Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e36302e302f32322d3234203d3e2035353131.roa
File:                     35312e3139342e36302e302f32322d3234203d3e2035353131.roa (raw, json)
Hash identifier:          zjNYKrLqzaY3AA8Qj1nunvKjkAVYkIScUepSDBhgHNY=
Subject key identifier:   32:96:36:1D:EA:6A:20:E3:34:B0:BE:4E:52:71:74:B9:2C:D3:D1:14
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       7760B9FBDDFF7C59BB1ACD28612872BA27ACF450
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e36302e302f32322d3234203d3e2035353131.roa
Signing time:             Wed 25 Mar 2026 06:39:46 +0000
ROA not before:           Wed 25 Mar 2026 06:34:46 +0000
ROA not after:            Wed 24 Mar 2027 06:39:46 +0000
asID:                     5511
IP address blocks:        51.194.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 11:13:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:60:b9:fb:dd:ff:7c:59:bb:1a:cd:28:61:28:72:ba:27:ac:f4:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Mar 25 06:34:46 2026 GMT
            Not After : Mar 24 06:39:46 2027 GMT
        Subject: CN=3296361DEA6A20E334B0BE4E527174B92CD3D114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:54:a7:35:57:61:8a:ff:b2:93:ca:77:4c:d8:
                    47:82:d9:85:da:c4:86:91:98:6c:e3:b3:da:f6:40:
                    59:4d:c7:07:05:cd:2e:14:61:3d:b4:ab:3e:5b:09:
                    3f:5f:3d:13:7f:4f:80:88:15:e4:9a:85:3b:f1:6e:
                    48:be:bc:e8:38:42:91:e4:16:aa:85:ef:4a:8e:f0:
                    c5:17:b7:4d:1c:4b:2b:3d:e8:87:e4:a0:66:0c:dd:
                    53:db:99:48:8d:ca:22:18:d9:c7:c0:66:42:72:09:
                    0e:a7:2c:0e:ea:b5:85:5e:63:93:38:e3:3b:e2:d4:
                    e5:14:9d:e3:f6:f3:1c:43:bc:67:5b:e6:1f:4c:8a:
                    6f:18:40:b6:6a:f7:8f:74:c0:40:c0:e7:3b:56:8a:
                    e6:87:a7:9d:86:0d:85:c0:ef:b0:58:93:df:73:30:
                    73:31:a7:d8:89:69:a1:93:98:66:21:c2:99:42:8b:
                    cc:23:b3:03:91:45:71:79:59:0e:1d:09:08:88:f5:
                    8d:9e:c2:d8:6f:56:f8:47:cf:42:d6:f9:db:5f:e2:
                    d2:d0:bf:1c:ac:f7:a0:43:07:c5:5d:d7:4f:27:92:
                    34:5e:d9:9e:90:43:ba:36:f3:dd:b8:02:13:4d:d3:
                    93:fd:1c:62:49:3d:e6:76:5d:a8:8b:3d:8e:c2:de:
                    d0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:96:36:1D:EA:6A:20:E3:34:B0:BE:4E:52:71:74:B9:2C:D3:D1:14
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/35312e3139342e36302e302f32322d3234203d3e2035353131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:37:f6:77:8f:27:64:76:36:3f:fb:23:e6:04:28:e3:7d:bc:
         d7:36:38:ba:58:8c:24:18:80:d6:88:6b:fa:c2:8b:73:01:2e:
         a9:35:37:87:8b:d6:78:fb:4e:e0:8f:09:4b:0a:80:a5:a6:be:
         99:48:88:bc:9c:04:e8:bb:92:d5:98:2c:e0:9b:60:a0:db:c1:
         10:ea:de:1a:58:89:75:96:ee:aa:ea:5d:e1:71:ab:4f:66:31:
         20:ef:b6:91:9a:cb:c4:59:58:c0:87:19:8f:2b:15:b7:cc:01:
         63:a3:6e:b4:ae:2f:7b:12:0e:e4:17:2c:ba:b4:0d:06:cd:de:
         91:cd:6b:b0:25:91:28:4d:94:2d:93:c4:aa:d8:0e:11:26:6c:
         bf:02:be:0e:a4:bf:b6:1f:4f:04:67:e0:e9:57:37:4c:6c:a7:
         4e:60:ad:8d:9f:75:b0:37:82:de:2d:eb:a2:52:c8:61:d3:9e:
         29:82:2a:50:dd:fe:d1:ed:90:55:3b:56:b8:b3:38:2e:81:43:
         52:d1:4d:69:da:84:b4:b5:a2:00:f4:28:5c:f9:b1:6c:ae:ac:
         ea:b7:b8:5b:70:25:f2:b2:fd:70:b7:5d:9d:e7:cd:78:a4:89:
         e5:6e:a7:4c:bd:b8:ff:ba:6b:03:79:9e:2e:bc:e7:96:ff:67:
         67:1e:56:c5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUd2C5+93/fFm7Gs0oYShyuies9FAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjAzMjUwNjM0NDZaFw0yNzAzMjQwNjM5NDZaMDMxMTAvBgNV
BAMTKDMyOTYzNjFERUE2QTIwRTMzNEIwQkU0RTUyNzE3NEI5MkNEM0QxMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbVKc1V2GK/7KTyndM2EeC2YXa
xIaRmGzjs9r2QFlNxwcFzS4UYT20qz5bCT9fPRN/T4CIFeSahTvxbki+vOg4QpHk
FqqF70qO8MUXt00cSys96IfkoGYM3VPbmUiNyiIY2cfAZkJyCQ6nLA7qtYVeY5M4
4zvi1OUUneP28xxDvGdb5h9Mim8YQLZq9490wEDA5ztWiuaHp52GDYXA77BYk99z
MHMxp9iJaaGTmGYhwplCi8wjswORRXF5WQ4dCQiI9Y2ewthvVvhHz0LW+dtf4tLQ
vxys96BDB8Vd108nkjRe2Z6QQ7o28924AhNN05P9HGJJPeZ2XaiLPY7C3tD/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUMpY2HepqIOM0sL5OUnF0uSzT0RQwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTZlNGFjODYt
MTgwMy00OTRkLThhN2ItYzA1MWE2MzEwNzUyLzAvMzUzMTJlMzEzOTM0MmUzNjMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzUzNTMxMzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIzwjww
DQYJKoZIhvcNAQELBQADggEBAH839nePJ2R2Nj/7I+YEKON9vNc2OLpYjCQYgNaI
a/rCi3MBLqk1N4eL1nj7TuCPCUsKgKWmvplIiLycBOi7ktWYLOCbYKDbwRDq3hpY
iXWW7qrqXeFxq09mMSDvtpGay8RZWMCHGY8rFbfMAWOjbrSuL3sSDuQXLLq0DQbN
3pHNa7AlkShNlC2TxKrYDhEmbL8Cvg6kv7YfTwRn4OlXN0xsp05grY2fdbA3gt4t
66JSyGHTnimCKlDd/tHtkFU7VrizOC6BQ1LRTWnahLS1ogD0KFz5sWyurOq3uFtw
JfKy/XC3XZ3nzXikieVup0y9uP+6awN5ni6855b/Z2ceVsU=
-----END CERTIFICATE-----