Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35382e302f32342d3234203d3e2036303739.roa
File:                     35312e3139342e35382e302f32342d3234203d3e2036303739.roa (raw, json)
Hash identifier:          LvW8dEBBcOC8K/FTh35DpYhXax09WBFqLr1ZPcj7n2s=
Subject key identifier:   D2:88:05:FE:D4:22:A4:3D:3E:DA:2F:68:39:03:45:95:13:8E:FA:4E
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       2A0A471F280F71B30E62B0195CDA0A33FD967EED
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35382e302f32342d3234203d3e2036303739.roa
Signing time:             Wed 25 Mar 2026 07:48:31 +0000
ROA not before:           Wed 25 Mar 2026 07:43:31 +0000
ROA not after:            Wed 24 Mar 2027 07:48:31 +0000
asID:                     6079
IP address blocks:        51.194.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:0a:47:1f:28:0f:71:b3:0e:62:b0:19:5c:da:0a:33:fd:96:7e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 07:43:31 2026 GMT
            Not After : Mar 24 07:48:31 2027 GMT
        Subject: CN=D28805FED422A43D3EDA2F6839034595138EFA4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:95:77:c6:c8:be:e3:d3:13:41:da:6e:71:18:
                    3e:fc:42:3e:b9:f8:5a:88:ec:bb:22:06:9f:5d:b5:
                    ef:11:16:8e:79:5d:63:73:f7:76:93:21:c2:aa:1d:
                    1d:d2:18:84:ac:0d:9b:7c:cf:c9:89:b7:ad:f7:26:
                    b9:2d:8f:94:44:d1:8c:13:85:c0:03:1a:50:98:c0:
                    82:db:fc:1d:29:c0:9c:bb:83:b5:6b:74:32:6b:3a:
                    3c:17:e2:ec:0b:a8:78:11:5f:8b:b8:71:99:a3:e7:
                    12:eb:8f:52:14:43:c4:40:62:30:c3:86:ee:80:0e:
                    6e:10:24:56:d6:01:23:39:19:12:8e:d2:49:e6:31:
                    a2:18:c2:cc:e6:dd:e6:f5:a9:d5:67:34:ac:a1:0a:
                    6d:41:e8:60:a2:88:66:c1:d9:ce:56:ed:25:0c:f6:
                    04:1f:2d:18:3e:c6:99:02:7f:39:b1:fd:6e:e3:d8:
                    42:6d:ec:11:54:b8:28:18:f0:95:a9:3f:28:0c:c6:
                    47:b2:ac:29:ac:5e:6a:3b:a3:e2:1d:d1:9c:33:d7:
                    33:27:81:9b:c3:b6:2b:6b:4c:4b:98:d1:86:c4:2b:
                    1c:52:bd:3a:af:a5:74:ff:45:a3:3b:f4:de:87:9b:
                    fb:cb:59:2c:47:67:c7:56:13:65:96:34:6e:0f:83:
                    01:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:88:05:FE:D4:22:A4:3D:3E:DA:2F:68:39:03:45:95:13:8E:FA:4E
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e35382e302f32342d3234203d3e2036303739.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:8f:ea:1a:59:41:b6:c4:fc:dd:72:62:2d:a0:21:19:77:85:
         7f:f8:67:c0:ff:44:e6:a3:08:40:e1:66:59:fa:ee:69:5a:5f:
         0f:d4:a8:61:92:7d:42:fa:5b:c6:fa:af:47:c9:4e:ef:c9:2f:
         11:e5:79:02:1e:6f:2c:8c:68:db:1c:c0:e3:68:1b:a6:db:f1:
         bd:bc:10:a9:b2:f5:8a:7d:a4:74:15:e6:ea:71:b9:65:39:48:
         0f:a1:1e:13:38:5c:43:15:60:05:2d:21:d3:15:bc:40:3c:dc:
         9e:33:a0:4e:b1:7b:65:da:fc:23:8b:fe:8e:74:81:b9:66:3f:
         a0:3f:42:5f:9b:f2:87:4d:0f:2c:3d:60:bf:4d:dc:8e:14:42:
         15:cc:97:01:d1:7a:ed:de:9a:18:08:b4:1b:1f:2e:fe:10:9d:
         af:f1:6f:51:97:1c:61:27:29:28:df:5b:3e:94:ba:c3:ad:68:
         5b:d5:23:9a:86:11:ac:f3:ae:a4:c5:6f:41:43:f8:c1:be:53:
         53:e2:80:c2:73:b4:15:8f:92:97:bf:15:b0:10:e4:5d:2c:02:
         c3:37:2c:13:ca:f2:9f:66:a1:81:c4:db:a8:94:4c:29:19:46:
         ad:d9:91:3b:3c:a8:c5:e3:40:70:7e:c5:43:18:51:2e:2f:be:
         b6:e7:59:33
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUKgpHHygPcbMOYrAZXNoKM/2Wfu0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwNzQzMzFaFw0yNzAzMjQwNzQ4MzFaMDMxMTAvBgNV
BAMTKEQyODgwNUZFRDQyMkE0M0QzRURBMkY2ODM5MDM0NTk1MTM4RUZBNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSlXfGyL7j0xNB2m5xGD78Qj65
+FqI7LsiBp9dte8RFo55XWNz93aTIcKqHR3SGISsDZt8z8mJt633Jrktj5RE0YwT
hcADGlCYwILb/B0pwJy7g7VrdDJrOjwX4uwLqHgRX4u4cZmj5xLrj1IUQ8RAYjDD
hu6ADm4QJFbWASM5GRKO0knmMaIYwszm3eb1qdVnNKyhCm1B6GCiiGbB2c5W7SUM
9gQfLRg+xpkCfzmx/W7j2EJt7BFUuCgY8JWpPygMxkeyrCmsXmo7o+Id0Zwz1zMn
gZvDtitrTEuY0YbEKxxSvTqvpXT/RaM79N6Hm/vLWSxHZ8dWE2WWNG4PgwFhAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU0ogF/tQipD0+2i9oOQNFlROO+k4wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzOTM0MmUzNTM4
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMDM3Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAzwjow
DQYJKoZIhvcNAQELBQADggEBAI2P6hpZQbbE/N1yYi2gIRl3hX/4Z8D/ROajCEDh
Zln67mlaXw/UqGGSfUL6W8b6r0fJTu/JLxHleQIebyyMaNscwONoG6bb8b28EKmy
9Yp9pHQV5upxuWU5SA+hHhM4XEMVYAUtIdMVvEA83J4zoE6xe2Xa/COL/o50gblm
P6A/Ql+b8odNDyw9YL9N3I4UQhXMlwHReu3emhgItBsfLv4Qna/xb1GXHGEnKSjf
Wz6UusOtaFvVI5qGEazzrqTFb0FD+MG+U1PigMJztBWPkpe/FbAQ5F0sAsM3LBPK
8p9moYHE26iUTCkZRq3ZkTs8qMXjQHB+xUMYUS4vvrbnWTM=
-----END CERTIFICATE-----