Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e302e302f32312d3234203d3e203131343236.roa
File:                     35312e3139342e302e302f32312d3234203d3e203131343236.roa (raw, json)
Hash identifier:          4IQtiQckKasNp5aHIzEjusFPOVcyIsbSVoUG8Hi6zRs=
Subject key identifier:   18:69:05:CB:63:8B:D9:04:4F:05:BB:55:0A:3D:40:A0:14:7D:B6:7B
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       258A0BB546EEACD0B47585FA5974DC84C9E0A590
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e302e302f32312d3234203d3e203131343236.roa
Signing time:             Mon 16 Mar 2026 21:48:29 +0000
ROA not before:           Mon 16 Mar 2026 21:43:29 +0000
ROA not after:            Mon 15 Mar 2027 21:48:29 +0000
asID:                     11426
IP address blocks:        51.194.0.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:8a:0b:b5:46:ee:ac:d0:b4:75:85:fa:59:74:dc:84:c9:e0:a5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 16 21:43:29 2026 GMT
            Not After : Mar 15 21:48:29 2027 GMT
        Subject: CN=186905CB638BD9044F05BB550A3D40A0147DB67B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ad:e6:d9:85:54:ed:4e:e2:3b:2e:f0:a7:f2:
                    86:67:43:6b:28:59:83:ee:a5:0c:fc:72:86:f0:65:
                    c7:7c:fc:de:19:20:7a:b7:15:68:73:71:94:82:82:
                    d2:14:7d:fc:e7:eb:50:a9:9f:24:56:2b:bd:62:e6:
                    21:e3:70:57:43:77:ca:b1:8d:b8:d4:2c:1c:ca:d5:
                    70:27:2f:07:79:db:b2:98:76:81:c1:25:e8:7f:74:
                    9e:ba:bd:ec:57:81:fe:23:a3:3f:53:fc:77:c3:c3:
                    ec:b4:fb:cc:d8:49:c3:15:9a:90:49:dd:f0:91:09:
                    38:f0:04:67:60:65:30:72:65:3c:17:53:34:bf:77:
                    f1:f3:b6:ad:37:38:c8:6d:9c:51:33:9b:59:51:b9:
                    5a:1f:a3:47:0f:05:9c:f3:57:74:a7:4a:fe:cc:ce:
                    32:d9:55:e0:41:56:35:3a:07:07:4d:99:da:a9:cd:
                    49:5f:45:ce:ad:60:99:b5:db:6b:aa:cd:95:c4:0d:
                    c1:f1:51:1f:ea:81:62:f2:71:25:66:42:f8:d4:a9:
                    66:eb:5b:9d:3b:d8:f4:d0:44:7c:eb:82:9f:45:2d:
                    b8:55:04:5f:ff:ab:2f:df:3b:eb:a7:71:71:50:9c:
                    aa:b1:79:86:c9:fb:ca:9e:1d:37:b6:14:97:77:a0:
                    3f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:69:05:CB:63:8B:D9:04:4F:05:BB:55:0A:3D:40:A0:14:7D:B6:7B
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e302e302f32312d3234203d3e203131343236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9d:3c:a0:e2:51:0d:a8:ea:d2:7e:79:91:a6:af:9c:ab:12:3d:
         0e:27:72:ee:32:85:d8:fc:65:03:3a:4f:c9:03:23:81:82:e4:
         8d:d6:a7:0c:56:3d:fa:9a:70:30:71:fc:b9:a7:21:57:83:b6:
         4d:9a:bc:3a:aa:10:1a:f6:99:d0:e1:5b:d7:67:bf:1a:50:a5:
         22:76:10:dd:37:2a:6b:ef:61:8d:c0:71:ad:86:1c:2c:68:fc:
         05:79:8b:46:a3:29:b8:3c:78:8a:6c:94:08:8f:95:a3:77:79:
         86:06:3e:f6:17:cd:72:21:20:fb:cd:fc:3f:f2:3d:6d:99:31:
         b7:26:cd:c5:33:9b:51:90:64:b0:82:6b:df:e5:1e:d8:d4:83:
         ae:be:aa:67:0a:8b:60:ab:86:16:13:3c:06:39:2a:a0:e6:b8:
         0f:56:f2:75:08:e8:bf:6b:75:05:a1:8c:6c:4b:ef:f1:4c:0a:
         90:42:be:d7:16:7e:71:d7:fb:ae:80:0e:a1:fa:8c:cc:f2:b5:
         ed:c0:14:ed:fe:5d:ae:ae:4c:de:cc:53:f5:81:af:3b:35:7f:
         6c:13:76:2b:92:1d:43:ab:65:1c:e4:64:f0:db:e4:2b:9c:95:
         86:b4:20:19:ea:5a:35:24:6f:b5:8c:f8:07:32:16:f6:4b:86:
         91:33:49:4d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJYoLtUburNC0dYX6WXTchMngpZAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMTYyMTQzMjlaFw0yNzAzMTUyMTQ4MjlaMDMxMTAvBgNV
BAMTKDE4NjkwNUNCNjM4QkQ5MDQ0RjA1QkI1NTBBM0Q0MEEwMTQ3REI2N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirebZhVTtTuI7LvCn8oZnQ2so
WYPupQz8cobwZcd8/N4ZIHq3FWhzcZSCgtIUffzn61CpnyRWK71i5iHjcFdDd8qx
jbjULBzK1XAnLwd527KYdoHBJeh/dJ66vexXgf4joz9T/HfDw+y0+8zYScMVmpBJ
3fCRCTjwBGdgZTByZTwXUzS/d/Hztq03OMhtnFEzm1lRuVofo0cPBZzzV3SnSv7M
zjLZVeBBVjU6BwdNmdqpzUlfRc6tYJm122uqzZXEDcHxUR/qgWLycSVmQvjUqWbr
W5072PTQRHzrgp9FLbhVBF//qy/fO+uncXFQnKqxeYbJ+8qeHTe2FJd3oD+dAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUGGkFy2OL2QRPBbtVCj1AoBR9tnswHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzOTM0MmUzMDJl
MzAyZjMyMzEyZDMyMzQyMDNkM2UyMDMxMzEzNDMyMzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAMzwgAw
DQYJKoZIhvcNAQELBQADggEBAJ08oOJRDajq0n55kaavnKsSPQ4ncu4yhdj8ZQM6
T8kDI4GC5I3WpwxWPfqacDBx/LmnIVeDtk2avDqqEBr2mdDhW9dnvxpQpSJ2EN03
KmvvYY3Aca2GHCxo/AV5i0ajKbg8eIpslAiPlaN3eYYGPvYXzXIhIPvN/D/yPW2Z
MbcmzcUzm1GQZLCCa9/lHtjUg66+qmcKi2CrhhYTPAY5KqDmuA9W8nUI6L9rdQWh
jGxL7/FMCpBCvtcWfnHX+66ADqH6jMzyte3AFO3+Xa6uTN7MU/WBrzs1f2wTdiuS
HUOrZRzkZPDb5CuclYa0IBnqWjUkb7WM+AcyFvZLhpEzSU0=
-----END CERTIFICATE-----