Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39312e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39312e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          YdmUivZOiB+z6zp254vUpjVQR2cGS4KwZb90oR6ZVsM=
Subject key identifier:   0F:B4:E0:56:B4:C9:BE:57:21:2F:EB:C8:F3:A1:73:F4:0A:F3:79:D1
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       30FDD50BC08A18AACAB8A7A29D9AF9D23C9924A5
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39312e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 24 Mar 2026 09:46:53 +0000
ROA not before:           Tue 24 Mar 2026 09:41:53 +0000
ROA not after:            Tue 23 Mar 2027 09:46:53 +0000
asID:                     9009
IP address blocks:        213.139.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:fd:d5:0b:c0:8a:18:aa:ca:b8:a7:a2:9d:9a:f9:d2:3c:99:24:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 24 09:41:53 2026 GMT
            Not After : Mar 23 09:46:53 2027 GMT
        Subject: CN=0FB4E056B4C9BE57212FEBC8F3A173F40AF379D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0c:b3:08:ba:f1:22:62:59:0c:2e:f9:d4:db:
                    6a:b9:a8:7d:3a:fb:bc:66:ef:a5:21:2a:8d:8c:b2:
                    73:c5:42:30:a9:9b:a0:6a:21:a5:0f:a4:64:cc:5f:
                    a2:5b:bd:a5:f5:ac:a2:d8:76:64:9d:e4:4d:f6:f1:
                    b8:aa:6a:30:80:fb:65:d1:db:e9:e5:44:6b:40:0d:
                    cc:0f:ab:9a:c3:5f:49:bb:b1:ba:34:0b:dd:55:a2:
                    56:c5:31:89:f4:7c:1c:16:30:f3:bc:e1:6e:82:a6:
                    e0:d9:b6:94:ed:9b:01:9e:d0:e8:c1:b2:eb:4e:22:
                    4d:dd:30:04:fa:41:c7:c8:e1:6d:a1:c7:32:a9:99:
                    b4:e3:c0:ec:83:d9:17:f3:5e:c5:b6:a1:27:84:d0:
                    86:ad:80:56:8d:0d:9b:e5:31:14:3f:b2:31:b7:f2:
                    a9:e2:c7:58:2d:45:c0:4d:0a:53:ce:f5:99:fb:22:
                    c1:23:4e:7a:b6:0c:8f:aa:e5:de:2f:96:f6:8a:ee:
                    ba:50:00:ed:bf:e5:c5:04:af:5c:5b:6c:bc:0e:5f:
                    6b:a1:16:63:a4:56:bc:3b:09:f8:ad:2d:cf:c1:ad:
                    73:74:28:7b:83:20:53:65:16:1a:be:8d:c6:f7:55:
                    3d:b0:97:6d:63:6b:a5:b2:15:bc:18:21:78:88:28:
                    76:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B4:E0:56:B4:C9:BE:57:21:2F:EB:C8:F3:A1:73:F4:0A:F3:79:D1
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39312e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:65:91:bc:1e:88:48:e9:55:96:94:2e:e0:b0:2d:6f:d6:5e:
         7a:41:e7:fa:11:09:6d:49:61:c8:db:a9:ea:9c:7f:bb:ae:0b:
         00:fd:3a:f6:7d:d0:52:13:db:72:6a:c0:22:10:a1:a0:2e:0f:
         6c:40:74:a0:ca:a9:74:e0:a4:0d:52:d3:df:8b:a2:98:ca:c8:
         c2:fb:6e:23:97:a9:38:43:7a:42:8c:d9:8e:fe:8c:f4:d6:c3:
         cd:96:05:3a:10:13:57:b5:84:a5:e3:d6:e7:a6:b3:16:28:ad:
         d7:76:9e:15:e8:4b:9d:9d:92:8f:e4:ed:46:9e:43:2f:35:e7:
         5a:f4:ea:2b:c7:99:a4:f8:a1:3a:23:25:07:f1:22:9e:3c:d0:
         2d:d4:39:03:1e:14:73:40:3e:8b:a3:24:4e:73:17:e7:06:98:
         84:49:be:5d:d1:d4:de:c0:02:3c:c5:e5:57:f0:29:30:db:42:
         55:89:4a:6f:c7:19:ae:bf:dd:78:f0:63:77:2a:1a:e1:e8:4e:
         6e:83:ea:ac:4d:42:02:97:c4:99:df:40:62:31:c5:f6:76:b6:
         9f:ef:00:9f:b2:7d:f1:1b:ab:9d:34:11:0a:94:47:53:ca:fd:
         e7:d0:e0:0f:f0:55:8d:45:20:38:8d:e7:d2:2b:60:13:83:a4:
         b8:b5:05:11
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUMP3VC8CKGKrKuKeinZr50jyZJKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjQwOTQxNTNaFw0yNzAzMjMwOTQ2NTNaMDMxMTAvBgNV
BAMTKDBGQjRFMDU2QjRDOUJFNTcyMTJGRUJDOEYzQTE3M0Y0MEFGMzc5RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDLMIuvEiYlkMLvnU22q5qH06
+7xm76UhKo2MsnPFQjCpm6BqIaUPpGTMX6JbvaX1rKLYdmSd5E328biqajCA+2XR
2+nlRGtADcwPq5rDX0m7sbo0C91VolbFMYn0fBwWMPO84W6CpuDZtpTtmwGe0OjB
sutOIk3dMAT6QcfI4W2hxzKpmbTjwOyD2RfzXsW2oSeE0IatgFaNDZvlMRQ/sjG3
8qnix1gtRcBNClPO9Zn7IsEjTnq2DI+q5d4vlvaK7rpQAO2/5cUEr1xbbLwOX2uh
FmOkVrw7CfitLc/BrXN0KHuDIFNlFhq+jcb3VT2wl21ja6WyFbwYIXiIKHYHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUD7TgVrTJvlchL+vI86Fz9ArzedEwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
WzANBgkqhkiG9w0BAQsFAAOCAQEAMGWRvB6ISOlVlpQu4LAtb9ZeekHn+hEJbUlh
yNup6px/u64LAP069n3QUhPbcmrAIhChoC4PbEB0oMqpdOCkDVLT34uimMrIwvtu
I5epOEN6QozZjv6M9NbDzZYFOhATV7WEpePW56azFiit13aeFehLnZ2Sj+TtRp5D
LzXnWvTqK8eZpPihOiMlB/EinjzQLdQ5Ax4Uc0A+i6MkTnMX5waYhEm+XdHU3sAC
PMXlV/ApMNtCVYlKb8cZrr/dePBjdyoa4ehOboPqrE1CApfEmd9AYjHF9na2n+8A
n7J98RurnTQRCpRHU8r959DgD/BVjUUgOI3n0itgE4OkuLUFEQ==
-----END CERTIFICATE-----