Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38342e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          JEuERYX+zmY14zA8MGqIEE+WMqqmJly2u5v4u9LNrmQ=
Subject key identifier:   A6:D5:1C:59:0E:04:30:3A:4A:28:6C:91:F2:0B:6D:3E:1C:DE:53:50
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       1D832369EBBEE576363CC1D995C2425C6856E541
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa
Signing time:             Fri 20 Mar 2026 16:46:50 +0000
ROA not before:           Fri 20 Mar 2026 16:41:50 +0000
ROA not after:            Fri 19 Mar 2027 16:46:50 +0000
asID:                     9009
IP address blocks:        213.139.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:83:23:69:eb:be:e5:76:36:3c:c1:d9:95:c2:42:5c:68:56:e5:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 20 16:41:50 2026 GMT
            Not After : Mar 19 16:46:50 2027 GMT
        Subject: CN=A6D51C590E04303A4A286C91F20B6D3E1CDE5350
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e8:0d:e9:8f:e1:d3:23:a1:e1:40:ae:44:c2:
                    31:e6:91:f1:5c:48:8c:f0:0f:36:8f:6f:ef:00:8e:
                    7e:ab:a1:0a:0f:26:b9:41:b4:a5:16:c8:bc:a2:d2:
                    5f:f0:3d:1b:ad:fb:fd:e0:c1:a9:cd:0d:d9:e8:f4:
                    a3:10:19:ac:26:35:32:da:bc:24:a0:7d:22:b3:1c:
                    af:cb:bb:6f:c5:3d:38:0a:7f:bf:be:bc:a1:50:d1:
                    16:65:fb:ac:cc:75:0a:ae:45:35:74:34:da:27:b1:
                    41:ec:c5:e2:35:da:cf:26:f5:69:f4:06:98:be:47:
                    37:97:01:97:e9:d9:62:ba:6b:3d:ae:0f:7e:21:5f:
                    3f:cc:17:9e:8b:e1:80:d6:52:11:03:93:a7:75:1b:
                    65:4a:dd:69:dc:2d:0f:8d:3a:8e:2e:de:cf:05:9a:
                    f3:9e:d3:ab:96:e3:63:36:5a:df:8d:fe:a4:fc:f7:
                    b5:67:f9:95:85:a1:4b:18:82:0b:30:eb:38:2e:74:
                    94:a1:80:5c:6a:a5:23:e2:ab:0a:81:74:aa:80:ba:
                    e7:63:02:9b:8a:63:cd:36:13:bb:c4:a7:86:ef:17:
                    31:d2:61:f4:a0:78:99:2f:93:77:ad:ec:9f:d9:d0:
                    b0:df:e3:e1:08:0d:1b:0d:21:f3:8c:b4:97:49:02:
                    65:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:D5:1C:59:0E:04:30:3A:4A:28:6C:91:F2:0B:6D:3E:1C:DE:53:50
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38342e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:0c:56:8a:bf:7a:2e:f0:98:af:1f:20:5e:31:31:36:71:e0:
         53:8f:6d:03:ed:e2:91:25:74:8e:d6:49:b7:23:07:80:f7:97:
         30:56:6f:a6:ab:9d:1d:5a:0a:c5:92:c2:c1:f6:5e:6f:7f:fe:
         10:f8:5e:ca:48:b3:6e:d8:ee:9a:bc:81:13:4c:27:14:dc:32:
         ca:ab:ae:3a:5c:40:7f:18:ec:a7:95:65:17:4a:78:42:cd:00:
         95:3a:af:5b:9f:ff:fd:d5:41:22:84:56:9e:d6:1c:4c:01:83:
         80:e7:7d:38:bd:88:d9:1f:f1:ac:bb:c4:44:1e:7e:9c:19:ee:
         78:2f:cc:e9:8b:a5:86:22:f7:cb:27:83:f6:2a:f4:bb:bb:c6:
         53:e1:d6:95:76:a6:65:a0:35:ed:c7:34:4e:4f:ee:5d:d8:2c:
         ad:48:0a:68:28:d9:a7:d9:eb:f8:23:cf:25:f0:bd:1d:cf:af:
         26:78:dc:f8:c9:92:db:6f:44:d5:98:87:6e:1c:40:20:4f:60:
         b6:e9:be:3b:60:f3:4b:05:7a:2d:c1:78:9e:37:c2:c3:19:c8:
         97:1d:02:ec:a0:99:6c:db:fb:cc:e1:1c:19:5e:77:d9:5e:36:
         5d:11:b9:b6:73:82:52:3a:ef:1e:9a:b9:dd:62:88:cc:72:fe:
         18:8c:f0:bd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUHYMjaeu+5XY2PMHZlcJCXGhW5UEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjAxNjQxNTBaFw0yNzAzMTkxNjQ2NTBaMDMxMTAvBgNV
BAMTKEE2RDUxQzU5MEUwNDMwM0E0QTI4NkM5MUYyMEI2RDNFMUNERTUzNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV6A3pj+HTI6HhQK5EwjHmkfFc
SIzwDzaPb+8Ajn6roQoPJrlBtKUWyLyi0l/wPRut+/3gwanNDdno9KMQGawmNTLa
vCSgfSKzHK/Lu2/FPTgKf7++vKFQ0RZl+6zMdQquRTV0NNonsUHsxeI12s8m9Wn0
Bpi+RzeXAZfp2WK6az2uD34hXz/MF56L4YDWUhEDk6d1G2VK3WncLQ+NOo4u3s8F
mvOe06uW42M2Wt+N/qT897Vn+ZWFoUsYggsw6zgudJShgFxqpSPiqwqBdKqAuudj
ApuKY802E7vEp4bvFzHSYfSgeJkvk3et7J/Z0LDf4+EIDRsNIfOMtJdJAmVbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUptUcWQ4EMDpKKGyR8gttPhzeU1AwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VDANBgkqhkiG9w0BAQsFAAOCAQEADAxWir96LvCYrx8gXjExNnHgU49tA+3ikSV0
jtZJtyMHgPeXMFZvpqudHVoKxZLCwfZeb3/+EPheykizbtjumryBE0wnFNwyyquu
OlxAfxjsp5VlF0p4Qs0AlTqvW5///dVBIoRWntYcTAGDgOd9OL2I2R/xrLvERB5+
nBnueC/M6YulhiL3yyeD9ir0u7vGU+HWlXamZaA17cc0Tk/uXdgsrUgKaCjZp9nr
+CPPJfC9Hc+vJnjc+MmS229E1ZiHbhxAIE9gtum+O2DzSwV6LcF4njfCwxnIlx0C
7KCZbNv7zOEcGV532V42XRG5tnOCUjrvHpq53WKIzHL+GIzwvQ==
-----END CERTIFICATE-----