Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3139322e302f32322d3234203d3e2035363530.roa
File:                     35312e3134362e3139322e302f32322d3234203d3e2035363530.roa (raw, json)
Hash identifier:          aZXKRo/V0Pg9ij0jHg7DfZBxxZykXHoAUzQKai/afS4=
Subject key identifier:   42:27:14:F9:A5:66:19:58:F1:FD:61:DE:E1:16:A1:4D:53:86:D6:8F
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       3007AC197465CC07C0A14CCDEFF55277B6C88BE9
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3139322e302f32322d3234203d3e2035363530.roa
Signing time:             Mon 09 Mar 2026 16:25:01 +0000
ROA not before:           Mon 09 Mar 2026 16:20:01 +0000
ROA not after:            Mon 08 Mar 2027 16:25:01 +0000
asID:                     5650
IP address blocks:        51.146.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:07:ac:19:74:65:cc:07:c0:a1:4c:cd:ef:f5:52:77:b6:c8:8b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar  9 16:20:01 2026 GMT
            Not After : Mar  8 16:25:01 2027 GMT
        Subject: CN=422714F9A5661958F1FD61DEE116A14D5386D68F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:59:4b:d6:85:3e:88:5e:3b:5b:bf:54:86:18:
                    99:d2:4c:30:5d:35:d4:96:14:ec:44:da:c8:58:93:
                    b9:f2:ad:70:72:3e:d6:07:17:83:5f:06:26:f8:ae:
                    14:17:35:b0:37:7d:54:d5:23:31:75:c0:87:9a:f7:
                    27:e4:64:e2:dd:4c:3f:8e:4f:0a:00:67:d2:ee:a6:
                    2d:5a:30:a4:e8:0c:42:06:13:ec:6b:61:fc:41:60:
                    2f:dc:05:f0:95:ee:71:21:9c:d0:af:8d:b4:f5:55:
                    4a:bd:1c:b4:ca:bf:1d:27:5e:12:3f:cb:1a:b3:aa:
                    b5:dd:c2:26:04:8e:3f:ce:6d:0c:02:b7:cd:b7:f4:
                    88:ea:e5:07:1b:e2:d9:8e:d2:0e:f3:2b:53:25:7d:
                    56:fe:04:e1:83:96:1d:cf:c3:92:d4:e9:dc:0e:b9:
                    cf:aa:47:19:e7:be:af:c7:43:f0:a1:c8:d5:ff:1f:
                    6c:63:e5:31:ea:41:da:eb:25:ed:c7:83:28:f6:33:
                    6a:64:21:fb:2a:80:73:64:b6:fa:5b:f4:99:cb:25:
                    61:a4:33:5f:49:8d:1a:c0:33:8a:18:40:54:4f:c1:
                    a2:21:f4:5b:56:61:c9:bc:48:f5:c4:72:76:ae:ad:
                    7c:55:92:9f:f5:51:af:ed:ac:2f:a7:48:ad:cb:40:
                    2d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:27:14:F9:A5:66:19:58:F1:FD:61:DE:E1:16:A1:4D:53:86:D6:8F
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3139322e302f32322d3234203d3e2035363530.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:1a:f4:68:bd:c7:19:79:ca:f5:3f:00:4c:5b:f1:05:8b:08:
         e6:77:6f:d4:28:c9:c1:6f:9e:8a:24:34:64:01:39:db:a1:51:
         d5:0d:ad:14:e3:a6:a8:a5:66:e9:9e:e2:31:ca:4f:fe:0c:85:
         3c:6f:70:10:13:41:f9:9f:e2:43:fd:69:8f:83:04:83:f7:a1:
         f8:0e:e4:fa:fb:c1:82:d8:2c:ee:2c:0e:f0:dc:5c:75:9b:de:
         de:15:41:a5:ad:65:8e:44:81:31:2a:80:98:f3:b1:77:1c:7e:
         3d:83:b7:0b:50:83:64:99:d6:71:98:48:03:8f:61:75:ef:22:
         67:f1:7c:d5:4b:05:72:f6:e9:92:99:3e:a0:bf:da:f2:b3:57:
         cd:0f:ac:06:ae:ea:de:37:b4:39:b0:33:83:2a:be:f9:0b:37:
         6b:37:7f:79:e2:03:cd:9b:43:f4:69:d1:79:b7:89:6d:53:d2:
         70:fc:7d:f5:04:3a:9e:1f:a4:ff:c6:64:42:26:f3:33:90:03:
         4e:bd:30:c5:ea:ec:34:e2:39:03:b4:08:3d:38:ad:88:41:7f:
         eb:16:ec:3c:39:12:6a:0a:6c:78:1f:39:c6:c5:25:ce:08:1a:
         cf:c6:73:5f:10:b0:a3:13:c2:62:01:3e:65:55:6b:da:20:cd:
         f7:bc:2e:08
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMAesGXRlzAfAoUzN7/VSd7bIi+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMDkxNjIwMDFaFw0yNzAzMDgxNjI1MDFaMDMxMTAvBgNV
BAMTKDQyMjcxNEY5QTU2NjE5NThGMUZENjFERUUxMTZBMTRENTM4NkQ2OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMWUvWhT6IXjtbv1SGGJnSTDBd
NdSWFOxE2shYk7nyrXByPtYHF4NfBib4rhQXNbA3fVTVIzF1wIea9yfkZOLdTD+O
TwoAZ9Lupi1aMKToDEIGE+xrYfxBYC/cBfCV7nEhnNCvjbT1VUq9HLTKvx0nXhI/
yxqzqrXdwiYEjj/ObQwCt8239Ijq5Qcb4tmO0g7zK1MlfVb+BOGDlh3Pw5LU6dwO
uc+qRxnnvq/HQ/ChyNX/H2xj5THqQdrrJe3Hgyj2M2pkIfsqgHNktvpb9JnLJWGk
M19JjRrAM4oYQFRPwaIh9FtWYcm8SPXEcnaurXxVkp/1Ua/trC+nSK3LQC3TAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUQicU+aVmGVjx/WHe4RahTVOG1o8wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMTM5
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTM2MzUzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjOS
wDANBgkqhkiG9w0BAQsFAAOCAQEAXRr0aL3HGXnK9T8ATFvxBYsI5ndv1CjJwW+e
iiQ0ZAE526FR1Q2tFOOmqKVm6Z7iMcpP/gyFPG9wEBNB+Z/iQ/1pj4MEg/eh+A7k
+vvBgtgs7iwO8NxcdZve3hVBpa1ljkSBMSqAmPOxdxx+PYO3C1CDZJnWcZhIA49h
de8iZ/F81UsFcvbpkpk+oL/a8rNXzQ+sBq7q3je0ObAzgyq++Qs3azd/eeIDzZtD
9GnRebeJbVPScPx99QQ6nh+k/8ZkQibzM5ADTr0wxersNOI5A7QIPTitiEF/6xbs
PDkSagpseB85xsUlzggaz8ZzXxCwoxPCYgE+ZVVr2iDN97wuCA==
-----END CERTIFICATE-----