Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35382e302f32342d3234203d3e2035353131.roa
File:                     3132382e302e35382e302f32342d3234203d3e2035353131.roa (raw, json)
Hash identifier:          lb/IXIKpoKYu6z4WxL62hK2qlyqNurcfy5kpuTlPCjk=
Subject key identifier:   FA:DE:DB:87:90:82:AB:84:C7:39:27:B8:B3:19:E8:96:B3:CA:8D:16
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       24CEC0E4557E2E83EC8397015C6618662FD83B2A
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35382e302f32342d3234203d3e2035353131.roa
Signing time:             Fri 20 Mar 2026 11:47:38 +0000
ROA not before:           Fri 20 Mar 2026 11:42:38 +0000
ROA not after:            Fri 19 Mar 2027 11:47:38 +0000
asID:                     5511
IP address blocks:        128.0.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ce:c0:e4:55:7e:2e:83:ec:83:97:01:5c:66:18:66:2f:d8:3b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: Mar 20 11:42:38 2026 GMT
            Not After : Mar 19 11:47:38 2027 GMT
        Subject: CN=FADEDB879082AB84C73927B8B319E896B3CA8D16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:90:64:4d:d5:d2:7c:e7:ab:d9:98:ad:7a:9c:
                    62:8b:97:02:ab:76:39:6b:12:4d:48:eb:be:c5:ed:
                    a7:c7:16:f1:29:71:d5:71:c3:7c:c4:df:75:63:ea:
                    23:cd:02:9e:8d:d3:86:e0:ab:2a:2c:cf:2a:f9:77:
                    7c:34:dd:d5:ff:8a:8d:18:56:72:51:e1:9b:24:cc:
                    b5:da:a3:ae:36:07:b5:79:b0:7c:35:e0:f2:9f:1c:
                    9a:cf:37:3e:56:d3:0d:40:50:cd:bb:ba:9a:b0:9b:
                    60:0e:08:df:d6:ee:90:89:ec:de:30:a7:fb:d4:d0:
                    2c:ba:1f:2e:0d:07:8e:97:25:84:51:98:89:18:8b:
                    25:c1:c1:d3:28:82:0e:66:a6:48:cf:73:75:82:91:
                    a1:f7:44:d3:be:c3:eb:0b:ae:53:34:7a:cb:8e:11:
                    24:74:de:b7:b6:b2:28:2b:b4:3c:fb:12:18:6e:cf:
                    c5:e0:56:00:02:7d:4f:b1:73:3c:04:eb:0d:be:27:
                    56:6a:47:7d:56:dd:96:e3:36:b9:b4:33:8c:d8:2b:
                    20:fe:30:97:73:1f:68:7f:d8:eb:65:78:c6:15:3e:
                    3d:75:3b:b6:18:ac:9b:8e:40:fa:ea:81:c1:bb:21:
                    65:b6:c2:93:02:08:cc:4c:aa:94:2c:47:9f:02:9e:
                    f3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DE:DB:87:90:82:AB:84:C7:39:27:B8:B3:19:E8:96:B3:CA:8D:16
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3132382e302e35382e302f32342d3234203d3e2035353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cb:31:16:67:6f:e5:16:87:86:39:c5:37:98:a1:7d:0e:63:
         63:18:3f:ab:91:71:10:97:b3:f2:2c:24:ed:80:88:26:91:43:
         24:dd:76:4c:e4:51:d3:20:7f:dc:26:ba:68:d7:d3:30:0d:d8:
         7f:40:89:40:8f:53:8a:96:70:81:c7:de:a4:cf:81:ba:9b:ee:
         af:46:b4:0c:94:55:b2:78:40:78:b2:c4:5d:cd:b0:2b:82:cf:
         81:35:87:b9:aa:fe:88:54:c8:a9:a6:3d:01:8b:f7:e7:f2:e8:
         9c:a4:4d:b3:a6:39:52:d7:82:0c:48:7f:fc:71:a7:45:8a:7b:
         c5:41:4b:5f:4f:0c:96:f6:5e:d7:65:0b:11:27:de:d0:c0:1a:
         a9:3d:66:31:40:b7:f3:3b:db:25:92:5d:26:70:3d:ff:8f:d3:
         c8:ce:a2:cb:0a:42:15:c8:44:f9:de:86:75:ea:da:16:5f:42:
         bf:44:d7:f3:64:fd:16:5f:f9:3c:74:df:c2:ef:cd:21:5c:e1:
         14:b3:3a:bc:37:ec:37:db:c3:70:92:ef:58:8e:01:6e:87:67:
         46:5d:3e:ce:7d:da:a5:8d:af:fb:eb:9a:01:e7:78:f0:ee:18:
         6e:a9:ee:05:e5:97:4a:de:89:95:8c:35:6f:5f:1b:89:85:78:
         11:66:6c:ab
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJM7A5FV+LoPsg5cBXGYYZi/YOyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjAzMjAxMTQyMzhaFw0yNzAzMTkxMTQ3MzhaMDMxMTAvBgNV
BAMTKEZBREVEQjg3OTA4MkFCODRDNzM5MjdCOEIzMTlFODk2QjNDQThEMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTkGRN1dJ856vZmK16nGKLlwKr
djlrEk1I677F7afHFvEpcdVxw3zE33Vj6iPNAp6N04bgqyoszyr5d3w03dX/io0Y
VnJR4ZskzLXao642B7V5sHw14PKfHJrPNz5W0w1AUM27upqwm2AOCN/W7pCJ7N4w
p/vU0Cy6Hy4NB46XJYRRmIkYiyXBwdMogg5mpkjPc3WCkaH3RNO+w+sLrlM0esuO
ESR03re2sigrtDz7Ehhuz8XgVgACfU+xczwE6w2+J1ZqR31W3ZbjNrm0M4zYKyD+
MJdzH2h/2OtleMYVPj11O7YYrJuOQPrqgcG7IWW2wpMCCMxMqpQsR58CnvNvAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU+t7bh5CCq4THOSe4sxnolrPKjRYwHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzEzMjM4MmUzMDJlMzUzODJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzUzMTMxLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAA6MA0G
CSqGSIb3DQEBCwUAA4IBAQBlyzEWZ2/lFoeGOcU3mKF9DmNjGD+rkXEQl7PyLCTt
gIgmkUMk3XZM5FHTIH/cJrpo19MwDdh/QIlAj1OKlnCBx96kz4G6m+6vRrQMlFWy
eEB4ssRdzbArgs+BNYe5qv6IVMippj0Bi/fn8uicpE2zpjlS14IMSH/8cadFinvF
QUtfTwyW9l7XZQsRJ97QwBqpPWYxQLfzO9slkl0mcD3/j9PIzqLLCkIVyET53oZ1
6toWX0K/RNfzZP0WX/k8dN/C780hXOEUszq8N+w328Nwku9YjgFuh2dGXT7Ofdql
ja/765oB53jw7hhuqe4F5ZdK3omVjDVvXxuJhXgRZmyr
-----END CERTIFICATE-----