Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39302e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39302e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          CavYIrZSFhZfgGj2RhsuO+5dyTDRj7K4lMIF+18l9zg=
Subject key identifier:   CE:B6:15:10:29:6B:07:D7:DC:56:9A:E2:AD:0D:AB:CA:2E:DA:3A:A1
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       7655736229E47E1D8E24730D9CC9B6E2C6C262C3
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39302e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 24 Mar 2026 09:46:53 +0000
ROA not before:           Tue 24 Mar 2026 09:41:53 +0000
ROA not after:            Tue 23 Mar 2027 09:46:53 +0000
asID:                     9009
IP address blocks:        213.139.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:55:73:62:29:e4:7e:1d:8e:24:73:0d:9c:c9:b6:e2:c6:c2:62:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 24 09:41:53 2026 GMT
            Not After : Mar 23 09:46:53 2027 GMT
        Subject: CN=CEB61510296B07D7DC569AE2AD0DABCA2EDA3AA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cc:96:e4:bc:77:df:56:64:2a:b1:b6:65:02:
                    51:93:de:6b:b8:c2:d4:12:ac:48:c3:18:0a:68:a0:
                    b6:65:b7:a9:87:6a:2b:3e:9d:7b:d6:22:a1:d1:d5:
                    25:60:b6:6e:84:d4:97:13:5b:03:83:b5:9c:52:91:
                    c4:88:d4:3f:1a:22:78:6b:dd:92:11:19:11:57:c8:
                    18:19:0b:fa:8e:1a:ef:cc:33:8e:38:05:67:ed:59:
                    9f:d0:6e:92:71:fd:55:a3:e6:dd:b0:bc:c4:5e:32:
                    ab:0b:57:71:81:da:cf:aa:ef:68:23:97:78:41:22:
                    f0:25:25:0d:84:1e:9e:b3:27:b0:6c:9f:10:53:96:
                    ae:61:aa:92:a7:68:5a:b5:8a:e5:82:4a:64:ae:85:
                    d1:e0:eb:25:6a:cc:31:ae:d6:f2:66:c9:dd:83:02:
                    a1:96:28:56:de:98:7b:41:57:5c:06:49:dd:af:6a:
                    42:c1:76:25:23:ed:28:b1:0f:db:31:17:86:2f:38:
                    e9:4e:cf:b2:bf:42:ea:4e:0e:02:30:56:2c:c2:eb:
                    a3:18:dd:bd:73:4e:ec:2e:f1:83:1f:b1:04:e4:41:
                    21:ee:c5:65:a0:2b:0d:80:45:35:4d:56:e3:ff:c6:
                    78:c4:05:73:68:98:0f:55:8e:d2:8d:80:82:70:f6:
                    2f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B6:15:10:29:6B:07:D7:DC:56:9A:E2:AD:0D:AB:CA:2E:DA:3A:A1
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39302e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:2a:70:b7:1d:5e:01:f3:16:e7:b5:67:67:b1:f3:d8:75:84:
         1b:73:b9:ec:a1:13:a3:f0:9e:25:1b:f4:eb:98:ab:18:7f:b6:
         d0:88:1d:cd:4d:98:68:3b:e4:70:55:2c:fe:fa:25:2a:45:2d:
         41:aa:62:32:45:03:a8:9f:cb:c8:da:46:18:09:ff:a5:35:6a:
         3d:7f:fe:24:31:88:dc:27:67:46:e9:6d:2f:56:2b:16:92:a4:
         60:c2:b8:e4:8a:64:a5:97:95:a5:6e:4a:8a:26:00:08:3d:7d:
         f1:24:13:70:a7:e2:bd:ca:9d:53:88:52:44:fb:87:48:ed:b5:
         f2:86:6c:74:51:00:e3:00:1b:da:80:5e:ed:8a:db:07:89:51:
         cc:0f:7c:d7:79:28:61:eb:c6:06:b6:6e:f8:e0:3a:73:71:d9:
         88:4b:5d:fe:11:c9:7a:a2:65:2f:12:6c:e2:c5:d8:80:93:20:
         68:96:93:cf:d5:1b:8e:98:d8:d5:47:24:9a:47:78:76:26:2b:
         17:b8:78:bf:dd:08:0d:b6:4e:57:2d:8e:3b:e5:09:ff:05:11:
         64:a9:b3:13:21:01:39:d8:7c:09:08:73:4b:c7:c0:22:0e:cb:
         56:ee:23:fa:e1:1d:a2:98:25:9a:05:a4:84:fc:00:3b:f3:0e:
         28:ff:15:d0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdlVzYinkfh2OJHMNnMm24sbCYsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjQwOTQxNTNaFw0yNzAzMjMwOTQ2NTNaMDMxMTAvBgNV
BAMTKENFQjYxNTEwMjk2QjA3RDdEQzU2OUFFMkFEMERBQkNBMkVEQTNBQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/zJbkvHffVmQqsbZlAlGT3mu4
wtQSrEjDGApooLZlt6mHais+nXvWIqHR1SVgtm6E1JcTWwODtZxSkcSI1D8aInhr
3ZIRGRFXyBgZC/qOGu/MM444BWftWZ/QbpJx/VWj5t2wvMReMqsLV3GB2s+q72gj
l3hBIvAlJQ2EHp6zJ7BsnxBTlq5hqpKnaFq1iuWCSmSuhdHg6yVqzDGu1vJmyd2D
AqGWKFbemHtBV1wGSd2vakLBdiUj7SixD9sxF4YvOOlOz7K/QupODgIwVizC66MY
3b1zTuwu8YMfsQTkQSHuxWWgKw2ARTVNVuP/xnjEBXNomA9VjtKNgIJw9i9DAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUzrYVEClrB9fcVprirQ2ryi7aOqEwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WjANBgkqhkiG9w0BAQsFAAOCAQEAoypwtx1eAfMW57VnZ7Hz2HWEG3O57KETo/Ce
JRv065irGH+20IgdzU2YaDvkcFUs/volKkUtQapiMkUDqJ/LyNpGGAn/pTVqPX/+
JDGI3CdnRultL1YrFpKkYMK45IpkpZeVpW5KiiYACD198SQTcKfivcqdU4hSRPuH
SO218oZsdFEA4wAb2oBe7YrbB4lRzA9813koYevGBrZu+OA6c3HZiEtd/hHJeqJl
LxJs4sXYgJMgaJaTz9UbjpjY1Uckmkd4diYrF7h4v90IDbZOVy2OO+UJ/wURZKmz
EyEBOdh8CQhzS8fAIg7LVu4j+uEdopglmgWkhPwAO/MOKP8V0A==
-----END CERTIFICATE-----