd:bb:86:bb:be:4a:61:db:b7:e8:4d:03:
                    81:74:bb:b1:14:73:24:8f:47:59:48:91:5e:bd:53:
                    89:e8:19:1a:5f:5f:98:d1:b2:17:53:57:b4:23:58:
                    f2:1e:c2:0a:49:e5:7e:b9:14:58:41:5f:31:5c:96:
                    96:bb:da:45:52:df:31:ba:5e:e9:99:05:19:8a:8a:
                    e8:1f:d7:5d:b8:c2:f3:31:51:95:11:50:a7:19:b9:
                    aa:ec:fe:59:76:3e:90:85:5b:c5:e8:53:da:9c:62:
                    f8:a2:2e:3a:0d:b3:70:f8:56:3d:b7:73:09:08:0b:
                    d5:17:bf:0c:ee:44:b3:51:b6:37:3f:82:d1:8e:80:
                    d7:f7:3d:29:f8:22:9d:fb:07:48:ae:76:ae:e2:17:
                    c4:9c:67:18:79:6b:1a:c0:bb:37:55:ff:5e:05:86:
                    08:f3:12:f4:ca:32:26:9b:22:b0:85:e5:71:d0:b0:
                    0a:52:4c:81:45:7f:f6:c9:2e:3f:cc:6b:f5:fb:6b:
                    dc:7a:17:c1:fc:d1:ff:56:b3:60:90:02:c2:5a:62:
                    4c:62:3c:52:96:aa:05:34:56:19:78:64:35:89:d6:
                    1f:0b:b9:95:33:86:0f:1d:91:f5:93:2e:37:f4:67:
                    1c:bc:ea:18:80:de:73:24:be:2a:81:e6:92:c9:03:
                    70:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:1B:BD:98:21:3D:34:76:29:CD:25:57:AB:57:E7:45:A3:00:C6:29
            X509v3 Authority Key Identifier:
                keyid:0D:05:9F:10:D1:8D:00:05:2C:80:8E:B8:06:9F:90:D4:7E:30:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/0D059F10D18D00052C808EB8069F90D47E30564A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DQWfENGNAAUsgI64Bp-Q1H4wVko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/faf16704-2854-4080-9a09-7262326c9e22/1/39322e3131342e342e302f32342d3234203d3e20323136313832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:6e:fa:3b:bd:c7:9e:ca:f4:45:75:66:a6:98:12:5b:5f:60:
         b6:e8:6e:a6:a3:d6:5d:e1:4f:bd:7d:52:6d:dc:02:f3:7a:7c:
         88:60:77:f1:62:20:bc:ce:b1:08:29:a4:be:8f:26:83:12:76:
         5a:47:89:3a:00:ff:59:07:6b:91:42:20:e4:6d:93:a2:99:1d:
         b3:28:29:48:43:96:f3:e4:89:80:be:56:e1:13:1b:3e:1f:36:
         0b:1b:09:fc:68:db:96:3c:7a:4f:7d:74:16:9b:34:ee:27:0c:
         84:45:eb:96:a6:b4:53:03:c2:13:14:78:cc:51:fe:3a:45:6f:
         1b:d2:b4:95:94:7e:03:48:6b:8f:d7:72:bb:b2:6f:d9:e2:ff:
         e6:70:5d:56:c7:71:bb:bf:c5:ca:c6:b2:d8:fb:9e:61:85:b5:
         b2:4a:94:9d:0b:e0:55:63:35:c0:54:39:53:a4:bd:33:4c:db:
         77:37:67:fd:39:69:80:06:97:97:bb:dc:a9:13:f0:40:64:db:
         98:8b:2c:14:08:97:5e:09:16:0c:32:d0:00:16:b9:f5:8e:79:
         df:e8:c1:82:d5:a8:7e:ff:83:c9:b9:6c:08:c9:47:40:6e:59:
         73:38:c7:d2:6c:87:69:97:94:47:9c:b0:48:09:88:0d:dc:62:
         99:0c:9e:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUem+nyddfnhnXTQiD6fQe3i7k7t4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQwNTlmMTBkMThkMDAwNTJjODA4ZWI4MDY5ZjkwZDQ3
ZTMwNTY0YTAeFw0yNjAyMDMwMjUwMzZaFw0yNzAyMDIwMjU1MzZaMDMxMTAvBgNV
BAMTKEJFMUJCRDk4MjEzRDM0NzYyOUNEMjU1N0FCNTdFNzQ1QTMwMEM2MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnPf27hru+SmHbt+hNA4F0u7EU
cySPR1lIkV69U4noGRpfX5jRshdTV7QjWPIewgpJ5X65FFhBXzFclpa72kVS3zG6
XumZBRmKiugf1124wvMxUZURUKcZuars/ll2PpCFW8XoU9qcYviiLjoNs3D4Vj23
cwkIC9UXvwzuRLNRtjc/gtGOgNf3PSn4Ip37B0iudq7iF8ScZxh5axrAuzdV/14F
hgjzEvTKMiabIrCF5XHQsApSTIFFf/bJLj/Ma/X7a9x6F8H80f9Ws2CQAsJaYkxi
PFKWqgU0Vhl4ZDWJ1h8LuZUzhg8dkfWTLjf0Zxy86hiA3nMkviqB5pLJA3BJAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUvhu9mCE9NHYpzSVXq1fnRaMAxikwHwYDVR0j
BBgwFoAUDQWfENGNAAUsgI64Bp+Q1H4wVkowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQtMjg1NC00MDgwLTlhMDktNzI2MjMyNmM5
ZTIyLzEvMEQwNTlGMTBEMThEMDAwNTJDODA4RUI4MDY5RjkwRDQ3RTMwNTY0QS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RRV2ZFTkdOQUFVc2dJNjRCcC1RMUg0
d1Zrby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmFmMTY3MDQt
Mjg1NC00MDgwLTlhMDktNzI2MjMyNmM5ZTIyLzEvMzkzMjJlMzEzMTM0MmUzNDJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNjMxMzgzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFxy
BDANBgkqhkiG9w0BAQsFAAOCAQEAbW76O73Hnsr0RXVmppgSW19gtuhupqPWXeFP
vX1SbdwC83p8iGB38WIgvM6xCCmkvo8mgxJ2WkeJOgD/WQdrkUIg5G2Topkdsygp
SEOW8+SJgL5W4RMbPh82CxsJ/Gjbljx6T310Fps07icMhEXrlqa0UwPCExR4zFH+
OkVvG9K0lZR+A0hrj9dyu7Jv2eL/5nBdVsdxu7/Fysay2PueYYW1skqUnQvgVWM1
wFQ5U6S9M0zbdzdn/TlpgAaXl7vcqRPwQGTbmIssFAiXXgkWDDLQABa59Y553+jB
gtWofv+DyblsCMlHQG5ZczjH0myHaZeUR5ywSAmIDdximQyeoA==
-----END CERTIFICATE-----