Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35332e302f32342d3234203d3e2036303739.roa
File:                     35312e3139342e35332e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          iB552V1hVOV7zti7/BpYZ2qZeWsjvnkwqNs5sqW19Hg=
Subject key identifier:   B5:83:DF:3B:18:BD:3B:BA:DC:3B:07:C5:C7:8E:36:3B:0F:98:F0:CD
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5B8094E7548052ADCFCDDE9CFDAE28EB3B818DA3
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35332e302f32342d3234203d3e2036303739.roa
Signing time:             Wed 25 Mar 2026 07:48:26 +0000
ROA not before:           Wed 25 Mar 2026 07:43:26 +0000
ROA not after:            Wed 24 Mar 2027 07:48:26 +0000
asID:                     6079
IP address blocks:        51.194.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:80:94:e7:54:80:52:ad:cf:cd:de:9c:fd:ae:28:eb:3b:81:8d:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 07:43:26 2026 GMT
            Not After : Mar 24 07:48:26 2027 GMT
        Subject: CN=B583DF3B18BD3BBADC3B07C5C78E363B0F98F0CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fe:12:7f:f7:14:42:19:d2:b3:05:fe:b3:fd:
                    c6:0b:8a:58:19:5d:64:73:fa:c6:ca:3d:b6:c8:03:
                    63:db:e6:41:d4:cb:3a:94:b5:a7:75:91:9a:01:1c:
                    8f:0d:c2:bf:b6:dd:a1:29:4f:55:65:d0:04:4a:a2:
                    8d:1e:2f:7b:da:52:84:5b:97:07:0d:a8:5f:67:14:
                    dc:cf:41:c8:87:46:a8:9d:fd:49:2e:17:c5:5d:d1:
                    68:22:5d:6d:e8:53:cd:d2:52:fc:73:b8:b7:4a:2f:
                    da:da:a5:08:56:96:f8:6c:ce:30:8c:2d:8d:95:ce:
                    a1:b8:ec:57:dc:0b:b1:8f:0b:8f:74:30:83:7c:9f:
                    be:14:b3:02:09:8a:5f:de:79:e2:7a:f4:f0:14:d8:
                    f0:62:12:e7:e9:2d:73:4d:12:e5:06:e1:c6:1a:bf:
                    68:c3:72:6a:d2:39:9d:be:39:e0:0f:ea:59:72:aa:
                    af:e3:a8:9e:c2:56:31:ab:86:24:56:91:ee:ee:d0:
                    df:e3:f6:b4:15:6b:6a:ad:1a:03:28:14:92:ad:ad:
                    25:1b:80:d3:56:e7:33:dc:0a:13:6c:2e:73:44:60:
                    9e:b4:00:1b:49:d2:c3:ec:d8:c2:be:d2:0b:90:b5:
                    fb:b7:d5:0f:fc:be:9a:ca:dd:96:73:dd:20:06:14:
                    09:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:83:DF:3B:18:BD:3B:BA:DC:3B:07:C5:C7:8E:36:3B:0F:98:F0:CD
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35332e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:af:ff:2b:b4:57:4d:50:02:b3:f6:fa:88:7e:e4:49:77:7c:
         12:c7:48:38:f0:e7:20:94:cb:18:fc:e4:73:7e:a6:fa:03:d4:
         59:cd:7d:b3:97:34:b7:38:73:63:13:12:25:e0:94:bb:dc:eb:
         b3:8d:e4:5b:d1:cf:b0:cb:74:e5:9a:10:28:87:cc:41:20:cf:
         69:ba:73:2a:03:21:48:61:70:54:4d:e1:4c:87:82:0d:84:01:
         da:df:3b:f8:32:db:65:9b:03:d7:7b:75:92:95:ce:88:73:56:
         2b:66:6f:4b:8d:1b:d7:34:a5:9e:bc:5d:09:f7:2a:18:10:03:
         61:c8:5c:f2:f7:09:2f:23:87:04:db:d6:16:62:c7:79:9d:41:
         3b:ba:92:35:33:78:39:9c:6a:44:9e:1e:ec:8d:dc:44:79:d5:
         0a:16:b7:a2:4b:b7:98:a4:29:06:0f:b9:3a:3c:d6:8b:78:18:
         fd:e2:09:5b:cf:3d:1b:aa:61:05:b2:2f:e2:d9:06:2b:8d:89:
         e5:96:46:6e:e8:51:a4:8b:9b:23:53:80:76:b2:10:6c:1a:7f:
         08:a2:0c:36:c4:29:79:5e:15:70:7c:b2:c9:ec:47:3c:2d:1a:
         5a:05:f4:0d:4f:08:01:fa:25:71:dc:3d:04:9e:1a:ce:2e:89:
         89:e6:c4:26
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUW4CU51SAUq3Pzd6c/a4o6zuBjaMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwNzQzMjZaFw0yNzAzMjQwNzQ4MjZaMDMxMTAvBgNV
BAMTKEI1ODNERjNCMThCRDNCQkFEQzNCMDdDNUM3OEUzNjNCMEY5OEYwQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3/hJ/9xRCGdKzBf6z/cYLilgZ
XWRz+sbKPbbIA2Pb5kHUyzqUtad1kZoBHI8Nwr+23aEpT1Vl0ARKoo0eL3vaUoRb
lwcNqF9nFNzPQciHRqid/UkuF8Vd0WgiXW3oU83SUvxzuLdKL9rapQhWlvhszjCM
LY2VzqG47FfcC7GPC490MIN8n74UswIJil/eeeJ69PAU2PBiEufpLXNNEuUG4cYa
v2jDcmrSOZ2+OeAP6llyqq/jqJ7CVjGrhiRWke7u0N/j9rQVa2qtGgMoFJKtrSUb
gNNW5zPcChNsLnNEYJ60ABtJ0sPs2MK+0guQtfu31Q/8vprK3ZZz3SAGFAkTAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUtYPfOxi9O7rcOwfFx442Ow+Y8M0wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzOTM0MmUzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAzwjUw
DQYJKoZIhvcNAQELBQADggEBAHOv/yu0V01QArP2+oh+5El3fBLHSDjw5yCUyxj8
5HN+pvoD1FnNfbOXNLc4c2MTEiXglLvc67ON5FvRz7DLdOWaECiHzEEgz2m6cyoD
IUhhcFRN4UyHgg2EAdrfO/gy22WbA9d7dZKVzohzVitmb0uNG9c0pZ68XQn3KhgQ
A2HIXPL3CS8jhwTb1hZix3mdQTu6kjUzeDmcakSeHuyN3ER51QoWt6JLt5ikKQYP
uTo81ot4GP3iCVvPPRuqYQWyL+LZBiuNieWWRm7oUaSLmyNTgHayEGwafwiiDDbE
KXleFXB8ssnsRzwtGloF9A1PCAH6JXHcPQSeGs4uiYnmxCY=
-----END CERTIFICATE-----