Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35342e302f32342d3234203d3e2036303739.roa
File:                     35312e3139342e35342e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          VNIwREcue49g5t9m7ghBupyROh0qvAT9WWRdUUE6AVY=
Subject key identifier:   55:50:7D:81:CA:0E:2D:31:D6:FA:C6:0A:81:2C:9E:3A:4D:48:20:C3
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       381B074E4251097E371A86843427BBEE6DE08084
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35342e302f32342d3234203d3e2036303739.roa
Signing time:             Wed 25 Mar 2026 07:48:27 +0000
ROA not before:           Wed 25 Mar 2026 07:43:27 +0000
ROA not after:            Wed 24 Mar 2027 07:48:27 +0000
asID:                     6079
IP address blocks:        51.194.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:1b:07:4e:42:51:09:7e:37:1a:86:84:34:27:bb:ee:6d:e0:80:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 07:43:27 2026 GMT
            Not After : Mar 24 07:48:27 2027 GMT
        Subject: CN=55507D81CA0E2D31D6FAC60A812C9E3A4D4820C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1d:4c:63:77:14:8e:ff:f5:cd:5d:5f:9a:02:
                    ee:09:c2:b2:7b:e1:09:ba:cb:9b:25:95:a6:d9:c3:
                    f9:19:bb:2b:24:1b:33:55:dd:03:16:53:2e:f9:ed:
                    77:e0:3c:64:18:09:98:0a:93:84:49:de:9c:04:22:
                    8a:a0:0c:6c:fd:8a:2a:51:57:d2:62:e1:df:54:3d:
                    47:b5:69:91:63:b6:ec:a8:e8:c0:f0:9c:1d:ef:75:
                    ad:54:c5:1e:e9:f3:ef:63:b9:70:40:47:48:7e:26:
                    b0:82:32:3e:f3:48:60:84:2f:7d:5d:6c:1b:84:c1:
                    d1:bc:71:c9:5c:9f:fc:d2:20:96:8b:88:b8:ac:8f:
                    0d:8e:86:f3:6f:94:02:6f:c9:f0:1f:90:67:a6:1d:
                    21:6f:ae:b0:dd:be:b1:86:17:4a:df:db:e1:ec:d1:
                    c8:c9:ba:d7:78:d6:7c:76:6d:3e:79:aa:84:cb:80:
                    b9:a9:51:3b:e1:14:32:60:c6:d5:9c:3d:0f:b6:9c:
                    03:04:ca:6b:37:91:81:ac:a0:a6:91:0c:32:75:b3:
                    9e:10:78:3a:8d:93:2e:7c:fb:d2:ba:4f:69:08:0d:
                    de:de:2c:1e:0d:e3:b6:2e:a8:f9:80:60:8a:68:8c:
                    1d:b2:88:94:a9:42:b3:af:76:7e:7d:ba:ec:93:24:
                    c5:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:50:7D:81:CA:0E:2D:31:D6:FA:C6:0A:81:2C:9E:3A:4D:48:20:C3
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35342e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ee:20:31:5f:e4:7f:8d:3d:89:f9:95:b7:7f:90:3d:2d:be:
         d1:b9:e5:cb:ca:01:cb:bb:60:6a:90:48:14:1b:db:18:41:eb:
         82:3e:17:82:f3:bd:3c:70:c2:a9:b6:03:ad:06:c2:30:96:63:
         e0:ce:62:19:1a:a4:25:0a:38:08:d5:12:0c:18:4b:ad:b9:7a:
         a5:fd:39:3a:c1:87:d4:8c:36:8b:19:76:a7:b7:aa:fd:97:06:
         d9:74:8a:da:4f:55:8e:92:f1:a1:fb:14:bf:f5:b1:d8:2e:f6:
         ce:d7:54:7f:ef:21:83:3c:dd:9d:d0:05:22:a3:25:95:c3:b1:
         cb:c4:6a:c8:21:81:83:63:84:40:85:ae:7c:e1:01:52:32:53:
         0d:99:f3:71:74:5e:21:61:b3:c5:ae:b2:46:c1:04:dd:6f:ee:
         a9:09:4b:d9:8e:66:a0:e9:c0:1f:cc:f2:91:ca:2c:e7:e9:36:
         b9:06:93:24:bc:0e:0b:60:d4:dc:d5:39:85:3c:41:b8:d4:70:
         fe:9a:91:71:fe:8b:f8:77:39:5b:41:0d:ec:d1:da:f2:62:2a:
         da:fc:97:73:c7:e9:d4:a5:bc:6f:98:87:d4:93:3e:90:87:81:
         3b:14:f4:90:0d:59:84:3e:ad:89:87:f9:f1:13:17:3e:14:7d:
         15:23:b7:10
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOBsHTkJRCX43GoaENCe77m3ggIQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwNzQzMjdaFw0yNzAzMjQwNzQ4MjdaMDMxMTAvBgNV
BAMTKDU1NTA3RDgxQ0EwRTJEMzFENkZBQzYwQTgxMkM5RTNBNEQ0ODIwQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWHUxjdxSO//XNXV+aAu4JwrJ7
4Qm6y5sllabZw/kZuyskGzNV3QMWUy757XfgPGQYCZgKk4RJ3pwEIoqgDGz9iipR
V9Ji4d9UPUe1aZFjtuyo6MDwnB3vda1UxR7p8+9juXBAR0h+JrCCMj7zSGCEL31d
bBuEwdG8cclcn/zSIJaLiLisjw2OhvNvlAJvyfAfkGemHSFvrrDdvrGGF0rf2+Hs
0cjJutd41nx2bT55qoTLgLmpUTvhFDJgxtWcPQ+2nAMEyms3kYGsoKaRDDJ1s54Q
eDqNky58+9K6T2kIDd7eLB4N47YuqPmAYIpojB2yiJSpQrOvdn59uuyTJMWHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUVVB9gcoOLTHW+sYKgSyeOk1IIMMwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzOTM0MmUzNTM0
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAzwjYw
DQYJKoZIhvcNAQELBQADggEBAHHuIDFf5H+NPYn5lbd/kD0tvtG55cvKAcu7YGqQ
SBQb2xhB64I+F4LzvTxwwqm2A60GwjCWY+DOYhkapCUKOAjVEgwYS625eqX9OTrB
h9SMNosZdqe3qv2XBtl0itpPVY6S8aH7FL/1sdgu9s7XVH/vIYM83Z3QBSKjJZXD
scvEasghgYNjhECFrnzhAVIyUw2Z83F0XiFhs8WuskbBBN1v7qkJS9mOZqDpwB/M
8pHKLOfpNrkGkyS8Dgtg1NzVOYU8QbjUcP6akXH+i/h3OVtBDezR2vJiKtr8l3PH
6dSlvG+Yh9STPpCHgTsU9JANWYQ+rYmH+fETFz4UfRUjtxA=
-----END CERTIFICATE-----