Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3137362e302f32322d3234203d3e2037303239.roa
File:                     35312e3134362e3137362e302f32322d3234203d3e2037303239.roa (raw, json)
Hash identifier:          EAmGzl05SlgusPMIZefJPtjCwdY0PMpNbDa1xHOQlPs=
Subject key identifier:   80:67:21:5A:86:B1:E9:5F:85:7B:3E:8C:C6:FA:7D:CE:19:0E:07:FE
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       41179213DBCF24756F8BE0BE1DB6A01E2264280E
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3137362e302f32322d3234203d3e2037303239.roa
Signing time:             Fri 13 Mar 2026 23:24:13 +0000
ROA not before:           Fri 13 Mar 2026 23:19:13 +0000
ROA not after:            Fri 12 Mar 2027 23:24:13 +0000
asID:                     7029
IP address blocks:        51.146.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:17:92:13:db:cf:24:75:6f:8b:e0:be:1d:b6:a0:1e:22:64:28:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 13 23:19:13 2026 GMT
            Not After : Mar 12 23:24:13 2027 GMT
        Subject: CN=8067215A86B1E95F857B3E8CC6FA7DCE190E07FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a8:56:f9:c6:24:c9:f7:f8:f0:85:b0:be:87:
                    07:cb:50:69:a9:ae:55:ce:4b:22:38:11:1e:82:5a:
                    64:23:db:fc:0e:ad:1c:9e:76:78:aa:4a:56:29:ad:
                    77:36:81:0f:59:4d:d0:e6:43:55:c4:6d:f1:55:ba:
                    66:43:a4:c6:67:41:d2:e7:d1:b4:16:1d:cf:b0:7f:
                    16:27:3a:3c:9f:aa:06:c9:bb:5c:0e:78:93:bd:b6:
                    44:02:81:cd:cf:ac:ef:4a:e7:62:cc:9d:e9:f8:bb:
                    16:f5:ca:ab:e2:0a:43:93:b7:7d:c3:5f:c5:d8:6f:
                    57:93:40:74:e6:ac:cd:a4:ce:97:a3:5d:ec:b0:7e:
                    59:30:aa:0a:1b:94:ab:d3:d7:c3:cf:34:16:82:7a:
                    12:23:58:df:0b:9c:e3:85:cd:6a:0c:a1:00:b3:c5:
                    0b:e5:f5:84:f7:5d:65:66:22:18:9a:10:18:ca:e5:
                    b1:9d:d4:39:6c:fe:6f:e3:86:f0:b5:c7:16:f0:dd:
                    c3:2b:8f:ee:87:a2:00:3b:34:09:11:e6:b7:5d:3b:
                    13:64:b9:d1:2a:6d:3f:99:12:dd:6c:08:e4:f2:6c:
                    b8:56:a1:d2:02:aa:36:2d:39:67:0e:b3:20:54:c0:
                    f9:05:cc:9f:33:7d:a7:56:9f:31:7c:20:e3:75:59:
                    e8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:67:21:5A:86:B1:E9:5F:85:7B:3E:8C:C6:FA:7D:CE:19:0E:07:FE
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3137362e302f32322d3234203d3e2037303239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:b7:ea:d7:f4:2c:b1:6d:a7:4a:60:7c:88:62:59:56:76:26:
         23:3d:c6:2d:83:11:43:b4:be:78:32:19:89:56:c2:3e:d5:ee:
         a1:5f:aa:a1:ce:83:bf:2a:fc:fb:69:97:c3:7b:af:f9:56:4d:
         2d:94:68:0a:53:74:f0:98:70:66:e7:39:81:7b:04:07:92:32:
         af:46:e9:30:06:45:2e:6f:3f:e1:60:26:b1:a5:a4:93:bb:4c:
         07:e5:9f:72:34:f1:50:94:d8:a9:16:8e:04:8d:ac:c6:f3:69:
         20:92:32:7d:bf:75:bb:c1:bb:02:c3:aa:2e:46:f9:5b:42:23:
         36:f3:1e:6f:8f:99:6c:1d:3a:4f:0a:24:37:48:ab:bb:42:2c:
         e6:df:ae:3d:4f:25:d5:13:1b:0c:92:47:ae:bf:bf:b3:0b:02:
         1f:68:88:12:4b:dd:2f:f5:23:a4:87:1a:0a:7f:ea:69:0a:36:
         57:d8:de:9c:ed:4c:ee:6b:e6:f5:d9:8b:5a:07:75:a0:05:32:
         db:03:91:d5:76:4b:ea:92:e9:6b:26:e5:9f:f6:88:a7:ed:54:
         9c:6f:47:24:ba:fc:9f:7c:76:02:59:8d:75:61:be:3e:f8:b6:
         17:bc:fa:e8:97:ba:60:e7:18:13:cb:6e:f9:54:2c:64:7c:10:
         b1:c6:e8:f2
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUQReSE9vPJHVvi+C+HbagHiJkKA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMTMyMzE5MTNaFw0yNzAzMTIyMzI0MTNaMDMxMTAvBgNV
BAMTKDgwNjcyMTVBODZCMUU5NUY4NTdCM0U4Q0M2RkE3RENFMTkwRTA3RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLqFb5xiTJ9/jwhbC+hwfLUGmp
rlXOSyI4ER6CWmQj2/wOrRyedniqSlYprXc2gQ9ZTdDmQ1XEbfFVumZDpMZnQdLn
0bQWHc+wfxYnOjyfqgbJu1wOeJO9tkQCgc3PrO9K52LMnen4uxb1yqviCkOTt33D
X8XYb1eTQHTmrM2kzpejXeywflkwqgoblKvT18PPNBaCehIjWN8LnOOFzWoMoQCz
xQvl9YT3XWVmIhiaEBjK5bGd1Dls/m/jhvC1xxbw3cMrj+6HogA7NAkR5rddOxNk
udEqbT+ZEt1sCOTybLhWodICqjYtOWcOsyBUwPkFzJ8zfadWnzF8ION1WegdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgGchWoax6V+Fez6Mxvp9zhkOB/4wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM3
MzYyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNzMwMzIzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjOS
sDANBgkqhkiG9w0BAQsFAAOCAQEAO7fq1/QssW2nSmB8iGJZVnYmIz3GLYMRQ7S+
eDIZiVbCPtXuoV+qoc6Dvyr8+2mXw3uv+VZNLZRoClN08JhwZuc5gXsEB5Iyr0bp
MAZFLm8/4WAmsaWkk7tMB+WfcjTxUJTYqRaOBI2sxvNpIJIyfb91u8G7AsOqLkb5
W0IjNvMeb4+ZbB06TwokN0iru0Is5t+uPU8l1RMbDJJHrr+/swsCH2iIEkvdL/Uj
pIcaCn/qaQo2V9jenO1M7mvm9dmLWgd1oAUy2wOR1XZL6pLpaybln/aIp+1UnG9H
JLr8n3x2AlmNdWG+Pvi2F7z66Je6YOcYE8tu+VQsZHwQscbo8g==
-----END CERTIFICATE-----