Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139342e302e3232392e302f32342d3234203d3e2035343634.roa
File:                     3139342e302e3232392e302f32342d3234203d3e2035343634.roa (raw, json)
Hash identifier:          Hs+t8irZQmOnipJfky4tAubpdiIFI2Fb6+htYTcqLa8=
Subject key identifier:   E2:3D:CD:48:97:71:E0:13:9E:98:B7:AD:D0:6A:28:6A:8E:25:7C:0B
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       307CFC12C176860626AF06F5B7776F37D25FA623
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139342e302e3232392e302f32342d3234203d3e2035343634.roa
Signing time:             Wed 25 Mar 2026 10:46:54 +0000
ROA not before:           Wed 25 Mar 2026 10:41:54 +0000
ROA not after:            Wed 24 Mar 2027 10:46:54 +0000
asID:                     5464
IP address blocks:        194.0.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:35:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:7c:fc:12:c1:76:86:06:26:af:06:f5:b7:77:6f:37:d2:5f:a6:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Mar 25 10:41:54 2026 GMT
            Not After : Mar 24 10:46:54 2027 GMT
        Subject: CN=E23DCD489771E0139E98B7ADD06A286A8E257C0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:db:44:31:cb:08:80:7e:0d:0a:f8:26:b3:b0:
                    09:0f:8a:9e:64:c1:fe:29:27:32:9d:24:d6:fa:2e:
                    4c:42:af:c5:9c:63:be:46:9d:c8:00:23:30:05:c9:
                    49:f8:50:a8:ba:1a:79:ce:4a:9a:f5:6b:e9:3d:ab:
                    f5:81:15:be:c1:27:a3:4b:cd:7e:b6:28:01:30:4b:
                    b3:07:64:23:db:d3:e9:57:71:3b:c8:72:c6:a0:02:
                    2a:99:f2:7a:83:4e:47:78:69:d4:ab:51:f6:c7:c8:
                    6d:70:95:52:f9:3e:a6:b8:3c:24:14:2f:79:a2:bd:
                    37:20:00:63:c5:1d:af:9c:a0:d7:0f:82:33:d6:8b:
                    fa:77:9e:20:32:6d:5a:6b:a6:a4:eb:5e:35:c1:91:
                    b5:c4:c7:57:31:b1:05:95:7f:32:75:28:45:a1:e8:
                    45:db:34:77:08:b8:84:c7:a9:17:3e:fb:18:d5:19:
                    d1:61:54:db:3e:4b:15:cb:83:b6:26:b2:81:d2:84:
                    dc:c8:55:1e:25:30:94:84:6b:e7:44:b4:23:b9:97:
                    0e:86:3c:63:d9:f6:a3:02:4a:cf:2c:be:e2:bb:32:
                    39:71:42:c9:60:94:a8:21:af:b5:ae:39:df:5d:b5:
                    7c:5e:30:a0:eb:db:f3:76:2d:ae:13:f1:ef:d8:1d:
                    50:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:3D:CD:48:97:71:E0:13:9E:98:B7:AD:D0:6A:28:6A:8E:25:7C:0B
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139342e302e3232392e302f32342d3234203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:6d:38:b4:ab:2a:0b:c3:30:b5:86:1e:7f:13:89:64:3c:ae:
         87:2f:8a:87:27:e5:e8:fa:2b:68:6b:a2:3a:c2:2e:8c:26:8e:
         64:41:73:ff:10:cb:da:26:02:a3:b2:65:b0:22:ce:8e:2a:40:
         d6:f9:ee:7b:01:9e:50:43:12:10:27:e3:69:99:cc:35:73:c7:
         aa:94:32:d1:c0:e1:c0:58:e5:06:16:93:71:84:41:27:10:11:
         91:c0:f0:4c:3e:36:a2:ea:c3:00:07:e2:cf:2c:99:86:f5:8a:
         ea:e7:1f:ea:a8:04:64:48:5e:b2:53:a4:f6:f6:28:73:86:8f:
         9e:08:75:f6:8f:33:3b:7e:e5:5c:06:75:bd:ca:e0:6c:a7:0e:
         e5:38:cb:2c:74:ae:15:57:75:a0:21:dd:2e:1c:9f:49:81:64:
         f3:2a:f4:f2:09:2d:15:5d:fa:f6:d8:61:5d:37:14:ab:9e:d7:
         bf:36:dd:50:ce:1a:62:00:b9:a3:0a:61:98:1a:fa:cc:93:7b:
         7f:32:7c:b9:c3:17:7c:fd:bd:d6:15:6b:e0:0e:2c:59:d5:46:
         cb:2f:80:d9:5f:fa:e2:73:90:77:c6:cb:e6:92:a7:8a:86:88:
         89:fe:67:9e:59:44:a9:a7:17:c7:3b:4c:99:bf:7d:82:c0:9c:
         23:bc:f1:94
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUMHz8EsF2hgYmrwb1t3dvN9JfpiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNjAzMjUxMDQxNTRaFw0yNzAzMjQxMDQ2NTRaMDMxMTAvBgNV
BAMTKEUyM0RDRDQ4OTc3MUUwMTM5RTk4QjdBREQwNkEyODZBOEUyNTdDMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs20QxywiAfg0K+CazsAkPip5k
wf4pJzKdJNb6LkxCr8WcY75GncgAIzAFyUn4UKi6GnnOSpr1a+k9q/WBFb7BJ6NL
zX62KAEwS7MHZCPb0+lXcTvIcsagAiqZ8nqDTkd4adSrUfbHyG1wlVL5Pqa4PCQU
L3mivTcgAGPFHa+coNcPgjPWi/p3niAybVprpqTrXjXBkbXEx1cxsQWVfzJ1KEWh
6EXbNHcIuITHqRc++xjVGdFhVNs+SxXLg7YmsoHShNzIVR4lMJSEa+dEtCO5lw6G
PGPZ9qMCSs8svuK7MjlxQslglKghr7WuOd9dtXxeMKDr2/N2La4T8e/YHVA5AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU4j3NSJdx4BOemLet0Gooao4lfAswHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzOTM0MmUzMDJlMzIzMjM5
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzNDM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCAOUw
DQYJKoZIhvcNAQELBQADggEBAD9tOLSrKgvDMLWGHn8TiWQ8rocviocn5ej6K2hr
ojrCLowmjmRBc/8Qy9omAqOyZbAizo4qQNb57nsBnlBDEhAn42mZzDVzx6qUMtHA
4cBY5QYWk3GEQScQEZHA8Ew+NqLqwwAH4s8smYb1iurnH+qoBGRIXrJTpPb2KHOG
j54IdfaPMzt+5VwGdb3K4GynDuU4yyx0rhVXdaAh3S4cn0mBZPMq9PIJLRVd+vbY
YV03FKue17823VDOGmIAuaMKYZga+syTe38yfLnDF3z9vdYVa+AOLFnVRssvgNlf
+uJzkHfGy+aSp4qGiIn+Z55ZRKmnF8c7TJm/fYLAnCO88ZQ=
-----END CERTIFICATE-----