Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3231322e38372e3230332e302f32342d3234203d3e20383334.roa
File:                     3231322e38372e3230332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ECc9iqYykE58bozyOHRR/rJA+Vm5Qbz4sT5IvUGPTxQ=
Subject key identifier:   94:69:63:8E:1A:D1:B5:44:BE:5C:B0:3E:7F:B0:3E:14:93:5E:F8:EC
Certificate issuer:       /CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
Certificate serial:       6F8EB2A12B3F40E1144D34EE41CBFBCFD82869C2
Authority key identifier: 7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3231322e38372e3230332e302f32342d3234203d3e20383334.roa
Signing time:             Sun 10 May 2026 12:17:45 +0000
ROA not before:           Sun 10 May 2026 12:12:45 +0000
ROA not after:            Sun 09 May 2027 12:17:45 +0000
asID:                     834
IP address blocks:        212.87.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:8e:b2:a1:2b:3f:40:e1:14:4d:34:ee:41:cb:fb:cf:d8:28:69:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fea37fdfe29b34173e97f1b637a44ec41acebb8
        Validity
            Not Before: May 10 12:12:45 2026 GMT
            Not After : May  9 12:17:45 2027 GMT
        Subject: CN=9469638E1AD1B544BE5CB03E7FB03E14935EF8EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fe:87:19:a4:d7:ab:2c:24:98:a4:89:f2:05:
                    cb:07:84:1f:2f:95:3c:71:7d:2e:82:6c:eb:f0:ca:
                    44:c8:ec:15:92:16:23:fd:c0:ff:91:7c:03:c2:46:
                    42:ab:5a:db:f4:89:76:27:ae:cb:35:4d:d0:e0:49:
                    fc:0e:3b:cb:45:ab:96:cc:bc:ba:15:de:76:56:b4:
                    57:6b:2c:21:a8:b3:51:6a:eb:f8:18:c8:0a:ed:82:
                    51:97:60:93:6c:d8:dd:7c:01:d8:fd:01:c9:35:eb:
                    bb:ac:7a:58:9a:15:35:12:83:10:f4:56:0d:39:c1:
                    cc:ee:d7:df:d4:04:1a:94:d5:bb:f3:af:46:3f:f2:
                    38:73:5c:c7:48:6d:42:9b:d0:22:dc:9e:39:34:5f:
                    43:29:c2:c3:ea:97:46:ce:56:d8:67:c2:b2:c7:89:
                    f4:df:04:f0:93:28:ec:d3:84:fa:83:8c:2b:bd:e2:
                    0e:6e:3a:f8:bf:f6:a8:26:e4:98:af:df:3e:cf:75:
                    4c:b3:bc:24:f0:67:8b:c2:26:f6:45:2b:e0:f1:05:
                    b4:da:9d:c1:58:cf:94:a5:4c:36:a4:a6:cd:c1:87:
                    65:a9:a1:dd:be:48:77:f2:3c:c3:77:8f:17:18:75:
                    7b:34:74:0a:90:20:1e:7e:ed:49:79:0c:c7:57:ba:
                    f7:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:69:63:8E:1A:D1:B5:44:BE:5C:B0:3E:7F:B0:3E:14:93:5E:F8:EC
            X509v3 Authority Key Identifier:
                keyid:7F:EA:37:FD:FE:29:B3:41:73:E9:7F:1B:63:7A:44:EC:41:AC:EB:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/7FEA37FDFE29B34173E97F1B637A44EC41ACEBB8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f-o3_f4ps0Fz6X8bY3pE7EGs67g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/03dd48eb-d136-4f0e-af8a-57a6bdd93a9d/0/3231322e38372e3230332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c1:db:fb:1d:3f:76:23:7a:ec:67:5c:94:6f:b7:ff:78:40:
         b5:48:6e:e5:0d:71:d5:29:1b:40:a7:d7:f8:a7:12:c8:90:fe:
         11:7e:f5:97:b6:40:da:30:0b:80:15:60:6e:bf:af:78:02:b4:
         85:ba:2e:f6:4e:64:16:58:11:35:02:86:bc:1f:2a:b9:f9:29:
         89:60:33:ff:e4:d4:f2:f7:c4:5b:ac:53:2d:a6:4b:48:ce:e5:
         93:65:03:7d:ad:47:43:84:cf:45:5b:1d:81:6a:ca:2c:f0:11:
         49:d6:43:4f:77:d9:9f:5a:c8:d5:76:50:8b:36:87:88:67:66:
         4d:2e:5b:42:75:29:d0:8c:b3:cb:ae:db:df:49:43:66:d1:05:
         a5:a8:64:2b:5e:57:1b:8a:38:24:86:26:1b:aa:83:49:81:55:
         17:9f:86:b9:98:d0:bf:e4:61:8d:3a:ab:a4:82:fd:49:6e:5c:
         6d:c5:bb:b4:c4:aa:9c:54:04:27:a8:a8:95:88:82:10:5c:d2:
         6a:67:4f:bf:95:78:19:55:71:cd:90:5d:bc:45:97:8e:ce:be:
         e2:fd:48:f0:3e:28:20:11:8f:80:8b:90:53:89:84:d7:b9:4c:
         c5:73:72:76:c8:77:47:96:4b:51:72:e0:b3:d7:78:67:4f:9d:
         3e:26:59:d9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUb46yoSs/QOEUTTTuQcv7z9goacIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2ZlYTM3ZmRmZTI5YjM0MTczZTk3ZjFiNjM3YTQ0ZWM0
MWFjZWJiODAeFw0yNjA1MTAxMjEyNDVaFw0yNzA1MDkxMjE3NDVaMDMxMTAvBgNV
BAMTKDk0Njk2MzhFMUFEMUI1NDRCRTVDQjAzRTdGQjAzRTE0OTM1RUY4RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw/ocZpNerLCSYpInyBcsHhB8v
lTxxfS6CbOvwykTI7BWSFiP9wP+RfAPCRkKrWtv0iXYnrss1TdDgSfwOO8tFq5bM
vLoV3nZWtFdrLCGos1Fq6/gYyArtglGXYJNs2N18Adj9Ack167useliaFTUSgxD0
Vg05wczu19/UBBqU1bvzr0Y/8jhzXMdIbUKb0CLcnjk0X0MpwsPql0bOVthnwrLH
ifTfBPCTKOzThPqDjCu94g5uOvi/9qgm5Jiv3z7PdUyzvCTwZ4vCJvZFK+DxBbTa
ncFYz5SlTDakps3Bh2Wpod2+SHfyPMN3jxcYdXs0dAqQIB5+7Ul5DMdXuvezAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUlGljjhrRtUS+XLA+f7A+FJNe+OwwHwYDVR0j
BBgwFoAUf+o3/f4ps0Fz6X8bY3pE7EGs67gwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWItZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkz
YTlkLzAvN0ZFQTM3RkRGRTI5QjM0MTczRTk3RjFCNjM3QTQ0RUM0MUFDRUJCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2YtbzNfZjRwczBGejZYOGJZM3BFN0VH
czY3Zy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMDNkZDQ4ZWIt
ZDEzNi00ZjBlLWFmOGEtNTdhNmJkZDkzYTlkLzAvMzIzMTMyMmUzODM3MmUzMjMw
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUV8sw
DQYJKoZIhvcNAQELBQADggEBADvB2/sdP3YjeuxnXJRvt/94QLVIbuUNcdUpG0Cn
1/inEsiQ/hF+9Ze2QNowC4AVYG6/r3gCtIW6LvZOZBZYETUChrwfKrn5KYlgM//k
1PL3xFusUy2mS0jO5ZNlA32tR0OEz0VbHYFqyizwEUnWQ0932Z9ayNV2UIs2h4hn
Zk0uW0J1KdCMs8uu299JQ2bRBaWoZCteVxuKOCSGJhuqg0mBVRefhrmY0L/kYY06
q6SC/UluXG3Fu7TEqpxUBCeoqJWIghBc0mpnT7+VeBlVcc2QXbxFl47OvuL9SPA+
KCARj4CLkFOJhNe5TMVzcnbId0eWS1Fy4LPXeGdPnT4mWdk=
-----END CERTIFICATE-----