Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3139332e33362e3136332e302f32342d3234203d3e2036303739.roa
File:                     3139332e33362e3136332e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          sTqyaVZhjpdufMMOyUAsEIDlegRuZiKEosRc/m4BptQ=
Subject key identifier:   7C:EC:4F:DA:03:D8:E1:10:58:84:2D:96:EE:C6:AC:22:33:75:1E:63
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       18E485F1EC096E457C80A5DBFE1215522A2E442B
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3139332e33362e3136332e302f32342d3234203d3e2036303739.roa
Signing time:             Fri 20 Mar 2026 04:49:37 +0000
ROA not before:           Fri 20 Mar 2026 04:44:37 +0000
ROA not after:            Fri 19 Mar 2027 04:49:37 +0000
asID:                     6079
IP address blocks:        193.36.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:e4:85:f1:ec:09:6e:45:7c:80:a5:db:fe:12:15:52:2a:2e:44:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: Mar 20 04:44:37 2026 GMT
            Not After : Mar 19 04:49:37 2027 GMT
        Subject: CN=7CEC4FDA03D8E11058842D96EEC6AC2233751E63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:bc:d9:39:d7:6d:84:f0:65:5e:6d:cd:5b:09:
                    07:3b:06:14:c1:62:02:8d:5b:35:34:36:ed:3b:17:
                    88:51:f1:29:5f:1d:a0:36:99:5a:17:ff:4c:5e:f5:
                    bb:e2:2c:ea:81:50:89:e8:0e:62:9e:18:9d:74:b2:
                    aa:99:a7:df:16:73:38:b3:f9:db:a6:4f:2f:3a:09:
                    e0:ca:34:4f:19:53:2b:d7:aa:df:3c:b9:f1:81:2a:
                    64:c5:04:db:ec:c4:b5:79:5a:11:cc:fd:79:27:8b:
                    4e:21:84:0c:e9:b3:6b:b1:06:e2:36:49:0f:06:96:
                    14:5f:6a:35:0c:6a:32:a4:5f:8e:de:e7:15:47:5d:
                    e2:5b:3f:12:b3:2e:79:a4:a4:eb:b6:7f:29:ed:d5:
                    1c:12:dd:a1:0b:07:96:f2:42:8e:d4:0b:49:18:bb:
                    49:85:5f:18:95:6e:43:ea:d5:00:cb:3f:54:dc:4b:
                    03:9f:6c:0d:46:bb:41:e0:16:3f:f0:93:81:bc:f4:
                    90:90:d0:fe:7b:9b:c0:33:8b:65:50:9d:31:61:5a:
                    6c:d7:fe:b5:3e:9d:2a:99:6b:54:b4:ca:b2:f5:a9:
                    7a:6d:3b:0a:1a:54:a9:f2:33:34:10:78:e5:ea:36:
                    16:30:24:99:23:fc:33:a1:e8:2e:28:4c:9c:58:83:
                    60:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:EC:4F:DA:03:D8:E1:10:58:84:2D:96:EE:C6:AC:22:33:75:1E:63
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3139332e33362e3136332e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ba:12:ee:93:8c:48:c3:68:30:53:17:fb:1b:59:58:11:47:
         e7:36:52:73:23:b2:15:42:69:74:a5:5f:cf:b4:86:25:d1:87:
         34:59:0e:6f:be:13:ac:02:2a:62:88:77:10:b1:8f:14:6b:2e:
         65:c5:bf:c6:77:ff:22:54:a4:2e:ba:dc:05:02:ce:bc:53:77:
         81:95:e7:95:ee:37:96:24:c3:2b:f0:6c:5f:17:cf:2d:25:7a:
         f1:5c:0c:4f:8e:7f:be:46:cd:d5:ff:8f:4a:40:9d:75:b5:d1:
         f1:ab:8a:df:b1:65:ec:1e:2d:de:91:36:15:d5:e8:e6:cb:8c:
         21:74:fc:3c:c0:3e:21:0e:8d:c3:1b:9f:0a:2d:e9:57:52:f2:
         ba:41:d2:2e:93:f2:ff:22:b4:ae:0a:17:4f:92:d6:b8:f9:c0:
         28:0c:0c:f3:60:a0:fe:01:2f:94:d4:1d:8b:1e:09:05:8c:2c:
         9a:9f:25:9d:8a:1a:b7:61:88:1d:69:3f:5a:ab:da:32:c1:9d:
         f2:3a:63:7e:e3:ac:59:f0:ee:af:bf:0d:59:b2:29:ab:85:1a:
         30:08:bd:5c:cc:28:35:74:02:c7:23:62:49:9b:0c:fb:6b:7c:
         08:5d:2e:2c:b5:c6:9d:79:86:ca:83:28:9e:c3:5d:4d:75:c0:
         33:c2:e4:fb
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUGOSF8ewJbkV8gKXb/hIVUiouRCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjAzMjAwNDQ0MzdaFw0yNzAzMTkwNDQ5MzdaMDMxMTAvBgNV
BAMTKDdDRUM0RkRBMDNEOEUxMTA1ODg0MkQ5NkVFQzZBQzIyMzM3NTFFNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDovNk5122E8GVebc1bCQc7BhTB
YgKNWzU0Nu07F4hR8SlfHaA2mVoX/0xe9bviLOqBUInoDmKeGJ10sqqZp98Wcziz
+dumTy86CeDKNE8ZUyvXqt88ufGBKmTFBNvsxLV5WhHM/Xkni04hhAzps2uxBuI2
SQ8GlhRfajUMajKkX47e5xVHXeJbPxKzLnmkpOu2fynt1RwS3aELB5byQo7UC0kY
u0mFXxiVbkPq1QDLP1TcSwOfbA1Gu0HgFj/wk4G89JCQ0P57m8Azi2VQnTFhWmzX
/rU+nSqZa1S0yrL1qXptOwoaVKnyMzQQeOXqNhYwJJkj/DOh6C4oTJxYg2DnAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUfOxP2gPY4RBYhC2W7sasIjN1HmMwHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzEzOTMzMmUzMzM2MmUzMTM2
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEk
ozANBgkqhkiG9w0BAQsFAAOCAQEAbboS7pOMSMNoMFMX+xtZWBFH5zZScyOyFUJp
dKVfz7SGJdGHNFkOb74TrAIqYoh3ELGPFGsuZcW/xnf/IlSkLrrcBQLOvFN3gZXn
le43liTDK/BsXxfPLSV68VwMT45/vkbN1f+PSkCddbXR8auK37Fl7B4t3pE2FdXo
5suMIXT8PMA+IQ6NwxufCi3pV1LyukHSLpPy/yK0rgoXT5LWuPnAKAwM82Cg/gEv
lNQdix4JBYwsmp8lnYoat2GIHWk/WqvaMsGd8jpjfuOsWfDur78NWbIpq4UaMAi9
XMwoNXQCxyNiSZsM+2t8CF0uLLXGnXmGyoMonsNdTXXAM8Lk+w==
-----END CERTIFICATE-----