Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231382e302f32332d3234203d3e20383334.roa
File:                     35312e3134362e3231382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          PFBydTVapRjaotYEM+FrN47NDRpnWhR1QR/1ghVyz7w=
Subject key identifier:   97:B8:CC:44:F0:F4:CC:82:88:57:7D:7B:4C:0F:EE:2C:C1:4C:AA:DB
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       1C81716E85C13B6B05F95397AF8C163CF7168039
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231382e302f32332d3234203d3e20383334.roa
Signing time:             Fri 20 Mar 2026 12:54:25 +0000
ROA not before:           Fri 20 Mar 2026 12:49:25 +0000
ROA not after:            Fri 19 Mar 2027 12:54:25 +0000
asID:                     834
IP address blocks:        51.146.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:81:71:6e:85:c1:3b:6b:05:f9:53:97:af:8c:16:3c:f7:16:80:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 20 12:49:25 2026 GMT
            Not After : Mar 19 12:54:25 2027 GMT
        Subject: CN=97B8CC44F0F4CC8288577D7B4C0FEE2CC14CAADB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:a9:17:71:a7:6e:82:25:44:e4:44:c1:4e:c5:
                    a8:33:ee:3d:50:d0:72:be:63:a8:c8:ac:a3:6b:98:
                    4b:fc:60:92:03:e9:9e:cb:42:3d:1b:15:94:40:c6:
                    b9:5a:67:b4:45:1a:68:ce:ce:1e:26:9b:d8:4d:aa:
                    15:20:42:91:93:f8:77:6b:db:bd:d9:b7:e1:a6:34:
                    4f:18:f9:c7:1d:f8:88:33:b5:d1:7b:c4:00:bb:f6:
                    a0:ec:90:3a:d7:75:60:cb:c7:19:47:bc:e8:ac:27:
                    26:79:45:cc:09:6e:4c:9e:ff:9e:ba:52:48:6b:9b:
                    2a:20:db:0d:bd:c1:95:17:22:8c:35:32:ef:18:83:
                    da:73:8d:76:15:71:4d:cc:88:28:e8:eb:d3:f2:ce:
                    12:9f:35:59:bd:17:24:4f:87:00:27:3f:7c:a1:c3:
                    a7:97:e1:d0:3f:de:3e:e4:52:6c:8b:e7:2b:2a:af:
                    df:dd:c1:94:4b:68:8e:13:26:69:2a:45:51:a1:e8:
                    80:9f:d7:68:32:b5:36:5f:91:f9:43:5d:f6:21:47:
                    0a:46:af:c6:e4:f1:6e:6a:3d:31:05:1b:ce:f2:ba:
                    a8:31:3d:37:de:43:e8:58:02:22:e0:a8:6a:ba:27:
                    df:6f:c3:fa:11:dc:b4:d3:76:cc:80:23:66:cf:b3:
                    60:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:B8:CC:44:F0:F4:CC:82:88:57:7D:7B:4C:0F:EE:2C:C1:4C:AA:DB
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3231382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:68:a7:e2:d0:47:50:53:14:3d:f9:41:e8:2f:ca:b2:a6:75:
         38:f8:44:e6:e5:c7:dd:cd:dc:0e:05:5e:01:6d:5c:2f:d5:4e:
         f7:4d:35:48:2c:04:e7:8c:8e:12:5d:5c:dc:64:0d:b7:29:47:
         99:0d:aa:6a:6a:6b:64:93:ef:8d:f0:8a:bf:86:bc:59:c4:61:
         29:56:82:d0:87:e9:45:c5:65:3e:d1:ed:c3:19:40:0f:3f:39:
         c7:da:26:f5:bd:3c:7f:13:f9:3d:5e:34:5a:2e:ab:16:d5:b3:
         17:e0:ed:ff:cf:f2:85:bb:41:f6:d7:97:5e:81:9e:7e:84:b2:
         4f:6c:ef:a9:95:f3:14:3f:11:cf:99:6a:18:d0:43:03:bb:ea:
         16:9f:92:56:df:31:bb:88:8b:07:2d:21:2d:1a:dd:34:b8:77:
         3a:27:ac:a4:b6:48:aa:a6:09:2d:82:c0:ba:38:1a:68:f7:ea:
         61:80:e1:4e:4b:3d:4d:9e:4f:01:a3:68:08:b9:d7:7b:d5:17:
         23:34:c8:d8:74:c9:41:e4:50:97:3f:e3:7f:e6:0a:e1:e5:3f:
         a1:75:c9:18:36:48:2a:40:2f:38:da:20:60:56:bc:df:ed:7b:
         80:3d:22:15:65:85:ed:c0:12:6d:3c:18:03:a2:5c:46:be:27:
         bc:54:ca:99
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHIFxboXBO2sF+VOXr4wWPPcWgDkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjAxMjQ5MjVaFw0yNzAzMTkxMjU0MjVaMDMxMTAvBgNV
BAMTKDk3QjhDQzQ0RjBGNENDODI4ODU3N0Q3QjRDMEZFRTJDQzE0Q0FBREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhqRdxp26CJUTkRMFOxagz7j1Q
0HK+Y6jIrKNrmEv8YJID6Z7LQj0bFZRAxrlaZ7RFGmjOzh4mm9hNqhUgQpGT+Hdr
273Zt+GmNE8Y+ccd+IgztdF7xAC79qDskDrXdWDLxxlHvOisJyZ5RcwJbkye/566
Ukhrmyog2w29wZUXIow1Mu8Yg9pzjXYVcU3MiCjo69PyzhKfNVm9FyRPhwAnP3yh
w6eX4dA/3j7kUmyL5ysqr9/dwZRLaI4TJmkqRVGh6ICf12gytTZfkflDXfYhRwpG
r8bk8W5qPTEFG87yuqgxPTfeQ+hYAiLgqGq6J99vw/oR3LTTdsyAI2bPs2ClAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUl7jMRPD0zIKIV317TA/uLMFMqtswHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMjMx
MzgyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAEzktow
DQYJKoZIhvcNAQELBQADggEBAC9op+LQR1BTFD35QegvyrKmdTj4ROblx93N3A4F
XgFtXC/VTvdNNUgsBOeMjhJdXNxkDbcpR5kNqmpqa2ST743wir+GvFnEYSlWgtCH
6UXFZT7R7cMZQA8/OcfaJvW9PH8T+T1eNFouqxbVsxfg7f/P8oW7QfbXl16Bnn6E
sk9s76mV8xQ/Ec+ZahjQQwO76hafklbfMbuIiwctIS0a3TS4dzonrKS2SKqmCS2C
wLo4Gmj36mGA4U5LPU2eTwGjaAi513vVFyM0yNh0yUHkUJc/43/mCuHlP6F1yRg2
SCpALzjaIGBWvN/te4A9IhVlhe3AEm08GAOiXEa+J7xUypk=
-----END CERTIFICATE-----