Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38362e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          NJOowo5VUyyKfXn6pnDF/Tz4fWJEVeCOza5neOzvfGM=
Subject key identifier:   18:27:92:C1:72:8F:3F:82:5D:B5:B6:36:97:AC:3D:0E:02:67:C0:85
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       8FC6892F5F43B96865967E4224579F45606E4C
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 23 Mar 2026 11:46:52 +0000
ROA not before:           Mon 23 Mar 2026 11:41:52 +0000
ROA not after:            Mon 22 Mar 2027 11:46:52 +0000
asID:                     9009
IP address blocks:        213.139.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            8f:c6:89:2f:5f:43:b9:68:65:96:7e:42:24:57:9f:45:60:6e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 23 11:41:52 2026 GMT
            Not After : Mar 22 11:46:52 2027 GMT
        Subject: CN=182792C1728F3F825DB5B63697AC3D0E0267C085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1b:35:2c:e2:cd:ef:66:fa:f3:1e:01:19:d5:
                    6a:95:ae:e5:bc:38:66:23:bf:90:67:49:44:a7:72:
                    f8:29:77:ef:56:ea:a2:8a:1e:62:bb:5f:65:9b:12:
                    2d:ea:c0:8a:1c:bd:af:05:c7:e5:a6:b3:93:15:8c:
                    8e:9d:1e:b4:a2:c3:72:29:25:dc:01:eb:9c:f4:45:
                    b5:1c:17:59:6f:e5:99:8a:ee:27:f0:31:72:7d:64:
                    70:ae:07:2b:66:36:a3:1e:48:48:c6:da:4b:fb:1e:
                    90:6b:94:5b:81:d8:93:67:f2:66:82:4d:5f:13:d6:
                    be:e2:3a:e1:33:00:a5:bf:da:03:a6:9b:1d:c4:4b:
                    40:e2:e4:98:18:33:54:b9:ea:26:44:c6:56:64:d6:
                    6d:d0:44:44:ca:33:0f:55:d2:99:20:e2:2a:9c:9e:
                    3f:21:c4:cb:a2:24:22:32:60:14:da:39:c5:01:1f:
                    87:f8:6c:37:a0:9d:ed:d6:f3:82:6c:e4:07:2d:e7:
                    a1:6b:84:87:93:51:8d:c1:ee:3c:1c:6e:1a:ae:68:
                    99:44:26:1f:94:8e:22:0a:1f:79:16:2b:e1:98:6f:
                    4a:ac:9d:db:a2:f7:9c:24:b2:fb:c9:f6:cb:e1:6d:
                    db:75:7e:07:90:fe:b5:b5:c9:ac:26:7a:33:22:c4:
                    c6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:27:92:C1:72:8F:3F:82:5D:B5:B6:36:97:AC:3D:0E:02:67:C0:85
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38362e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:96:c8:92:a5:54:41:96:e6:54:6b:b3:5b:47:61:09:b7:26:
         c0:15:ae:5c:32:26:dc:1c:da:08:55:ec:ec:ab:e0:20:5a:e0:
         ed:62:84:e4:94:31:5f:60:5a:27:ab:dc:b9:22:d5:53:b6:3d:
         3d:cb:40:18:54:00:ad:b3:a3:5a:fa:d0:8d:0b:29:85:50:d9:
         0e:35:6e:fd:e4:e1:48:3b:5a:c8:42:b3:69:6f:fb:0c:bb:f1:
         64:a4:ed:4c:dc:bd:38:73:bd:c2:83:56:f5:2e:95:dc:37:6f:
         67:f8:cf:83:94:c3:3f:db:0f:fc:10:5a:95:f8:89:93:8d:9a:
         ee:c8:45:12:e0:78:80:d5:f9:e2:e4:f0:e8:12:d8:22:9d:f9:
         dd:1c:d7:a7:9c:05:94:14:56:b5:87:be:66:43:83:be:14:92:
         50:4f:7a:f1:fc:34:68:e3:81:a0:32:a7:6f:5c:1e:c5:c2:70:
         19:4c:25:2b:da:3c:8b:10:e9:fd:58:87:c1:63:d5:03:6b:f1:
         db:90:f9:80:66:a7:49:9e:a4:29:ca:ef:25:bc:47:58:bb:58:
         5c:bb:81:7b:2a:55:f2:f1:e6:f1:5d:c9:75:57:92:e3:97:b0:
         a7:33:33:99:a4:4a:eb:5d:f7:78:c0:0c:f8:f9:ab:a9:72:c1:
         dc:31:f9:bf
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAI/GiS9fQ7loZZZ+QiRXn0VgbkwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjMxMTQxNTJaFw0yNzAzMjIxMTQ2NTJaMDMxMTAvBgNV
BAMTKDE4Mjc5MkMxNzI4RjNGODI1REI1QjYzNjk3QUMzRDBFMDI2N0MwODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMGzUs4s3vZvrzHgEZ1WqVruW8
OGYjv5BnSUSncvgpd+9W6qKKHmK7X2WbEi3qwIocva8Fx+Wms5MVjI6dHrSiw3Ip
JdwB65z0RbUcF1lv5ZmK7ifwMXJ9ZHCuBytmNqMeSEjG2kv7HpBrlFuB2JNn8maC
TV8T1r7iOuEzAKW/2gOmmx3ES0Di5JgYM1S56iZExlZk1m3QRETKMw9V0pkg4iqc
nj8hxMuiJCIyYBTaOcUBH4f4bDegne3W84Js5Act56FrhIeTUY3B7jwcbhquaJlE
Jh+UjiIKH3kWK+GYb0qsndui95wksvvJ9svhbdt1fgeQ/rW1yawmejMixMb7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUGCeSwXKPP4JdtbY2l6w9DgJnwIUwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VjANBgkqhkiG9w0BAQsFAAOCAQEAQ5bIkqVUQZbmVGuzW0dhCbcmwBWuXDIm3Bza
CFXs7KvgIFrg7WKE5JQxX2BaJ6vcuSLVU7Y9PctAGFQArbOjWvrQjQsphVDZDjVu
/eThSDtayEKzaW/7DLvxZKTtTNy9OHO9woNW9S6V3DdvZ/jPg5TDP9sP/BBalfiJ
k42a7shFEuB4gNX54uTw6BLYIp353RzXp5wFlBRWtYe+ZkODvhSSUE968fw0aOOB
oDKnb1wexcJwGUwlK9o8ixDp/ViHwWPVA2vx25D5gGanSZ6kKcrvJbxHWLtYXLuB
eypV8vHm8V3JdVeS45ewpzMzmaRK6133eMAM+PmrqXLB3DH5vw==
-----END CERTIFICATE-----