Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38382e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e38382e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          +9ZlUjFGDijH8b5+yzD1PMjjZdY4zblyEeoJ6+Yq2Hw=
Subject key identifier:   B8:95:1F:61:C4:28:45:47:6D:50:C1:05:B7:DD:61:F6:3D:50:2E:BC
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       56949FCA5D736204F4546ACB908100C2FFDE5873
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38382e302f32342d3234203d3e2039303039.roa
Signing time:             Mon 23 Mar 2026 11:46:52 +0000
ROA not before:           Mon 23 Mar 2026 11:41:52 +0000
ROA not after:            Mon 22 Mar 2027 11:46:52 +0000
asID:                     9009
IP address blocks:        213.139.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:94:9f:ca:5d:73:62:04:f4:54:6a:cb:90:81:00:c2:ff:de:58:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 23 11:41:52 2026 GMT
            Not After : Mar 22 11:46:52 2027 GMT
        Subject: CN=B8951F61C42845476D50C105B7DD61F63D502EBC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:be:70:7b:a2:97:7f:c4:9f:45:df:52:31:a3:
                    bf:ab:c3:e5:85:be:0c:51:6b:bb:9f:25:13:d6:dc:
                    31:df:ac:a3:47:aa:18:18:af:ff:84:0e:19:fb:be:
                    56:63:41:ca:1a:f4:b8:c6:7e:03:c2:96:15:67:85:
                    6c:db:3f:f2:e8:75:18:21:4a:c0:d5:3f:2e:1a:76:
                    9d:ec:26:29:e1:69:2b:92:ae:70:d1:82:00:0b:0e:
                    1c:f0:28:00:91:17:3f:68:1a:b7:b5:9a:d0:4d:57:
                    70:8d:ae:a2:16:1b:7e:fd:6a:38:1e:d1:56:7c:88:
                    ae:8e:38:5b:c1:7b:16:6e:b6:fd:55:08:c9:9d:e9:
                    8e:1c:55:2c:de:61:eb:ac:fa:b2:be:48:90:cf:a6:
                    c0:46:23:93:5f:7c:cc:a4:40:e5:f1:18:67:36:a0:
                    44:80:62:b8:02:49:db:61:01:e3:e1:07:d2:a2:a5:
                    06:9c:ab:5e:0a:03:c1:fd:6c:e6:e8:82:58:e7:b5:
                    6f:6f:c4:a8:a2:6f:6f:55:51:46:df:d7:ff:91:5f:
                    f7:9f:04:58:51:09:df:fe:99:7c:0d:b1:c3:65:6e:
                    ea:88:49:b3:25:0c:7c:e7:99:e9:7b:ea:bf:65:54:
                    f7:8d:09:88:db:af:9d:87:af:08:1f:b7:37:b0:c4:
                    d7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:95:1F:61:C4:28:45:47:6D:50:C1:05:B7:DD:61:F6:3D:50:2E:BC
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38382e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:88:83:f0:a5:ee:31:38:a0:04:2d:6a:fe:d7:47:ff:ac:81:
         19:f1:a0:7c:43:5c:9d:79:c3:77:c2:1a:fd:7b:95:4d:ba:a7:
         61:a5:d7:91:33:ec:6c:86:be:5e:8a:1a:cd:52:9b:98:4f:e2:
         8f:d6:e2:22:68:aa:b5:1e:4d:cc:98:9f:cd:81:a0:69:f4:da:
         c0:4a:a2:0d:44:56:5e:2e:6a:cb:c8:b8:b4:d1:68:51:d2:7c:
         2b:eb:8a:4a:63:19:b9:9f:5f:db:73:1a:02:b7:d1:9d:1f:a6:
         b0:48:ab:b4:16:8b:01:6e:1f:20:7b:d2:d4:e0:2b:1b:fb:45:
         2d:89:bd:ea:a6:53:2e:cb:f4:22:3e:66:05:fe:56:9f:0f:1f:
         5b:1d:1d:05:04:f4:13:5e:d9:fc:c9:c3:10:d4:08:85:00:1e:
         77:1f:9a:3c:78:b3:3b:39:0d:89:26:ca:3d:84:a9:78:ec:00:
         7c:03:b6:e7:dd:84:ba:2e:06:73:4e:1a:5f:94:1d:f3:fe:bc:
         82:2d:d2:ea:e2:6c:d5:1d:44:07:11:19:34:3e:c0:64:d6:96:
         00:1d:98:c5:2f:57:d6:1b:fe:51:68:74:34:a2:13:1c:35:16:
         5d:43:9c:f0:cf:f9:0c:d9:2c:86:78:67:93:e6:3b:e6:f9:34:
         59:21:24:f0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVpSfyl1zYgT0VGrLkIEAwv/eWHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjMxMTQxNTJaFw0yNzAzMjIxMTQ2NTJaMDMxMTAvBgNV
BAMTKEI4OTUxRjYxQzQyODQ1NDc2RDUwQzEwNUI3REQ2MUY2M0Q1MDJFQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCevnB7opd/xJ9F31Ixo7+rw+WF
vgxRa7ufJRPW3DHfrKNHqhgYr/+EDhn7vlZjQcoa9LjGfgPClhVnhWzbP/LodRgh
SsDVPy4adp3sJinhaSuSrnDRggALDhzwKACRFz9oGre1mtBNV3CNrqIWG379ajge
0VZ8iK6OOFvBexZutv1VCMmd6Y4cVSzeYeus+rK+SJDPpsBGI5NffMykQOXxGGc2
oESAYrgCSdthAePhB9KipQacq14KA8H9bObogljntW9vxKiib29VUUbf1/+RX/ef
BFhRCd/+mXwNscNlbuqISbMlDHznmel76r9lVPeNCYjbr52HrwgftzewxNcLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUuJUfYcQoRUdtUMEFt91h9j1QLrwwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WDANBgkqhkiG9w0BAQsFAAOCAQEAioiD8KXuMTigBC1q/tdH/6yBGfGgfENcnXnD
d8Ia/XuVTbqnYaXXkTPsbIa+XooazVKbmE/ij9biImiqtR5NzJifzYGgafTawEqi
DURWXi5qy8i4tNFoUdJ8K+uKSmMZuZ9f23MaArfRnR+msEirtBaLAW4fIHvS1OAr
G/tFLYm96qZTLsv0Ij5mBf5Wnw8fWx0dBQT0E17Z/MnDENQIhQAedx+aPHizOzkN
iSbKPYSpeOwAfAO2592Eui4Gc04aX5Qd8/68gi3S6uJs1R1EBxEZND7AZNaWAB2Y
xS9X1hv+UWh0NKITHDUWXUOc8M/5DNkshnhnk+Y75vk0WSEk8A==
-----END CERTIFICATE-----