Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35362e302f32342d3234203d3e2036303739.roa
File:                     35312e3139342e35362e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          0jOTOzTsAvGFPn0BNsmJel5lvoDvWa8/zrsEZTajH20=
Subject key identifier:   3A:1E:2D:65:0C:E7:79:A4:A7:89:07:4C:7F:A5:66:48:97:9A:03:FA
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       4BA60C25D721095DE0C791CCEB7321E01F97BD5E
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35362e302f32342d3234203d3e2036303739.roa
Signing time:             Wed 25 Mar 2026 07:48:29 +0000
ROA not before:           Wed 25 Mar 2026 07:43:29 +0000
ROA not after:            Wed 24 Mar 2027 07:48:29 +0000
asID:                     6079
IP address blocks:        51.194.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:a6:0c:25:d7:21:09:5d:e0:c7:91:cc:eb:73:21:e0:1f:97:bd:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 07:43:29 2026 GMT
            Not After : Mar 24 07:48:29 2027 GMT
        Subject: CN=3A1E2D650CE779A4A789074C7FA56648979A03FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b0:2c:5c:94:b1:cb:b7:ef:47:fd:55:51:0b:
                    66:d1:97:1d:e4:55:c1:00:cc:85:87:07:5d:7d:4e:
                    30:f9:b1:0c:59:55:89:32:a7:23:17:35:4a:0f:a9:
                    62:39:b2:2b:f7:68:e7:07:f4:2a:64:83:36:01:95:
                    bb:05:24:1c:9f:6c:d6:3a:29:70:33:b4:9e:02:47:
                    4d:6c:cb:70:fe:b0:f7:9d:b6:f9:62:d3:c3:c7:6d:
                    3e:7c:c8:82:a4:1d:23:44:37:97:b7:76:8f:7f:61:
                    26:71:ee:d6:70:69:89:d5:0a:9f:ed:f1:f9:5c:48:
                    fa:9f:a2:6d:bf:c2:3e:c3:76:74:65:1b:e1:cc:8c:
                    23:97:40:b8:95:1d:13:18:e1:bf:43:49:da:2d:56:
                    cc:93:ad:b9:72:d5:45:d2:8b:54:92:7b:d8:32:f5:
                    25:f8:57:28:25:4d:15:71:65:4c:26:51:a4:c8:28:
                    30:d2:31:d0:b4:16:1c:ac:67:84:ad:39:c0:1b:59:
                    d3:15:2e:f4:c8:2e:70:78:13:c4:99:3e:2b:8c:06:
                    27:b9:03:57:39:35:5a:19:5d:a6:c3:a7:e3:6b:e9:
                    2c:3b:6f:53:2f:bc:db:94:c5:9b:04:de:8b:63:3e:
                    f8:e1:ba:ef:ef:22:5d:33:38:a1:03:06:34:c6:b0:
                    59:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:1E:2D:65:0C:E7:79:A4:A7:89:07:4C:7F:A5:66:48:97:9A:03:FA
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35362e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:34:74:d7:b5:77:36:e9:31:69:22:16:ef:c9:b9:9e:b5:72:
         df:0b:e6:ce:2e:b5:7d:e0:1c:f9:c2:1c:90:ca:da:77:3e:9f:
         af:55:7b:a9:a3:67:1f:99:0b:ed:c7:37:d5:95:e6:05:3d:d5:
         93:7d:73:b1:3f:6d:1d:bc:81:2c:c4:fa:ae:07:7a:bb:06:67:
         19:53:07:8c:7c:77:f7:22:0a:47:ca:96:0b:e3:95:e3:f9:23:
         e4:6e:3d:93:7e:46:b6:9e:15:26:9a:53:06:2a:d3:24:f7:85:
         31:b7:53:37:f4:91:d4:6c:7f:ae:3f:a4:be:f3:98:bf:25:6b:
         04:5d:d6:2d:6a:f8:d8:d8:85:c8:9a:5d:22:8a:f3:ca:88:18:
         1b:dd:62:62:8e:f8:11:2a:97:9a:77:a7:bd:0e:fa:63:75:aa:
         c7:31:10:3b:2e:27:47:c2:60:38:08:9b:3f:b8:87:96:d5:a8:
         ac:a1:a6:d4:61:3e:2e:5b:f2:f0:19:64:88:04:1a:b8:ec:e6:
         45:1a:8a:09:1d:e5:74:bd:9d:7e:76:17:fb:6a:c7:2e:9b:00:
         a9:c0:41:17:e3:86:7c:4d:b9:0f:28:98:86:f9:bc:d8:23:85:
         6a:ef:b0:78:13:af:e5:da:d7:a9:bb:5a:2a:c9:db:f4:09:ec:
         f2:6e:82:09
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUS6YMJdchCV3gx5HM63Mh4B+XvV4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwNzQzMjlaFw0yNzAzMjQwNzQ4MjlaMDMxMTAvBgNV
BAMTKDNBMUUyRDY1MENFNzc5QTRBNzg5MDc0QzdGQTU2NjQ4OTc5QTAzRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvsCxclLHLt+9H/VVRC2bRlx3k
VcEAzIWHB119TjD5sQxZVYkypyMXNUoPqWI5siv3aOcH9CpkgzYBlbsFJByfbNY6
KXAztJ4CR01sy3D+sPedtvli08PHbT58yIKkHSNEN5e3do9/YSZx7tZwaYnVCp/t
8flcSPqfom2/wj7DdnRlG+HMjCOXQLiVHRMY4b9DSdotVsyTrbly1UXSi1SSe9gy
9SX4VyglTRVxZUwmUaTIKDDSMdC0FhysZ4StOcAbWdMVLvTILnB4E8SZPiuMBie5
A1c5NVoZXabDp+Nr6Sw7b1MvvNuUxZsE3otjPvjhuu/vIl0zOKEDBjTGsFnbAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUOh4tZQzneaSniQdMf6VmSJeaA/owHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzOTM0MmUzNTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAzwjgw
DQYJKoZIhvcNAQELBQADggEBADo0dNe1dzbpMWkiFu/JuZ61ct8L5s4utX3gHPnC
HJDK2nc+n69Ve6mjZx+ZC+3HN9WV5gU91ZN9c7E/bR28gSzE+q4HersGZxlTB4x8
d/ciCkfKlgvjleP5I+RuPZN+RraeFSaaUwYq0yT3hTG3Uzf0kdRsf64/pL7zmL8l
awRd1i1q+NjYhciaXSKK88qIGBvdYmKO+BEql5p3p70O+mN1qscxEDsuJ0fCYDgI
mz+4h5bVqKyhptRhPi5b8vAZZIgEGrjs5kUaigkd5XS9nX52F/tqxy6bAKnAQRfj
hnxNuQ8omIb5vNgjhWrvsHgTr+Xa16m7WirJ2/QJ7PJuggk=
-----END CERTIFICATE-----