Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3138382e302f32332d3233203d3e2036303739.roa
File:                     35312e3134362e3138382e302f32332d3233203d3e2036303739.roa (raw, json)
Hash identifier:          L8ZBRVcLHeHTK0ESt6Uwx+jS832MIdwopxYG3UUI0vQ=
Subject key identifier:   F0:EA:16:63:71:37:53:2E:D9:9C:20:18:6B:7E:F3:F9:F5:9E:DB:A6
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3D801705FDF264C8C7102C651A9FA710DEAF876E
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3138382e302f32332d3233203d3e2036303739.roa
Signing time:             Fri 20 Mar 2026 12:53:06 +0000
ROA not before:           Fri 20 Mar 2026 12:48:06 +0000
ROA not after:            Fri 19 Mar 2027 12:53:06 +0000
asID:                     6079
IP address blocks:        51.146.188.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:80:17:05:fd:f2:64:c8:c7:10:2c:65:1a:9f:a7:10:de:af:87:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 20 12:48:06 2026 GMT
            Not After : Mar 19 12:53:06 2027 GMT
        Subject: CN=F0EA16637137532ED99C20186B7EF3F9F59EDBA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:82:15:4f:4e:b3:fb:bf:8c:c9:14:4c:71:d2:
                    17:1a:f9:d5:e3:3f:8a:ae:12:b2:ca:96:a1:c2:1c:
                    a9:7e:d4:bb:d6:c5:49:6f:16:fb:4c:5e:fb:2d:29:
                    21:e6:84:6d:95:8e:4f:9a:cf:2f:9f:15:4e:44:7b:
                    02:0e:0f:26:c6:ad:26:ca:9e:83:4b:a5:d9:22:5f:
                    2f:b9:06:aa:a9:e1:f2:1d:aa:e7:1d:59:0a:1d:2d:
                    4e:c5:02:c9:a5:b3:07:e1:d5:10:45:1c:56:87:03:
                    a8:04:50:f7:f1:a4:0c:23:81:6d:a1:de:93:e4:3d:
                    34:a4:0a:62:59:dd:81:0f:15:67:63:00:93:7d:2b:
                    af:75:3d:ed:78:f8:81:a9:a5:9a:54:9d:7c:8a:9e:
                    be:a3:5a:55:c2:ce:ad:e0:16:6f:a4:a9:0d:16:73:
                    81:08:2a:ef:ff:1a:11:dd:1a:3b:8e:5d:42:8c:ec:
                    0d:2e:a6:af:8e:b2:15:c4:4b:3d:15:60:e7:fd:09:
                    f1:1c:18:62:c6:ae:ac:36:25:ce:90:ed:c8:5d:7c:
                    43:76:39:ed:1b:8a:85:91:01:47:f4:9b:02:cd:80:
                    cf:b6:99:f1:01:4d:b7:f9:95:68:94:bd:4c:61:89:
                    1b:1c:20:ae:62:90:cf:6b:b5:b7:ff:e9:7c:7b:57:
                    a4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:EA:16:63:71:37:53:2E:D9:9C:20:18:6B:7E:F3:F9:F5:9E:DB:A6
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3138382e302f32332d3233203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:0e:63:e9:d4:00:d9:f3:80:5d:db:14:6d:22:7c:79:97:8e:
         af:bd:96:30:28:67:1d:57:c2:59:3d:00:34:ac:93:b1:ec:a1:
         52:d2:56:c5:ae:27:6b:e0:cd:d8:f2:c6:31:96:e2:3d:41:d1:
         1f:dd:fc:e8:6d:08:6b:f2:69:73:1f:b0:d5:84:71:49:14:87:
         11:b9:2a:27:c1:55:e4:04:41:d9:f8:8d:b1:24:48:d1:3f:5b:
         25:cd:bf:e9:e1:da:ec:93:39:ab:6c:dc:88:10:b5:b1:a7:23:
         68:bf:93:fe:38:c8:f0:c6:1a:9f:43:9b:86:84:69:0f:16:4c:
         fc:11:2f:93:de:e1:91:eb:7a:02:6a:31:49:b0:fc:eb:15:2a:
         71:c3:b8:e9:c2:03:cb:95:39:b7:ed:ef:7d:83:11:41:5c:aa:
         fa:e2:0d:bc:2c:b3:bb:6d:ad:24:a9:22:51:bf:ab:59:a6:a8:
         4b:da:11:ea:0f:71:98:77:9d:4e:f2:34:c3:58:4e:58:31:b2:
         d2:4f:c9:af:cb:bb:3b:00:32:94:8b:91:23:ae:3d:7f:11:91:
         ec:45:a1:4c:37:e2:e3:53:1d:63:dc:ac:8a:70:15:c8:c9:7f:
         58:70:62:5a:81:57:23:a5:f6:d7:93:9c:9c:de:a5:ed:36:60:
         1a:3b:d2:3d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPYAXBf3yZMjHECxlGp+nEN6vh24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjAxMjQ4MDZaFw0yNzAzMTkxMjUzMDZaMDMxMTAvBgNV
BAMTKEYwRUExNjYzNzEzNzUzMkVEOTlDMjAxODZCN0VGM0Y5RjU5RURCQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAghVPTrP7v4zJFExx0hca+dXj
P4quErLKlqHCHKl+1LvWxUlvFvtMXvstKSHmhG2Vjk+azy+fFU5EewIODybGrSbK
noNLpdkiXy+5Bqqp4fIdqucdWQodLU7FAsmlswfh1RBFHFaHA6gEUPfxpAwjgW2h
3pPkPTSkCmJZ3YEPFWdjAJN9K691Pe14+IGppZpUnXyKnr6jWlXCzq3gFm+kqQ0W
c4EIKu//GhHdGjuOXUKM7A0upq+OshXESz0VYOf9CfEcGGLGrqw2Jc6Q7chdfEN2
Oe0bioWRAUf0mwLNgM+2mfEBTbf5lWiUvUxhiRscIK5ikM9rtbf/6Xx7V6QlAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU8OoWY3E3Uy7ZnCAYa37z+fWe26YwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM4
MzgyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATOS
vDANBgkqhkiG9w0BAQsFAAOCAQEAHg5j6dQA2fOAXdsUbSJ8eZeOr72WMChnHVfC
WT0ANKyTseyhUtJWxa4na+DN2PLGMZbiPUHRH9386G0Ia/Jpcx+w1YRxSRSHEbkq
J8FV5ARB2fiNsSRI0T9bJc2/6eHa7JM5q2zciBC1sacjaL+T/jjI8MYan0ObhoRp
DxZM/BEvk97hket6AmoxSbD86xUqccO46cIDy5U5t+3vfYMRQVyq+uINvCyzu22t
JKkiUb+rWaaoS9oR6g9xmHedTvI0w1hOWDGy0k/Jr8u7OwAylIuRI649fxGR7EWh
TDfi41MdY9ysinAVyMl/WHBiWoFXI6X215OcnN6l7TZgGjvSPQ==
-----END CERTIFICATE-----