Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231322e302f32322d3234203d3e20383334.roa
File:                     35312e3134362e3231322e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          dXunuQsMzgkc7bw3GylgG8/L5qdzhnD+zunLqOFWzbo=
Subject key identifier:   14:64:50:7A:B1:35:37:C8:4F:8B:E6:BE:14:BA:8A:41:93:E4:5E:E6
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       1B632B4B766D09E7C8AE308B3B36BD1B0EA78ED7
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231322e302f32322d3234203d3e20383334.roa
Signing time:             Tue 17 Mar 2026 14:56:35 +0000
ROA not before:           Tue 17 Mar 2026 14:51:35 +0000
ROA not after:            Tue 16 Mar 2027 14:56:35 +0000
asID:                     834
IP address blocks:        51.146.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:63:2b:4b:76:6d:09:e7:c8:ae:30:8b:3b:36:bd:1b:0e:a7:8e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 17 14:51:35 2026 GMT
            Not After : Mar 16 14:56:35 2027 GMT
        Subject: CN=1464507AB13537C84F8BE6BE14BA8A4193E45EE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:69:ac:82:96:ec:e3:0c:62:ac:84:2c:78:94:
                    07:54:af:8b:bd:75:f6:c0:d3:5b:70:e5:18:c0:aa:
                    01:12:62:e8:dd:89:2f:98:a2:78:54:0a:1d:43:2c:
                    ce:8c:0f:55:59:e4:cc:1b:67:41:5b:88:97:98:37:
                    08:f8:be:17:dd:df:d1:32:06:3d:b0:bf:cf:c1:d2:
                    5e:ed:7f:7c:00:e5:c6:f8:44:32:34:38:53:bf:8f:
                    1b:8b:97:c3:b8:eb:70:e2:e2:54:0a:bb:e4:9d:eb:
                    71:1f:b9:5b:51:9d:d7:16:1e:c1:da:ef:47:26:b3:
                    7c:08:b0:c6:3a:a4:fd:ce:1a:6b:f6:3d:84:3d:7c:
                    0e:f5:d4:28:2a:83:29:a1:c5:07:40:7b:d8:8f:3c:
                    4a:e4:9e:b8:98:31:97:09:9e:b6:83:81:88:99:16:
                    72:86:b1:f5:41:bf:bb:a5:89:10:f1:49:45:1d:de:
                    f9:ca:3b:9e:6b:31:de:ae:12:2d:1e:3b:7e:68:d3:
                    a6:d9:e7:9b:66:82:ec:eb:4a:c5:fa:5a:8d:bb:11:
                    1b:91:88:96:16:c2:a9:fa:b2:c5:49:e0:9f:f9:47:
                    7f:c8:f3:3d:79:66:d3:06:3a:8f:64:b6:35:08:6b:
                    17:18:39:ed:8b:aa:11:8d:47:fb:8b:c2:c1:5a:ad:
                    de:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:64:50:7A:B1:35:37:C8:4F:8B:E6:BE:14:BA:8A:41:93:E4:5E:E6
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231322e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:fb:75:f7:b4:3e:a3:b4:16:7a:67:59:d9:d2:49:8b:35:9c:
         0e:1c:7b:97:a3:5c:c0:b4:f0:77:4a:1f:09:0f:fd:8b:d6:d8:
         e7:9b:30:b2:4e:93:ce:e9:f8:0b:53:0b:1f:7d:f3:d2:e0:a1:
         0d:54:11:65:9e:77:d4:ef:70:e0:95:b3:57:8e:52:e1:08:4f:
         fe:39:58:49:50:e1:31:0d:f7:25:d9:f6:82:a2:4d:18:12:49:
         9d:2b:be:89:66:09:d6:eb:35:f4:04:e6:7e:37:e5:33:ee:42:
         71:56:32:3b:bb:54:c5:c9:ed:4d:21:2a:b0:86:32:b6:2a:26:
         19:1a:5d:4a:41:16:4b:8e:6f:c0:dc:5f:cc:e5:1c:37:c6:3c:
         f9:7b:6a:e3:ed:16:d0:f8:d5:38:c1:2b:81:98:53:71:48:29:
         d9:c7:10:50:a6:7a:8e:25:0c:e2:0d:ce:41:dd:a3:ec:87:52:
         1d:59:9a:66:e2:3a:7a:c5:14:a6:21:97:c2:36:aa:15:d8:ef:
         d4:ea:56:73:b3:31:22:df:68:ab:25:fc:eb:a6:c0:a9:dc:d1:
         0e:3d:75:68:ec:b4:a9:d9:e1:b4:65:c1:f5:fa:54:e5:55:1f:
         93:7e:fe:2c:f6:97:29:bd:45:a5:e0:8e:6b:e6:96:02:26:3f:
         f7:fa:bb:73
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUG2MrS3ZtCefIrjCLOza9Gw6njtcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMTcxNDUxMzVaFw0yNzAzMTYxNDU2MzVaMDMxMTAvBgNV
BAMTKDE0NjQ1MDdBQjEzNTM3Qzg0RjhCRTZCRTE0QkE4QTQxOTNFNDVFRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8aayCluzjDGKshCx4lAdUr4u9
dfbA01tw5RjAqgESYujdiS+YonhUCh1DLM6MD1VZ5MwbZ0FbiJeYNwj4vhfd39Ey
Bj2wv8/B0l7tf3wA5cb4RDI0OFO/jxuLl8O463Di4lQKu+Sd63EfuVtRndcWHsHa
70cms3wIsMY6pP3OGmv2PYQ9fA711CgqgymhxQdAe9iPPErknriYMZcJnraDgYiZ
FnKGsfVBv7uliRDxSUUd3vnKO55rMd6uEi0eO35o06bZ55tmguzrSsX6Wo27ERuR
iJYWwqn6ssVJ4J/5R3/I8z15ZtMGOo9ktjUIaxcYOe2LqhGNR/uLwsFard6fAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUFGRQerE1N8hPi+a+FLqKQZPkXuYwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMjMx
MzIyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIzktQw
DQYJKoZIhvcNAQELBQADggEBAEr7dfe0PqO0FnpnWdnSSYs1nA4ce5ejXMC08HdK
HwkP/YvW2OebMLJOk87p+AtTCx9989LgoQ1UEWWed9TvcOCVs1eOUuEIT/45WElQ
4TEN9yXZ9oKiTRgSSZ0rvolmCdbrNfQE5n435TPuQnFWMju7VMXJ7U0hKrCGMrYq
JhkaXUpBFkuOb8DcX8zlHDfGPPl7auPtFtD41TjBK4GYU3FIKdnHEFCmeo4lDOIN
zkHdo+yHUh1ZmmbiOnrFFKYhl8I2qhXY79TqVnOzMSLfaKsl/OumwKnc0Q49dWjs
tKnZ4bRlwfX6VOVVH5N+/iz2lym9RaXgjmvmlgImP/f6u3M=
-----END CERTIFICATE-----