Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3138352e3135302e3133392e302f32342d3234203d3e20383334.roa
File:                     3138352e3135302e3133392e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          iEdgrsjuWqd298OHInox2kyilnK8gj9oNhZg7Ivfgzc=
Subject key identifier:   8D:46:66:32:69:F2:6E:8C:B8:6D:45:13:53:A4:8A:82:70:CB:15:20
Certificate issuer:       /CN=048af665bf8b186b70220759d26c578f40b5f3e3
Certificate serial:       31EE5DAAC30DF5D8FB02EB7AA00E7AF3FFD377C5
Authority key identifier: 04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3138352e3135302e3133392e302f32342d3234203d3e20383334.roa
Signing time:             Fri 20 Mar 2026 00:07:17 +0000
ROA not before:           Fri 20 Mar 2026 00:02:17 +0000
ROA not after:            Fri 19 Mar 2027 00:07:17 +0000
asID:                     834
IP address blocks:        185.150.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 14:30:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ee:5d:aa:c3:0d:f5:d8:fb:02:eb:7a:a0:0e:7a:f3:ff:d3:77:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=048af665bf8b186b70220759d26c578f40b5f3e3
        Validity
            Not Before: Mar 20 00:02:17 2026 GMT
            Not After : Mar 19 00:07:17 2027 GMT
        Subject: CN=8D46663269F26E8CB86D451353A48A8270CB1520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:3d:7e:ac:84:f7:25:58:83:4a:ff:b2:9f:a8:
                    de:d0:fb:90:60:5a:35:98:0b:69:a8:49:1a:14:27:
                    b9:e4:13:ca:ad:70:4a:d0:3f:6f:57:ef:1a:c2:7c:
                    97:9a:7d:f8:c5:59:dd:e5:c4:e4:e7:d6:6b:fe:e7:
                    08:d0:e2:ef:69:66:42:bd:cc:c7:88:33:2e:28:41:
                    03:8a:c0:52:89:c0:a6:aa:83:86:10:31:f8:c7:fc:
                    b1:0b:1b:96:dd:91:05:79:1a:64:42:9f:1e:df:2e:
                    5a:cb:8b:57:42:6e:85:a4:23:1a:7d:22:dd:39:c1:
                    38:9c:95:e4:43:49:dc:5c:6f:56:26:43:88:98:1f:
                    a8:35:da:01:ed:85:d3:e9:64:c6:ee:75:b6:6c:08:
                    9d:58:64:a6:25:42:af:c6:1d:7e:b1:59:8f:fc:97:
                    86:fd:c3:a5:aa:2c:60:25:2a:4c:20:b6:53:04:8b:
                    6c:72:38:70:a2:c6:35:f8:ea:35:ea:c1:0d:92:3c:
                    b9:2a:97:e6:c0:86:cc:d0:b7:08:3d:4c:a6:e9:19:
                    d4:67:a8:f5:6e:31:5e:f6:02:80:33:52:ee:1f:dc:
                    99:e7:7a:14:68:4e:20:ff:28:2a:c5:24:1a:ba:66:
                    a2:49:6a:87:98:3b:2b:57:4a:9a:46:62:09:de:b7:
                    ea:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:46:66:32:69:F2:6E:8C:B8:6D:45:13:53:A4:8A:82:70:CB:15:20
            X509v3 Authority Key Identifier:
                keyid:04:8A:F6:65:BF:8B:18:6B:70:22:07:59:D2:6C:57:8F:40:B5:F3:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/048AF665BF8B186B70220759D26C578F40B5F3E3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BIr2Zb-LGGtwIgdZ0mxXj0C18-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/82a9bf5b-39c1-4050-b073-48075b861d87/0/3138352e3135302e3133392e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:0c:8e:7c:c2:47:6f:22:21:78:82:c3:c8:94:39:49:98:3c:
         61:70:20:0a:a0:e7:e5:4a:a2:50:83:7b:1f:95:17:00:dd:ac:
         6b:ea:b7:70:50:4d:cd:4e:ae:46:f5:f8:46:5f:5e:6c:b1:ea:
         9f:5b:a9:ad:b7:a6:e9:72:4a:30:e7:d1:f7:37:ce:d2:7f:a1:
         25:55:85:0c:98:16:be:17:c8:de:40:45:5f:b9:30:b6:15:90:
         28:d1:c2:12:49:a2:25:d4:fa:01:39:d2:f9:a7:c1:d5:b5:2d:
         84:99:d8:f7:a6:31:af:50:de:43:7b:14:46:d6:46:ce:71:f1:
         8b:38:c9:0d:b2:7c:0e:c7:d1:8a:d8:b0:8a:8c:0d:ce:e3:d5:
         52:89:48:70:d1:6b:a7:b7:38:38:c0:21:21:37:61:0d:c5:fa:
         ca:f1:16:f4:fa:f5:82:03:5f:3b:f5:be:9f:72:3e:bf:34:53:
         d0:90:e8:c9:6a:e4:e7:4f:04:c4:a1:c6:6b:5d:53:7d:5b:be:
         e4:93:d1:3b:a6:b4:0f:3c:39:3f:2f:64:05:62:c6:7f:ff:24:
         be:3f:70:de:5a:ab:db:f8:f3:7e:a4:3e:4e:74:27:70:ea:e1:
         b3:12:18:1e:cc:c5:26:d1:22:9e:4e:e9:42:28:9b:ab:de:f8:
         fa:73:97:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMe5dqsMN9dj7Aut6oA568//Td8UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ4YWY2NjViZjhiMTg2YjcwMjIwNzU5ZDI2YzU3OGY0
MGI1ZjNlMzAeFw0yNjAzMjAwMDAyMTdaFw0yNzAzMTkwMDA3MTdaMDMxMTAvBgNV
BAMTKDhENDY2NjMyNjlGMjZFOENCODZENDUxMzUzQTQ4QTgyNzBDQjE1MjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqPX6shPclWINK/7KfqN7Q+5Bg
WjWYC2moSRoUJ7nkE8qtcErQP29X7xrCfJeaffjFWd3lxOTn1mv+5wjQ4u9pZkK9
zMeIMy4oQQOKwFKJwKaqg4YQMfjH/LELG5bdkQV5GmRCnx7fLlrLi1dCboWkIxp9
It05wTicleRDSdxcb1YmQ4iYH6g12gHthdPpZMbudbZsCJ1YZKYlQq/GHX6xWY/8
l4b9w6WqLGAlKkwgtlMEi2xyOHCixjX46jXqwQ2SPLkql+bAhszQtwg9TKbpGdRn
qPVuMV72AoAzUu4f3JnnehRoTiD/KCrFJBq6ZqJJaoeYOytXSppGYgnet+rNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUjUZmMmnyboy4bUUTU6SKgnDLFSAwHwYDVR0j
BBgwFoAUBIr2Zb+LGGtwIgdZ0mxXj0C18+MwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODJhOWJmNWItMzljMS00MDUwLWIwNzMtNDgwNzViODYx
ZDg3LzAvMDQ4QUY2NjVCRjhCMTg2QjcwMjIwNzU5RDI2QzU3OEY0MEI1RjNFMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0JJcjJaYi1MR0d0d0lnZFowbXhYajBD
MTgtTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODJhOWJmNWIt
MzljMS00MDUwLWIwNzMtNDgwNzViODYxZDg3LzAvMzEzODM1MmUzMTM1MzAyZTMx
MzMzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmW
izANBgkqhkiG9w0BAQsFAAOCAQEAEQyOfMJHbyIheILDyJQ5SZg8YXAgCqDn5Uqi
UIN7H5UXAN2sa+q3cFBNzU6uRvX4Rl9ebLHqn1uprbem6XJKMOfR9zfO0n+hJVWF
DJgWvhfI3kBFX7kwthWQKNHCEkmiJdT6ATnS+afB1bUthJnY96Yxr1DeQ3sURtZG
znHxizjJDbJ8DsfRitiwiowNzuPVUolIcNFrp7c4OMAhITdhDcX6yvEW9Pr1ggNf
O/W+n3I+vzRT0JDoyWrk508ExKHGa11TfVu+5JPRO6a0Dzw5Py9kBWLGf/8kvj9w
3lqr2/jzfqQ+TnQncOrhsxIYHszFJtEink7pQiibq974+nOXbQ==
-----END CERTIFICATE-----