Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130313a3230653a3a2f33322d3332203d3e203431303531.roa
File:                     326130313a3230653a3a2f33322d3332203d3e203431303531.roa (raw, json)
Hash identifier:          cCiXS9MV/uCfKyhT8Kj1cFq9G7AUWZ0m97JveBKeDlg=
Subject key identifier:   11:C7:F6:E2:34:9D:90:CD:29:A9:9C:61:10:37:4D:1C:C0:9F:28:18
Certificate issuer:       /CN=fac4708d7e265db1044f9bb0ee8728587f48b484
Certificate serial:       2AE57E021F75BC3D3CF761488E955601DF9CC5A2
Authority key identifier: FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130313a3230653a3a2f33322d3332203d3e203431303531.roa
Signing time:             Wed 06 May 2026 22:13:43 +0000
ROA not before:           Wed 06 May 2026 22:08:43 +0000
ROA not after:            Wed 05 May 2027 22:13:43 +0000
asID:                     41051
IP address blocks:        2a01:20e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:e5:7e:02:1f:75:bc:3d:3c:f7:61:48:8e:95:56:01:df:9c:c5:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fac4708d7e265db1044f9bb0ee8728587f48b484
        Validity
            Not Before: May  6 22:08:43 2026 GMT
            Not After : May  5 22:13:43 2027 GMT
        Subject: CN=11C7F6E2349D90CD29A99C6110374D1CC09F2818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a0:49:74:23:d8:2c:d6:89:7f:3c:6e:c4:1d:
                    48:19:8e:46:82:aa:12:bd:54:32:d9:d1:cf:33:22:
                    bb:be:cc:44:c5:76:35:04:36:3f:7e:6c:fc:c7:5f:
                    8a:0f:a3:99:31:b5:6e:97:23:bd:2e:6f:f4:ef:63:
                    68:79:2e:74:f0:8e:84:da:5d:64:d7:c3:8a:e1:af:
                    0f:62:8a:5b:3f:d0:f4:9e:85:57:f3:75:74:e6:e2:
                    ec:93:c4:60:50:18:30:83:62:f2:55:28:24:36:52:
                    a5:85:2e:e0:c2:b8:70:fd:29:96:c3:67:01:91:35:
                    d0:c8:4c:11:20:3b:1c:0c:5d:21:62:68:99:42:7f:
                    53:87:08:c4:1d:2b:ed:39:44:d6:f8:33:ae:7e:af:
                    8b:1f:a0:aa:23:67:eb:96:88:2b:0b:ad:4c:77:52:
                    4b:f0:8d:6f:94:e0:dc:ce:0a:dd:9a:74:2b:b7:d3:
                    5b:bd:2a:5e:f2:77:a3:1e:fe:33:14:9b:d8:78:0f:
                    77:03:a5:b8:26:74:eb:8c:76:4b:51:b5:f7:88:2a:
                    d2:35:44:05:d3:8e:1f:82:4f:8a:62:59:24:49:67:
                    3d:97:94:e0:ae:3b:8c:08:ba:19:0c:97:97:83:96:
                    86:ef:15:e6:e6:3c:35:75:0d:1f:7d:bb:6f:1a:21:
                    1d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C7:F6:E2:34:9D:90:CD:29:A9:9C:61:10:37:4D:1C:C0:9F:28:18
            X509v3 Authority Key Identifier:
                keyid:FA:C4:70:8D:7E:26:5D:B1:04:4F:9B:B0:EE:87:28:58:7F:48:B4:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/FAC4708D7E265DB1044F9BB0EE8728587F48B484.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-sRwjX4mXbEET5uw7ocoWH9ItIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/5b58e646-e7a2-465c-87c5-43c359ad9369/0/326130313a3230653a3a2f33322d3332203d3e203431303531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:20e::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:b8:89:62:18:52:d2:ed:86:5c:8f:51:89:dd:e5:b9:16:fa:
         3e:6d:05:5d:c3:76:1c:55:0e:1d:ed:ef:fa:a0:27:bb:08:08:
         e0:2e:d0:d4:34:fd:59:ea:d6:ff:b3:04:fe:4b:76:f3:d1:05:
         04:c1:19:17:5b:3f:74:57:9c:27:ab:2b:65:fb:f9:f8:04:c3:
         62:7a:d4:43:1d:87:46:0b:1f:d3:0a:37:99:c8:34:dd:1c:29:
         f7:8b:54:8b:e2:ed:29:80:e6:9f:b6:f4:6e:21:7c:2f:18:f9:
         f6:bb:a0:fd:98:3b:ec:c8:07:ff:de:23:5c:b7:f4:ac:3c:d1:
         aa:f0:db:33:47:6e:65:68:57:1f:6c:f1:67:a6:e1:51:1e:d6:
         40:1c:30:49:6f:88:a1:c6:b1:fe:8f:16:c8:74:4a:a0:65:e8:
         48:56:c2:65:3d:c7:9c:37:57:35:03:8c:a2:9f:e7:55:b5:98:
         0e:69:86:94:af:36:a6:4e:a4:d1:1e:a6:fc:9d:ea:b1:8a:15:
         46:af:eb:fb:b0:9b:16:36:63:4c:a5:e2:e8:e1:df:d9:42:20:
         a9:bb:50:cd:01:f6:9b:4b:6c:38:63:03:b0:ba:a2:49:f9:f6:
         b5:95:bd:46:dc:84:a5:4e:6a:fa:e7:18:e0:dd:55:a2:52:e1:
         6f:cb:69:4c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUKuV+Ah91vD0892FIjpVWAd+cxaIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZmFjNDcwOGQ3ZTI2NWRiMTA0NGY5YmIwZWU4NzI4NTg3
ZjQ4YjQ4NDAeFw0yNjA1MDYyMjA4NDNaFw0yNzA1MDUyMjEzNDNaMDMxMTAvBgNV
BAMTKDExQzdGNkUyMzQ5RDkwQ0QyOUE5OUM2MTEwMzc0RDFDQzA5RjI4MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOoEl0I9gs1ol/PG7EHUgZjkaC
qhK9VDLZ0c8zIru+zETFdjUENj9+bPzHX4oPo5kxtW6XI70ub/TvY2h5LnTwjoTa
XWTXw4rhrw9iils/0PSehVfzdXTm4uyTxGBQGDCDYvJVKCQ2UqWFLuDCuHD9KZbD
ZwGRNdDITBEgOxwMXSFiaJlCf1OHCMQdK+05RNb4M65+r4sfoKojZ+uWiCsLrUx3
UkvwjW+U4NzOCt2adCu301u9Kl7yd6Me/jMUm9h4D3cDpbgmdOuMdktRtfeIKtI1
RAXTjh+CT4piWSRJZz2XlOCuO4wIuhkMl5eDlobvFebmPDV1DR99u28aIR11AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEcf24jSdkM0pqZxhEDdNHMCfKBgwHwYDVR0j
BBgwFoAU+sRwjX4mXbEET5uw7ocoWH9ItIQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNWI1OGU2NDYtZTdhMi00NjVjLTg3YzUtNDNjMzU5YWQ5
MzY5LzAvRkFDNDcwOEQ3RTI2NURCMTA0NEY5QkIwRUU4NzI4NTg3RjQ4QjQ4NC5j
cmwwZQYIKwYBBQUHAQEEWTBXMFUGCCsGAQUFBzAChklyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEtc1J3alg0bVhiRUVUNXV3N29jb1dI
OUl0SVEuY2VyMIGpBggrBgEFBQcBCwSBnDCBmTCBlgYIKwYBBQUHMAuGgYlyc3lu
YzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzViNThlNjQ2
LWU3YTItNDY1Yy04N2M1LTQzYzM1OWFkOTM2OS8wLzMyNjEzMDMxM2EzMjMwNjUz
YTNhMmYzMzMyMmQzMzMyMjAzZDNlMjAzNDMxMzAzNTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgEC
DjANBgkqhkiG9w0BAQsFAAOCAQEAfriJYhhS0u2GXI9Rid3luRb6Pm0FXcN2HFUO
He3v+qAnuwgI4C7Q1DT9WerW/7ME/kt289EFBMEZF1s/dFecJ6srZfv5+ATDYnrU
Qx2HRgsf0wo3mcg03Rwp94tUi+LtKYDmn7b0biF8Lxj59rug/Zg77MgH/94jXLf0
rDzRqvDbM0duZWhXH2zxZ6bhUR7WQBwwSW+Iocax/o8WyHRKoGXoSFbCZT3HnDdX
NQOMop/nVbWYDmmGlK82pk6k0R6m/J3qsYoVRq/r+7CbFjZjTKXi6OHf2UIgqbtQ
zQH2m0tsOGMDsLqiSfn2tZW9RtyEpU5q+ucY4N1VolLhb8tpTA==
-----END CERTIFICATE-----