Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231362e302f32332d3233203d3e2036303739.roa
File:                     35312e3134362e3231362e302f32332d3233203d3e2036303739.roa (raw, json)
Hash identifier:          Va6X4GwqE7Icku8If6LZc8ogGr7cE4ilUMzBXn5GiJg=
Subject key identifier:   73:91:35:7B:42:3C:6C:4E:D7:6E:65:25:F3:63:56:64:55:18:84:A9
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       44A1E549D260F57ED702968254280C459C557E97
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231362e302f32332d3233203d3e2036303739.roa
Signing time:             Fri 20 Mar 2026 12:53:06 +0000
ROA not before:           Fri 20 Mar 2026 12:48:06 +0000
ROA not after:            Fri 19 Mar 2027 12:53:06 +0000
asID:                     6079
IP address blocks:        51.146.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:a1:e5:49:d2:60:f5:7e:d7:02:96:82:54:28:0c:45:9c:55:7e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 20 12:48:06 2026 GMT
            Not After : Mar 19 12:53:06 2027 GMT
        Subject: CN=7391357B423C6C4ED76E6525F3635664551884A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:a1:56:f2:03:d4:5e:25:7a:52:0a:ad:94:6f:
                    35:28:38:5a:93:7a:55:b0:59:4b:de:5c:56:06:13:
                    d9:0d:7b:62:db:f4:5d:d3:bc:18:57:34:b1:06:89:
                    a1:af:f3:08:33:87:29:c2:15:3c:42:dd:a6:a8:82:
                    da:66:ab:30:63:27:10:8c:9c:a7:80:81:f2:e6:90:
                    1d:f9:31:22:cf:2e:26:fd:4a:d3:d8:4a:e6:f2:e3:
                    39:e7:b5:4a:39:2a:cc:31:62:08:d3:3e:55:a2:e0:
                    f7:df:16:7e:3d:c3:4b:93:f2:a8:5f:a8:f6:86:27:
                    45:7d:f4:25:79:19:36:89:c6:23:b4:3a:f9:68:a4:
                    72:ed:7f:92:86:bc:ca:4c:fc:d7:24:1c:b6:1b:33:
                    9c:2d:de:1e:e8:26:f9:8b:f7:85:3f:32:ab:61:21:
                    27:bd:1c:08:7e:c3:78:8d:d4:31:6e:b5:3c:40:bc:
                    ba:77:6c:5a:4a:93:fa:c7:00:33:8d:19:73:5f:7f:
                    13:2a:d3:44:c0:ee:8e:2b:7f:43:43:be:55:53:55:
                    78:db:40:40:78:22:dd:d6:de:e5:5e:2a:2e:55:3d:
                    0b:74:51:b7:2f:f1:c2:f1:b9:1e:52:f1:87:6c:0b:
                    98:f4:99:2d:fb:dd:6b:8d:fd:d3:2e:2c:4e:2e:28:
                    56:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:91:35:7B:42:3C:6C:4E:D7:6E:65:25:F3:63:56:64:55:18:84:A9
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231362e302f32332d3233203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:08:49:8a:d0:b4:44:3b:8e:90:39:bc:56:b8:f1:f7:cc:f3:
         fc:01:bc:92:bf:34:19:a4:c4:9f:ea:07:37:11:92:a5:87:a3:
         8a:66:76:24:ab:c7:d0:42:be:4f:38:5a:e3:ad:92:98:34:77:
         c2:fa:91:45:78:36:3c:0c:91:43:3e:b7:c8:84:e8:ad:40:0c:
         da:a3:95:12:96:d6:57:bb:a8:1f:46:b8:0d:a0:8c:78:4f:9d:
         56:be:b1:7c:12:69:42:56:9e:44:00:d6:8c:5c:90:ec:14:40:
         4d:21:90:a7:8e:3e:ba:e9:d9:16:2b:cd:e7:dc:61:f4:f5:8f:
         79:f8:2c:cf:47:b7:a0:9d:29:41:f0:e3:8e:d6:4b:68:4c:0d:
         10:5d:81:f1:21:9f:f1:65:77:bd:ae:0e:b0:b6:38:5e:d6:ac:
         0c:c7:8f:ae:3c:6b:0d:e6:70:19:4d:d5:e2:b4:6e:26:dc:39:
         ce:df:86:f3:de:1e:d2:46:77:c7:81:c7:eb:77:4e:8f:a9:53:
         2c:af:15:c0:fa:d2:4d:cb:82:4b:58:5c:46:6d:a7:98:cb:c4:
         76:10:15:0c:da:15:c1:90:23:59:2e:88:c9:94:32:e4:c1:24:
         eb:77:8b:5d:c7:3b:30:3a:2e:9e:76:bb:86:25:c9:2c:85:f2:
         66:dd:3d:96
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURKHlSdJg9X7XApaCVCgMRZxVfpcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjAxMjQ4MDZaFw0yNzAzMTkxMjUzMDZaMDMxMTAvBgNV
BAMTKDczOTEzNTdCNDIzQzZDNEVENzZFNjUyNUYzNjM1NjY0NTUxODg0QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsoVbyA9ReJXpSCq2UbzUoOFqT
elWwWUveXFYGE9kNe2Lb9F3TvBhXNLEGiaGv8wgzhynCFTxC3aaogtpmqzBjJxCM
nKeAgfLmkB35MSLPLib9StPYSuby4znntUo5KswxYgjTPlWi4PffFn49w0uT8qhf
qPaGJ0V99CV5GTaJxiO0OvlopHLtf5KGvMpM/NckHLYbM5wt3h7oJvmL94U/Mqth
ISe9HAh+w3iN1DFutTxAvLp3bFpKk/rHADONGXNffxMq00TA7o4rf0NDvlVTVXjb
QEB4It3W3uVeKi5VPQt0Ubcv8cLxuR5S8YdsC5j0mS373WuN/dMuLE4uKFYvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUc5E1e0I8bE7XbmUl82NWZFUYhKkwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMjMx
MzYyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzNjMwMzczOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATOS
2DANBgkqhkiG9w0BAQsFAAOCAQEAXQhJitC0RDuOkDm8Vrjx98zz/AG8kr80GaTE
n+oHNxGSpYejimZ2JKvH0EK+Tzha462SmDR3wvqRRXg2PAyRQz63yITorUAM2qOV
EpbWV7uoH0a4DaCMeE+dVr6xfBJpQlaeRADWjFyQ7BRATSGQp44+uunZFivN59xh
9PWPefgsz0e3oJ0pQfDjjtZLaEwNEF2B8SGf8WV3va4OsLY4XtasDMePrjxrDeZw
GU3V4rRuJtw5zt+G894e0kZ3x4HH63dOj6lTLK8VwPrSTcuCS1hcRm2nmMvEdhAV
DNoVwZAjWS6IyZQy5MEk63eLXcc7MDounna7hiXJLIXyZt09lg==
-----END CERTIFICATE-----