Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38372e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38372e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          MNLBCqMmK/mGKn+arx3sMtp4e+thFoWGhi8ivlTfj0U=
Subject key identifier:   5C:9D:89:B0:A3:D0:9D:E6:2D:C3:7B:8C:C4:F0:49:CD:3C:8D:5A:02
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       09E4E592137E21BC299404BFC597CF41159BF7EE
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38372e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 23 Mar 2026 11:46:51 +0000
ROA not before:           Mon 23 Mar 2026 11:41:51 +0000
ROA not after:            Mon 22 Mar 2027 11:46:51 +0000
asID:                     9009
IP address blocks:        213.139.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:e4:e5:92:13:7e:21:bc:29:94:04:bf:c5:97:cf:41:15:9b:f7:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 23 11:41:51 2026 GMT
            Not After : Mar 22 11:46:51 2027 GMT
        Subject: CN=5C9D89B0A3D09DE62DC37B8CC4F049CD3C8D5A02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:72:f0:7e:e8:d0:2e:f1:70:da:37:46:9c:95:
                    4d:52:4d:af:de:39:cd:13:6b:10:85:7d:16:7f:b9:
                    00:47:4f:41:fe:7b:0e:8c:d4:9d:40:2a:f6:f0:fe:
                    65:f8:8e:e6:c6:57:2e:05:fe:3b:3d:cc:f7:37:f9:
                    c6:5c:af:3a:da:1a:46:fc:98:d7:49:85:80:b9:91:
                    a7:56:87:85:a5:70:60:47:df:ac:d8:4c:02:25:2e:
                    ab:4e:f5:7d:a9:ba:94:1e:a6:42:45:cf:6c:05:31:
                    f1:65:99:53:71:1f:bb:9f:5b:48:eb:59:3d:b2:00:
                    2e:e2:2b:ac:3c:9c:fd:49:1e:28:82:d8:4e:31:fe:
                    3a:f7:9d:25:43:16:18:58:a4:56:a0:2a:61:57:b5:
                    bd:37:fd:03:50:c2:21:46:20:8e:64:2b:ff:a0:76:
                    1b:4d:ab:8e:5d:db:4f:f9:c4:29:de:69:6d:09:58:
                    ec:f1:8b:66:49:19:54:2e:08:6c:e5:42:bd:86:bc:
                    3f:1f:6e:14:c8:66:2f:d2:7b:73:f1:06:a4:e8:9b:
                    bb:e9:a5:f7:f1:b7:e2:5a:14:c0:fb:4c:55:ee:d8:
                    53:d1:26:2e:ae:04:12:80:ca:33:87:3e:eb:a7:59:
                    7f:fb:e0:dd:5c:6a:34:71:af:50:c9:1b:a3:df:69:
                    60:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:9D:89:B0:A3:D0:9D:E6:2D:C3:7B:8C:C4:F0:49:CD:3C:8D:5A:02
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38372e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:b6:3f:e4:fd:cf:a2:5f:5b:d5:a8:3f:62:3b:87:67:0e:df:
         6c:1d:ce:60:c6:34:38:9f:99:61:58:80:55:29:94:cd:10:e2:
         0c:17:bd:7d:46:9d:07:03:da:56:7b:28:89:eb:8b:61:f9:83:
         06:0e:3d:58:8b:24:9f:12:bc:02:af:05:60:7f:68:96:cb:ca:
         3c:d3:dc:73:bf:ab:b5:57:86:75:63:42:a2:c3:1d:2e:35:ce:
         83:94:24:fd:11:6a:dc:1b:c1:db:d4:25:bf:69:36:21:4b:65:
         7b:ea:bf:12:97:b1:1d:42:3f:57:ed:8e:18:20:c1:64:42:17:
         2d:55:68:48:a3:d3:36:55:a7:5f:3a:43:b3:5c:6f:f9:31:02:
         98:c0:be:84:d1:80:1a:ed:19:06:c8:91:1e:74:5e:17:2f:4f:
         5b:86:e1:59:10:13:1b:ea:9e:55:57:0e:97:89:83:20:f9:34:
         fe:cb:ca:f3:2b:1c:69:2e:32:b7:bb:67:62:6b:85:b6:68:a5:
         22:cd:2c:fa:d4:22:ec:51:d3:5c:5e:79:2e:4b:de:2a:5a:47:
         d3:5c:f0:8c:97:a5:1b:4b:01:bd:31:a1:16:48:b4:e3:59:fe:
         77:c8:36:19:69:c3:df:be:73:8c:ef:77:36:a9:20:84:34:0d:
         00:76:0e:23
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUCeTlkhN+IbwplAS/xZfPQRWb9+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjMxMTQxNTFaFw0yNzAzMjIxMTQ2NTFaMDMxMTAvBgNV
BAMTKDVDOUQ4OUIwQTNEMDlERTYyREMzN0I4Q0M0RjA0OUNEM0M4RDVBMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGcvB+6NAu8XDaN0aclU1STa/e
Oc0TaxCFfRZ/uQBHT0H+ew6M1J1AKvbw/mX4jubGVy4F/js9zPc3+cZcrzraGkb8
mNdJhYC5kadWh4WlcGBH36zYTAIlLqtO9X2pupQepkJFz2wFMfFlmVNxH7ufW0jr
WT2yAC7iK6w8nP1JHiiC2E4x/jr3nSVDFhhYpFagKmFXtb03/QNQwiFGII5kK/+g
dhtNq45d20/5xCneaW0JWOzxi2ZJGVQuCGzlQr2GvD8fbhTIZi/Se3PxBqTom7vp
pffxt+JaFMD7TFXu2FPRJi6uBBKAyjOHPuunWX/74N1cajRxr1DJG6PfaWBXAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUXJ2JsKPQneYtw3uMxPBJzTyNWgIwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
VzANBgkqhkiG9w0BAQsFAAOCAQEAH7Y/5P3Pol9b1ag/YjuHZw7fbB3OYMY0OJ+Z
YViAVSmUzRDiDBe9fUadBwPaVnsoieuLYfmDBg49WIsknxK8Aq8FYH9olsvKPNPc
c7+rtVeGdWNCosMdLjXOg5Qk/RFq3BvB29Qlv2k2IUtle+q/EpexHUI/V+2OGCDB
ZEIXLVVoSKPTNlWnXzpDs1xv+TECmMC+hNGAGu0ZBsiRHnReFy9PW4bhWRATG+qe
VVcOl4mDIPk0/svK8yscaS4yt7tnYmuFtmilIs0s+tQi7FHTXF55LkveKlpH01zw
jJelG0sBvTGhFki041n+d8g2GWnD375zjO93NqkghDQNAHYOIw==
-----END CERTIFICATE-----