Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231352e3138332e302f32342d3234203d3e20383334.roa
File:                     3138352e3231352e3138332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ZemGzoUTXvl99PSlJ7jkApJDHqtGw8eE2MZVT6NIQpY=
Subject key identifier:   DA:B7:74:96:C5:D4:C9:B7:17:A2:88:2A:4F:CF:C6:8E:6B:09:89:7D
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       3CCA029EEF0C6E300BC5C3B058DA35D5790C6EC6
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231352e3138332e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Feb 2026 08:23:21 +0000
ROA not before:           Fri 20 Feb 2026 08:18:21 +0000
ROA not after:            Fri 19 Feb 2027 08:23:21 +0000
asID:                     834
IP address blocks:        185.215.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ca:02:9e:ef:0c:6e:30:0b:c5:c3:b0:58:da:35:d5:79:0c:6e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Feb 20 08:18:21 2026 GMT
            Not After : Feb 19 08:23:21 2027 GMT
        Subject: CN=DAB77496C5D4C9B717A2882A4FCFC68E6B09897D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:07:02:28:b2:b8:f2:69:65:01:03:83:86:64:
                    f9:35:78:21:e8:9c:7f:12:1c:66:3c:c0:ee:44:f6:
                    76:62:35:e7:fa:b5:d5:d7:fd:70:b7:50:db:a4:c5:
                    26:e6:bd:72:8f:72:57:74:16:0a:67:cd:d6:50:49:
                    90:09:3f:37:b2:3c:42:e7:b7:06:7e:bf:e2:03:7b:
                    a4:13:66:f2:90:f4:80:97:17:7f:94:00:8b:b0:69:
                    1e:9e:09:99:05:c6:1c:77:c5:b4:85:ec:7a:ba:ae:
                    fb:c6:58:49:8f:83:38:8f:69:63:ea:4a:6d:af:25:
                    8b:42:35:ee:3b:a4:92:f1:d0:aa:30:43:ac:6a:73:
                    67:1f:f5:92:a3:ea:31:6e:65:19:d4:80:60:a5:4a:
                    8f:2c:d3:87:a6:a4:50:f7:7b:28:f7:bc:d1:a8:80:
                    e7:08:e8:60:45:df:86:e0:ed:3d:70:96:17:fc:1b:
                    8a:29:dd:f0:01:88:b3:88:95:33:98:e7:86:b4:28:
                    c0:9e:e2:89:0d:33:cd:09:24:92:47:0f:1e:19:aa:
                    44:a3:62:0e:34:45:3c:72:a1:cf:64:96:b5:69:aa:
                    4c:14:04:a7:23:ec:17:d4:ed:6d:97:97:53:3e:ae:
                    3d:60:ce:17:71:89:82:69:59:4b:01:50:47:ac:ec:
                    fe:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:B7:74:96:C5:D4:C9:B7:17:A2:88:2A:4F:CF:C6:8E:6B:09:89:7D
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3138352e3231352e3138332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:86:1f:b5:59:60:8a:e8:68:20:a6:bf:34:b5:8a:5f:74:33:
         aa:fc:17:e1:01:d6:02:f1:3c:5b:ed:c1:16:64:e9:b3:fe:a1:
         14:96:a7:97:90:4e:24:bf:05:97:4e:ec:1d:7e:a0:04:6d:da:
         cd:f4:30:ae:08:7e:c6:48:74:98:eb:d9:68:4b:47:48:fd:34:
         79:b5:cd:62:55:0d:50:6c:a6:bb:4b:d6:3e:f8:c9:b4:2a:c4:
         34:a4:66:12:92:83:da:78:f0:95:94:89:b9:47:a8:1d:fc:77:
         0e:13:96:52:35:4e:cd:52:6a:f1:5b:cf:00:c0:72:83:1b:cc:
         86:8c:d2:cd:71:de:b1:68:e3:0f:e0:e4:f9:49:70:24:ee:11:
         1f:1d:08:96:07:6c:a0:19:a6:c0:a4:60:1a:b3:15:66:f6:e5:
         b5:82:cd:c8:d8:20:f7:53:e0:a9:27:37:96:52:de:7f:18:81:
         e2:34:97:0d:5f:bc:78:b9:b4:93:e5:7a:60:82:44:8b:11:3b:
         b3:f3:0c:22:35:1b:58:17:ee:aa:e6:cd:e7:c3:e2:b9:59:ad:
         c4:fe:b0:d7:6f:8a:c3:98:4f:91:19:b6:52:65:ba:08:d7:00:
         26:d0:82:53:3b:d0:57:dc:2c:da:f3:e8:81:30:d0:03:32:b9:
         58:90:4c:c7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPMoCnu8MbjALxcOwWNo11XkMbsYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNjAyMjAwODE4MjFaFw0yNzAyMTkwODIzMjFaMDMxMTAvBgNV
BAMTKERBQjc3NDk2QzVENEM5QjcxN0EyODgyQTRGQ0ZDNjhFNkIwOTg5N0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNBwIosrjyaWUBA4OGZPk1eCHo
nH8SHGY8wO5E9nZiNef6tdXX/XC3UNukxSbmvXKPcld0FgpnzdZQSZAJPzeyPELn
twZ+v+IDe6QTZvKQ9ICXF3+UAIuwaR6eCZkFxhx3xbSF7Hq6rvvGWEmPgziPaWPq
Sm2vJYtCNe47pJLx0KowQ6xqc2cf9ZKj6jFuZRnUgGClSo8s04empFD3eyj3vNGo
gOcI6GBF34bg7T1wlhf8G4op3fABiLOIlTOY54a0KMCe4okNM80JJJJHDx4ZqkSj
Yg40RTxyoc9klrVpqkwUBKcj7BfU7W2Xl1M+rj1gzhdxiYJpWUsBUEes7P7HAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU2rd0lsXUybcXoogqT8/GjmsJiX0wHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzODM1MmUzMjMxMzUyZTMx
MzgzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnX
tzANBgkqhkiG9w0BAQsFAAOCAQEAoYYftVlgiuhoIKa/NLWKX3QzqvwX4QHWAvE8
W+3BFmTps/6hFJanl5BOJL8Fl07sHX6gBG3azfQwrgh+xkh0mOvZaEtHSP00ebXN
YlUNUGymu0vWPvjJtCrENKRmEpKD2njwlZSJuUeoHfx3DhOWUjVOzVJq8VvPAMBy
gxvMhozSzXHesWjjD+Dk+UlwJO4RHx0IlgdsoBmmwKRgGrMVZvbltYLNyNgg91Pg
qSc3llLefxiB4jSXDV+8eLm0k+V6YIJEixE7s/MMIjUbWBfuqubN58PiuVmtxP6w
12+Kw5hPkRm2UmW6CNcAJtCCUzvQV9ws2vPogTDQAzK5WJBMxw==
-----END CERTIFICATE-----