Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136322e302f32332d3234203d3e2039333034.roa
File:                     3138352e322e3136322e302f32332d3234203d3e2039333034.roa (raw, json)
Hash identifier:          Wjjo4BAeQa46xqfwq/Sxl7hZnVc7WLFHYVccugcqEgY=
Subject key identifier:   8A:F9:6E:2B:08:80:AF:45:3E:05:17:BD:78:44:D8:2D:2E:8D:8C:58
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       1DAA2005C5FEC098641D9AD53A842D54E5C61E3D
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136322e302f32332d3234203d3e2039333034.roa
Signing time:             Mon 16 Mar 2026 19:18:42 +0000
ROA not before:           Mon 16 Mar 2026 19:13:42 +0000
ROA not after:            Mon 15 Mar 2027 19:18:42 +0000
asID:                     9304
IP address blocks:        185.2.162.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 14:51:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:aa:20:05:c5:fe:c0:98:64:1d:9a:d5:3a:84:2d:54:e5:c6:1e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Mar 16 19:13:42 2026 GMT
            Not After : Mar 15 19:18:42 2027 GMT
        Subject: CN=8AF96E2B0880AF453E0517BD7844D82D2E8D8C58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:06:26:07:14:91:7b:34:e2:23:62:e6:71:b4:
                    03:1c:f7:8c:f7:7e:67:fd:76:a3:8f:9a:81:9e:19:
                    9d:d0:d2:bd:a2:91:7b:41:8e:49:04:cc:85:ab:64:
                    af:fb:49:53:b1:c7:b9:14:3d:48:14:e6:16:07:82:
                    48:32:3e:2e:d6:73:a7:82:bc:0d:b1:0c:f2:51:00:
                    4c:06:94:5e:a1:8a:43:e4:63:57:27:ef:7f:6c:a2:
                    a6:cd:3d:09:c1:78:27:a8:fa:c3:87:1f:4a:b0:36:
                    90:3a:18:bf:c6:ca:d2:d6:18:fb:95:7f:34:72:6e:
                    9e:ec:81:12:27:89:07:b5:11:2e:20:15:7d:8d:e9:
                    e3:3b:fb:c0:b9:eb:6e:86:5b:ac:78:5a:22:d4:e0:
                    37:1a:de:e8:1e:11:d3:31:aa:55:1e:f8:10:86:18:
                    8f:d8:50:38:98:9d:18:78:e2:98:ac:ae:46:41:8c:
                    7f:9d:92:e2:49:50:f9:c5:ec:b1:ba:b1:3c:9a:42:
                    e9:0f:0f:d1:42:89:0a:1a:48:28:cc:2c:11:d8:cb:
                    f9:d4:f7:87:7b:12:4b:4b:d3:11:c0:0c:7d:42:71:
                    93:6a:2a:6b:fa:26:07:5b:fa:fb:e2:ca:26:b6:52:
                    e3:0b:f3:f8:f7:27:b6:47:f0:19:df:a4:2d:f4:a7:
                    0e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F9:6E:2B:08:80:AF:45:3E:05:17:BD:78:44:D8:2D:2E:8D:8C:58
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3138352e322e3136322e302f32332d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:c7:02:1e:99:5d:bc:f1:fe:90:32:fd:d9:d5:2f:51:83:80:
         c7:eb:fe:2e:2a:2f:be:d5:24:a1:90:02:5d:1d:4d:1e:fb:d0:
         77:15:dc:67:1f:1e:1d:cd:58:25:61:36:3e:3d:53:83:f9:fc:
         30:4f:9b:49:9d:1a:f3:9f:21:a7:ba:b4:52:c3:16:23:9e:76:
         6c:9e:59:cb:92:12:2a:78:eb:96:a6:73:16:87:28:cb:61:55:
         60:4b:41:84:7a:d9:b6:47:d8:a4:cc:17:38:c5:7c:1c:3c:3e:
         b0:9f:d6:30:0c:77:d4:bb:8e:3a:72:e3:ab:1f:15:43:fa:3f:
         29:63:62:1b:ca:70:fc:29:a2:cf:7d:34:8f:96:97:64:21:8c:
         44:ed:75:c2:50:58:c6:3a:9f:9b:70:8e:c2:44:48:80:9c:e5:
         c0:bf:a4:95:77:2a:22:2a:69:fa:a7:59:0d:0e:bf:5e:a1:42:
         38:e7:14:14:d9:29:60:60:d5:50:3e:3f:96:e0:a8:14:38:8a:
         0b:cf:fc:a1:c2:3f:ca:18:ba:b2:76:b4:6a:12:55:05:66:93:
         57:15:74:4e:f2:23:49:a1:3b:f7:f3:3b:14:55:4f:e7:77:4d:
         13:2c:8f:95:01:b8:58:f6:5c:09:31:a7:18:38:26:8b:83:5a:
         97:b8:e7:28
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHaogBcX+wJhkHZrVOoQtVOXGHj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNjAzMTYxOTEzNDJaFw0yNzAzMTUxOTE4NDJaMDMxMTAvBgNV
BAMTKDhBRjk2RTJCMDg4MEFGNDUzRTA1MTdCRDc4NDREODJEMkU4RDhDNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWBiYHFJF7NOIjYuZxtAMc94z3
fmf9dqOPmoGeGZ3Q0r2ikXtBjkkEzIWrZK/7SVOxx7kUPUgU5hYHgkgyPi7Wc6eC
vA2xDPJRAEwGlF6hikPkY1cn739soqbNPQnBeCeo+sOHH0qwNpA6GL/GytLWGPuV
fzRybp7sgRIniQe1ES4gFX2N6eM7+8C5626GW6x4WiLU4Dca3ugeEdMxqlUe+BCG
GI/YUDiYnRh44pisrkZBjH+dkuJJUPnF7LG6sTyaQukPD9FCiQoaSCjMLBHYy/nU
94d7EktL0xHADH1CcZNqKmv6Jgdb+vviyia2UuML8/j3J7ZH8BnfpC30pw6RAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUivluKwiAr0U+BRe9eETYLS6NjFgwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzODM1MmUzMjJlMzEzNjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzkzMzMwMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG5AqIw
DQYJKoZIhvcNAQELBQADggEBAF7HAh6ZXbzx/pAy/dnVL1GDgMfr/i4qL77VJKGQ
Al0dTR770HcV3GcfHh3NWCVhNj49U4P5/DBPm0mdGvOfIae6tFLDFiOedmyeWcuS
Eip465amcxaHKMthVWBLQYR62bZH2KTMFzjFfBw8PrCf1jAMd9S7jjpy46sfFUP6
PyljYhvKcPwpos99NI+Wl2QhjETtdcJQWMY6n5twjsJESICc5cC/pJV3KiIqafqn
WQ0Ov16hQjjnFBTZKWBg1VA+P5bgqBQ4igvP/KHCP8oYurJ2tGoSVQVmk1cVdE7y
I0mhO/fzOxRVT+d3TRMsj5UBuFj2XAkxpxg4JouDWpe45yg=
-----END CERTIFICATE-----