Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3135382e302f32342d3234203d3e2035353131.roa
File:                     35312e3134362e3135382e302f32342d3234203d3e2035353131.roa (raw, json)
Hash identifier:          8PGHF+t87//gOqzca5+g5muDbuZjhnfeq2FaJL3kEzg=
Subject key identifier:   5B:9C:A2:DE:D4:9B:29:5C:47:81:43:70:2F:9B:53:58:07:8C:6D:48
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       406F232C5E8404DB6176822D476D5D184B413769
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3135382e302f32342d3234203d3e2035353131.roa
Signing time:             Mon 16 Mar 2026 17:16:41 +0000
ROA not before:           Mon 16 Mar 2026 17:11:41 +0000
ROA not after:            Mon 15 Mar 2027 17:16:41 +0000
asID:                     5511
IP address blocks:        51.146.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:6f:23:2c:5e:84:04:db:61:76:82:2d:47:6d:5d:18:4b:41:37:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 16 17:11:41 2026 GMT
            Not After : Mar 15 17:16:41 2027 GMT
        Subject: CN=5B9CA2DED49B295C478143702F9B5358078C6D48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:47:04:57:64:52:be:be:09:d9:dd:e3:ed:43:
                    0c:f6:cc:16:e9:73:76:7b:b1:e1:06:34:ec:82:b9:
                    ce:37:e8:35:69:48:6d:ef:bf:6b:09:b6:47:f8:13:
                    86:b7:81:78:40:72:12:88:9c:82:81:98:4e:4c:38:
                    77:99:ad:38:5e:7c:60:39:36:df:d9:15:54:4b:08:
                    45:73:30:ad:06:25:5b:e0:24:24:ba:f9:a8:fa:f9:
                    ae:2b:56:26:8e:bd:4d:29:61:22:a1:b4:e3:9b:fb:
                    0a:a2:73:7b:65:df:73:a9:3b:bf:3d:5f:11:97:49:
                    8b:5b:25:b3:cc:a9:a3:c8:b6:b8:c6:45:4b:58:0b:
                    94:15:c3:87:8c:80:54:c4:84:54:24:85:e7:7e:02:
                    40:a8:51:64:03:0c:bd:69:99:8d:5d:de:bf:d2:77:
                    39:39:7d:2d:bf:51:60:d3:a2:48:fe:15:da:81:64:
                    18:d1:7f:90:62:d5:77:97:69:ed:3a:b4:5e:5c:54:
                    51:8b:56:6f:fa:5b:84:e3:e4:84:46:c5:8d:22:8f:
                    6e:35:7d:ad:bd:62:db:d5:58:21:a3:b5:23:64:ab:
                    fa:30:94:8c:89:7a:59:a7:4e:b8:75:7e:eb:e9:4d:
                    e6:80:c4:e4:97:93:63:07:ec:84:9b:7d:dc:a6:cf:
                    ae:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:9C:A2:DE:D4:9B:29:5C:47:81:43:70:2F:9B:53:58:07:8C:6D:48
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3135382e302f32342d3234203d3e2035353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:fc:4a:eb:b2:10:db:74:c2:88:80:d5:1a:c1:f7:8f:d7:66:
         42:51:6b:fc:bc:01:e2:b7:0c:0a:e1:9a:d7:33:3e:d8:00:8d:
         11:7e:92:8d:6f:27:68:37:17:a2:25:bd:9b:36:98:e1:da:f7:
         02:b4:f3:14:98:55:52:85:f6:79:84:88:53:20:ca:56:c4:0b:
         9b:f1:53:78:e3:46:47:6c:69:a0:ae:af:1c:df:f1:47:d3:e7:
         7e:24:fb:da:5c:48:46:c6:11:0e:43:3e:c6:41:07:3a:e5:9e:
         a0:43:f3:0b:09:81:e1:a4:54:e0:da:84:5c:83:57:6b:38:bc:
         63:be:cf:27:99:72:9d:61:80:cc:73:a6:bb:5f:5c:0d:f3:47:
         19:c1:98:17:48:6d:44:63:2d:73:75:9c:36:60:22:b8:26:81:
         35:3b:15:42:cf:c2:f9:d0:a3:cf:f1:74:6f:49:5d:46:ac:af:
         1c:15:d4:be:00:03:18:f3:b6:1d:06:8c:c0:85:b0:df:bc:c2:
         04:19:9d:b9:df:77:e2:f8:b5:43:64:44:2a:a2:94:fa:b2:bf:
         7c:bd:53:8b:23:31:88:5b:eb:cf:05:12:8d:7a:92:f4:8d:55:
         d0:ec:4b:90:e4:49:d2:6b:9c:ac:47:8d:99:08:bb:8a:62:34:
         bf:2e:d2:f7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQG8jLF6EBNthdoItR21dGEtBN2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMTYxNzExNDFaFw0yNzAzMTUxNzE2NDFaMDMxMTAvBgNV
BAMTKDVCOUNBMkRFRDQ5QjI5NUM0NzgxNDM3MDJGOUI1MzU4MDc4QzZENDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVRwRXZFK+vgnZ3ePtQwz2zBbp
c3Z7seEGNOyCuc436DVpSG3vv2sJtkf4E4a3gXhAchKInIKBmE5MOHeZrThefGA5
Nt/ZFVRLCEVzMK0GJVvgJCS6+aj6+a4rViaOvU0pYSKhtOOb+wqic3tl33OpO789
XxGXSYtbJbPMqaPItrjGRUtYC5QVw4eMgFTEhFQkhed+AkCoUWQDDL1pmY1d3r/S
dzk5fS2/UWDTokj+FdqBZBjRf5Bi1XeXae06tF5cVFGLVm/6W4Tj5IRGxY0ij241
fa29YtvVWCGjtSNkq/owlIyJelmnTrh1fuvpTeaAxOSXk2MH7ISbfdymz665AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUW5yi3tSbKVxHgUNwL5tTWAeMbUgwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM1
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTM1MzEzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADOS
njANBgkqhkiG9w0BAQsFAAOCAQEAi/xK67IQ23TCiIDVGsH3j9dmQlFr/LwB4rcM
CuGa1zM+2ACNEX6SjW8naDcXoiW9mzaY4dr3ArTzFJhVUoX2eYSIUyDKVsQLm/FT
eONGR2xpoK6vHN/xR9PnfiT72lxIRsYRDkM+xkEHOuWeoEPzCwmB4aRU4NqEXINX
azi8Y77PJ5lynWGAzHOmu19cDfNHGcGYF0htRGMtc3WcNmAiuCaBNTsVQs/C+dCj
z/F0b0ldRqyvHBXUvgADGPO2HQaMwIWw37zCBBmdud934vi1Q2REKqKU+rK/fL1T
iyMxiFvrzwUSjXqS9I1V0OxLkORJ0mucrEeNmQi7imI0vy7S9w==
-----END CERTIFICATE-----