Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa
File:                     3139352e3138342e39322e302f32332d3233203d3e2035343634.roa (raw, json)
Hash identifier:          Eraz9BKSO1TLH/SvttKBRKKWjh8Z6j9zrys6hU/wyEI=
Subject key identifier:   9A:D6:05:13:29:81:DB:1A:C3:B3:D3:85:4D:2C:53:09:64:CD:E8:68
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       7C710BE1CBE25C9CC6AD96E085338951F505F133
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa
Signing time:             Wed 25 Mar 2026 10:46:54 +0000
ROA not before:           Wed 25 Mar 2026 10:41:54 +0000
ROA not after:            Wed 24 Mar 2027 10:46:54 +0000
asID:                     5464
IP address blocks:        195.184.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:35:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:71:0b:e1:cb:e2:5c:9c:c6:ad:96:e0:85:33:89:51:f5:05:f1:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Mar 25 10:41:54 2026 GMT
            Not After : Mar 24 10:46:54 2027 GMT
        Subject: CN=9AD605132981DB1AC3B3D3854D2C530964CDE868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0c:87:3d:2d:03:61:bd:22:91:af:be:6f:f4:
                    25:25:ef:e2:45:70:fe:05:22:12:94:a5:42:a2:cd:
                    b0:f7:8e:15:f0:fb:1f:db:7f:fa:31:8e:0a:35:26:
                    03:81:eb:72:10:56:27:19:ca:68:b3:83:5f:2f:04:
                    e1:8c:3b:01:ac:1f:b2:ad:47:48:1e:4c:c3:44:c4:
                    f6:d9:1b:d4:b2:f9:54:6d:8d:35:1f:05:92:18:2c:
                    a7:12:b5:00:dc:9b:d7:b0:9e:0e:ce:81:59:89:ea:
                    1b:96:0c:23:90:50:2e:d1:b2:80:02:b8:43:6b:d0:
                    22:9c:ca:a4:3d:27:bd:a4:85:af:07:70:26:35:de:
                    1a:7d:2e:8d:4b:33:98:07:77:5e:b6:eb:6a:b1:64:
                    c8:a7:97:07:b1:4c:43:fd:37:fa:0d:98:b8:02:05:
                    3f:e9:60:2c:ae:75:f1:7b:13:b4:ec:c2:30:bd:dc:
                    28:9a:b4:8b:37:73:12:be:c5:de:e7:d0:51:4d:4a:
                    fb:ba:45:2e:df:9d:20:7e:b4:da:62:bc:9d:ec:17:
                    57:dd:ec:07:a7:29:9c:a1:bd:6c:c4:89:e9:77:c7:
                    97:c2:fd:00:dd:c5:20:ff:41:64:54:84:6c:c6:fd:
                    f9:b7:4c:d0:6a:b5:e2:db:8d:7c:c1:98:17:a0:a4:
                    eb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D6:05:13:29:81:DB:1A:C3:B3:D3:85:4D:2C:53:09:64:CD:E8:68
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/3139352e3138342e39322e302f32332d3233203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.184.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:ba:eb:db:48:10:cc:cc:69:c1:da:81:0c:40:30:94:90:7a:
         a5:6a:0c:19:26:b7:5c:cf:b3:11:83:21:22:79:f8:13:b6:cb:
         3c:ba:64:bb:7a:ce:d2:82:c6:b4:2a:16:70:3c:53:04:ad:28:
         5d:4b:91:ef:cd:44:54:cb:df:87:1d:74:50:ba:db:51:9f:e0:
         33:b6:87:34:a7:4b:1e:4a:ff:f1:27:b5:99:19:6d:3d:3b:25:
         cd:57:58:f7:39:a2:ab:59:52:70:74:6c:60:e2:0f:4b:13:da:
         ec:6f:ad:5c:16:ae:3f:6a:bc:17:9d:b8:31:fe:ce:df:6f:b1:
         3f:26:ca:2c:33:25:8d:b3:90:db:46:b1:58:2a:38:bb:96:14:
         35:d1:91:b8:ae:4b:dd:5a:a8:db:94:8f:ee:0f:5f:eb:d3:44:
         40:eb:04:2c:61:97:21:12:08:9c:e2:d4:6a:d0:0b:25:fd:41:
         2f:39:9e:54:c6:84:fa:3d:6d:fc:34:6b:2f:13:e8:4c:04:83:
         d0:d4:b1:0f:aa:d3:ba:da:b4:5e:d2:ba:90:4f:99:e8:04:61:
         54:59:da:2b:a1:0d:ed:00:00:c5:03:c9:ac:6c:80:0f:cd:17:
         a7:96:a7:5c:ef:f3:b4:77:eb:46:8c:3d:3c:b5:23:69:63:68:
         27:25:10:28
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfHEL4cviXJzGrZbghTOJUfUF8TMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNjAzMjUxMDQxNTRaFw0yNzAzMjQxMDQ2NTRaMDMxMTAvBgNV
BAMTKDlBRDYwNTEzMjk4MURCMUFDM0IzRDM4NTREMkM1MzA5NjRDREU4NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbDIc9LQNhvSKRr75v9CUl7+JF
cP4FIhKUpUKizbD3jhXw+x/bf/oxjgo1JgOB63IQVicZymizg18vBOGMOwGsH7Kt
R0geTMNExPbZG9Sy+VRtjTUfBZIYLKcStQDcm9ewng7OgVmJ6huWDCOQUC7RsoAC
uENr0CKcyqQ9J72kha8HcCY13hp9Lo1LM5gHd16262qxZMinlwexTEP9N/oNmLgC
BT/pYCyudfF7E7TswjC93CiatIs3cxK+xd7n0FFNSvu6RS7fnSB+tNpivJ3sF1fd
7AenKZyhvWzEiel3x5fC/QDdxSD/QWRUhGzG/fm3TNBqteLbjXzBmBegpOuvAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmtYFEymB2xrDs9OFTSxTCWTN6GgwHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzEzOTM1MmUzMTM4MzQyZTM5
MzIyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzNTM0MzYzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcO4
XDANBgkqhkiG9w0BAQsFAAOCAQEAYbrr20gQzMxpwdqBDEAwlJB6pWoMGSa3XM+z
EYMhInn4E7bLPLpku3rO0oLGtCoWcDxTBK0oXUuR781EVMvfhx10ULrbUZ/gM7aH
NKdLHkr/8Se1mRltPTslzVdY9zmiq1lScHRsYOIPSxPa7G+tXBauP2q8F524Mf7O
32+xPybKLDMljbOQ20axWCo4u5YUNdGRuK5L3Vqo25SP7g9f69NEQOsELGGXIRII
nOLUatALJf1BLzmeVMaE+j1t/DRrLxPoTASD0NSxD6rTutq0XtK6kE+Z6ARhVFna
K6EN7QAAxQPJrGyAD80Xp5anXO/ztHfrRow9PLUjaWNoJyUQKA==
-----END CERTIFICATE-----