Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39332e302f32342d3234203d3e2039303039.roa
File:                     3231332e3133392e39332e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          0cchwdJLnMGDMK7R7/iy+DuTxrLqECv6lMhtpTOQuYc=
Subject key identifier:   36:46:01:95:8F:63:A9:01:94:69:34:B7:E5:93:7D:DB:74:0F:BB:56
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       239A46FB3F6DC8579C4BB020F0944E93CA9F6351
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39332e302f32342d3234203d3e2039303039.roa
Signing time:             Tue 24 Mar 2026 09:46:53 +0000
ROA not before:           Tue 24 Mar 2026 09:41:53 +0000
ROA not after:            Tue 23 Mar 2027 09:46:53 +0000
asID:                     9009
IP address blocks:        213.139.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:9a:46:fb:3f:6d:c8:57:9c:4b:b0:20:f0:94:4e:93:ca:9f:63:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Mar 24 09:41:53 2026 GMT
            Not After : Mar 23 09:46:53 2027 GMT
        Subject: CN=364601958F63A901946934B7E5937DDB740FBB56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0a:3e:49:6c:b2:6e:8c:d1:70:07:ea:ee:92:
                    27:26:c0:a2:13:e7:a6:e6:8a:e5:6e:f7:6f:60:a4:
                    20:c9:3e:f9:a0:21:0c:0c:e3:1e:7b:ee:8e:4f:28:
                    0b:76:b8:5c:dc:6b:ec:23:29:4e:ae:6f:c4:28:49:
                    3b:c5:d1:fb:e4:ba:d4:6c:3f:f9:f6:54:fe:94:40:
                    79:91:f8:1b:39:62:5e:37:f7:b4:a7:5f:00:51:38:
                    3b:35:fe:76:94:f8:84:59:a1:79:48:e0:51:7d:fc:
                    27:31:43:33:8a:35:4a:5d:f9:64:84:03:b6:15:c9:
                    e1:b1:69:96:a0:49:3f:1f:05:b4:d8:65:9b:f4:13:
                    8d:cf:b9:3b:64:fe:f1:66:2b:17:3e:41:ad:4f:f2:
                    27:57:f2:8e:c1:43:36:46:ce:b4:60:86:39:ef:4a:
                    74:6c:db:9c:c8:8a:a8:07:47:45:94:9c:b8:6c:b5:
                    45:e9:c2:e2:cd:3c:92:1a:29:41:c3:b3:b3:d0:a9:
                    43:96:38:d8:74:eb:f4:96:d3:c7:9b:09:86:56:a8:
                    e5:5b:b2:c8:16:15:23:c2:c7:a4:93:a9:cd:f5:d0:
                    fd:bf:35:9c:6e:a6:a8:b4:c2:ec:63:f6:52:f5:67:
                    81:2b:02:5b:51:53:1a:1b:1e:02:df:86:4f:13:a7:
                    61:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:46:01:95:8F:63:A9:01:94:69:34:B7:E5:93:7D:DB:74:0F:BB:56
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39332e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:85:ed:94:af:e7:18:f0:6e:89:98:6b:b4:8d:aa:a1:19:3e:
         54:86:4c:9a:3a:ba:20:d4:3d:dd:f8:1e:c3:51:4e:98:f0:01:
         85:d6:06:2f:65:77:22:af:ba:bc:fb:e6:d0:af:d4:3a:be:30:
         66:a4:84:bd:80:8e:d5:92:29:db:e3:dd:94:cb:cf:8f:90:3e:
         b4:f7:23:1e:b7:63:ac:61:93:79:d6:f8:b0:63:4c:c5:53:e0:
         c7:ab:0c:aa:6f:a6:8c:c6:a2:ce:6b:41:02:3d:e3:fc:ba:d8:
         bb:fb:6b:35:b0:c0:82:ab:b2:b1:f7:8f:c8:22:03:3e:3b:78:
         9b:34:89:50:07:8c:ce:60:0b:6e:a4:9b:55:07:09:02:61:45:
         90:60:67:f6:c6:21:6c:f0:cd:27:e3:2b:b0:01:73:1a:bc:d0:
         4f:4a:6f:e2:e5:63:d5:17:1d:55:ab:b9:c9:93:f9:ce:33:32:
         d1:3a:10:29:05:a4:eb:05:3d:41:ac:da:28:44:f0:e2:58:4c:
         0a:6f:70:a7:2a:99:1e:4d:11:49:07:e5:08:ea:8b:c5:08:ad:
         29:92:99:d7:2e:3e:cc:3c:87:5f:b7:c8:1b:2d:e1:71:d5:c9:
         11:80:5d:c6:db:5e:c7:fa:b1:34:f9:87:43:b5:aa:17:2b:8a:
         9d:82:9f:db
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUI5pG+z9tyFecS7Ag8JROk8qfY1EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjAzMjQwOTQxNTNaFw0yNzAzMjMwOTQ2NTNaMDMxMTAvBgNV
BAMTKDM2NDYwMTk1OEY2M0E5MDE5NDY5MzRCN0U1OTM3RERCNzQwRkJCNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFCj5JbLJujNFwB+rukicmwKIT
56bmiuVu929gpCDJPvmgIQwM4x577o5PKAt2uFzca+wjKU6ub8QoSTvF0fvkutRs
P/n2VP6UQHmR+Bs5Yl4397SnXwBRODs1/naU+IRZoXlI4FF9/CcxQzOKNUpd+WSE
A7YVyeGxaZagST8fBbTYZZv0E43PuTtk/vFmKxc+Qa1P8idX8o7BQzZGzrRghjnv
SnRs25zIiqgHR0WUnLhstUXpwuLNPJIaKUHDs7PQqUOWONh06/SW08ebCYZWqOVb
ssgWFSPCx6STqc310P2/NZxupqi0wuxj9lL1Z4ErAltRUxobHgLfhk8Tp2EBAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNkYBlY9jqQGUaTS35ZN923QPu1YwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
XTANBgkqhkiG9w0BAQsFAAOCAQEAEIXtlK/nGPBuiZhrtI2qoRk+VIZMmjq6INQ9
3fgew1FOmPABhdYGL2V3Iq+6vPvm0K/UOr4wZqSEvYCO1ZIp2+PdlMvPj5A+tPcj
HrdjrGGTedb4sGNMxVPgx6sMqm+mjMaizmtBAj3j/LrYu/trNbDAgquysfePyCID
Pjt4mzSJUAeMzmALbqSbVQcJAmFFkGBn9sYhbPDNJ+MrsAFzGrzQT0pv4uVj1Rcd
Vau5yZP5zjMy0ToQKQWk6wU9QazaKETw4lhMCm9wpyqZHk0RSQflCOqLxQitKZKZ
1y4+zDyHX7fIGy3hcdXJEYBdxttex/qxNPmHQ7WqFyuKnYKf2w==
-----END CERTIFICATE-----