Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3232302e302f32322d3234203d3e20383334.roa
File:                     35312e3134362e3232302e302f32322d3234203d3e20383334.roa (raw, json)
Hash identifier:          p5S4SCAjiUYB/Hc0b0clQ5wGcd6InyEW0WOxTqSYnO0=
Subject key identifier:   B6:A1:86:97:1D:8D:A5:F1:1A:2D:A2:C4:A8:B2:53:FA:25:BB:AF:19
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5455854F0275C81125C10E263542560AA5A2AD40
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3232302e302f32322d3234203d3e20383334.roa
Signing time:             Fri 20 Mar 2026 12:54:25 +0000
ROA not before:           Fri 20 Mar 2026 12:49:25 +0000
ROA not after:            Fri 19 Mar 2027 12:54:25 +0000
asID:                     834
IP address blocks:        51.146.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:55:85:4f:02:75:c8:11:25:c1:0e:26:35:42:56:0a:a5:a2:ad:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 20 12:49:25 2026 GMT
            Not After : Mar 19 12:54:25 2027 GMT
        Subject: CN=B6A186971D8DA5F11A2DA2C4A8B253FA25BBAF19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cb:54:bb:16:3b:aa:4a:d3:a1:43:fa:e0:99:
                    e0:67:2e:8c:44:93:a1:f1:c3:f2:2f:7d:dc:8a:a0:
                    b2:61:ca:3c:e4:9c:36:85:e1:6e:93:a5:52:5c:2a:
                    96:e0:c4:05:76:b8:a1:3e:44:23:cf:c9:6c:00:1f:
                    4a:c0:4f:e5:84:e7:9d:c3:8d:63:70:bf:50:2a:80:
                    e1:8e:14:87:06:da:40:9b:a5:e4:43:1e:91:0f:d0:
                    87:f6:f6:e5:66:59:9a:5d:54:df:b9:17:40:b5:94:
                    d5:f5:59:f5:eb:1d:2f:7d:67:85:60:fb:40:16:77:
                    f7:1a:7d:43:43:3b:fb:9f:fa:25:2c:64:16:62:80:
                    95:0d:8a:2c:9f:e4:5f:be:f1:f3:83:a4:91:69:07:
                    fe:46:23:4e:2f:7f:93:91:80:6f:7e:45:95:3f:3b:
                    e5:d5:ce:8d:26:67:18:bf:99:20:e0:ce:f0:f6:9e:
                    3f:91:47:6f:ff:0f:04:07:10:96:bb:12:98:77:3b:
                    7f:1d:22:26:4e:f5:55:57:78:93:79:c2:e8:bd:a8:
                    1b:00:10:b4:13:22:e5:8d:d3:b2:6d:46:93:61:db:
                    21:e4:61:92:03:69:85:02:c6:24:f8:d8:b3:ff:8b:
                    c4:7c:f3:41:c6:c9:9f:43:d4:32:41:00:63:f1:ef:
                    f6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A1:86:97:1D:8D:A5:F1:1A:2D:A2:C4:A8:B2:53:FA:25:BB:AF:19
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3134362e3232302e302f32322d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:0e:0c:c4:5b:d5:bc:62:f2:24:e9:e7:18:34:eb:57:b9:fa:
         89:43:1b:d6:c7:42:34:8c:26:71:98:87:15:90:bb:ad:01:fc:
         c8:85:60:0a:32:34:0c:8a:08:5f:db:6f:6d:56:7d:2d:76:8a:
         94:84:5d:5c:5e:f9:77:55:aa:6b:99:d8:88:e9:37:c0:da:e8:
         9f:d9:3e:76:f8:bc:cf:17:a7:d0:61:d3:d9:a8:86:56:a0:9b:
         41:31:21:58:60:c4:fb:12:85:92:b1:6e:2f:00:ed:cf:fb:b7:
         63:3f:8e:9f:6a:69:91:bd:4f:59:e8:6d:a7:c1:3d:2e:da:85:
         5c:ce:f6:6c:ce:8c:da:ba:e2:21:fb:99:3c:40:05:93:2c:e0:
         52:d6:45:d2:3f:6e:f7:07:72:40:d7:73:d3:ad:c0:b3:76:10:
         f0:0e:bf:8d:7c:8b:c2:b5:66:a4:8d:68:7e:73:b6:af:44:57:
         59:c3:02:db:5e:92:d9:23:4e:73:62:66:7d:58:3a:50:17:37:
         8e:8d:cf:0a:4b:ef:0c:c0:d7:e5:88:86:c8:ab:24:bc:56:55:
         0c:de:3f:ce:1f:de:1c:44:65:5e:26:d4:41:58:30:fe:22:7d:
         a8:2b:80:d5:64:d0:8b:28:20:7b:c5:89:2a:f4:2e:98:bc:9e:
         09:82:11:3d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVFWFTwJ1yBElwQ4mNUJWCqWirUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjAxMjQ5MjVaFw0yNzAzMTkxMjU0MjVaMDMxMTAvBgNV
BAMTKEI2QTE4Njk3MUQ4REE1RjExQTJEQTJDNEE4QjI1M0ZBMjVCQkFGMTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9y1S7FjuqStOhQ/rgmeBnLoxE
k6Hxw/IvfdyKoLJhyjzknDaF4W6TpVJcKpbgxAV2uKE+RCPPyWwAH0rAT+WE553D
jWNwv1AqgOGOFIcG2kCbpeRDHpEP0If29uVmWZpdVN+5F0C1lNX1WfXrHS99Z4Vg
+0AWd/cafUNDO/uf+iUsZBZigJUNiiyf5F++8fODpJFpB/5GI04vf5ORgG9+RZU/
O+XVzo0mZxi/mSDgzvD2nj+RR2//DwQHEJa7Eph3O38dIiZO9VVXeJN5wui9qBsA
ELQTIuWN07JtRpNh2yHkYZIDaYUCxiT42LP/i8R880HGyZ9D1DJBAGPx7/YlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtqGGlx2NpfEaLaLEqLJT+iW7rxkwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzNDM2MmUzMjMy
MzAyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIzktww
DQYJKoZIhvcNAQELBQADggEBAEMODMRb1bxi8iTp5xg061e5+olDG9bHQjSMJnGY
hxWQu60B/MiFYAoyNAyKCF/bb21WfS12ipSEXVxe+XdVqmuZ2IjpN8Da6J/ZPnb4
vM8Xp9Bh09mohlagm0ExIVhgxPsShZKxbi8A7c/7t2M/jp9qaZG9T1nobafBPS7a
hVzO9mzOjNq64iH7mTxABZMs4FLWRdI/bvcHckDXc9OtwLN2EPAOv418i8K1ZqSN
aH5ztq9EV1nDAttektkjTnNiZn1YOlAXN46NzwpL7wzA1+WIhsirJLxWVQzeP84f
3hxEZV4m1EFYMP4ifagrgNVk0IsoIHvFiSr0Lpi8ngmCET0=
-----END CERTIFICATE-----