Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/326130303a316466303a3a2f33322d3332203d3e2035343634.roa
File:                     326130303a316466303a3a2f33322d3332203d3e2035343634.roa (raw, json)
Hash identifier:          OAEK5JZd7BFlL79h9PBnbNqOxe1gIn6F74tWBPdElDM=
Subject key identifier:   12:7B:C9:A4:4A:BB:C2:E8:55:F0:0D:30:94:BE:15:D1:1C:1F:87:CD
Certificate issuer:       /CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
Certificate serial:       6CFC90F46C4D0A94386BEE9ED72B7D0946C58E70
Authority key identifier: 9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/326130303a316466303a3a2f33322d3332203d3e2035343634.roa
Signing time:             Wed 25 Mar 2026 17:46:54 +0000
ROA not before:           Wed 25 Mar 2026 17:41:54 +0000
ROA not after:            Wed 24 Mar 2027 17:46:54 +0000
asID:                     5464
IP address blocks:        2a00:1df0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:35:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:fc:90:f4:6c:4d:0a:94:38:6b:ee:9e:d7:2b:7d:09:46:c5:8e:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0d24c855eee00fe4abf3903c6e8fcc7083ed4d
        Validity
            Not Before: Mar 25 17:41:54 2026 GMT
            Not After : Mar 24 17:46:54 2027 GMT
        Subject: CN=127BC9A44ABBC2E855F00D3094BE15D11C1F87CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fa:5a:c2:d0:ad:86:16:96:73:67:fd:b5:fe:
                    21:f6:3c:33:cb:08:fc:59:6f:cf:36:bb:04:c2:2f:
                    95:3d:b7:fe:75:b2:e9:81:eb:90:b3:1a:88:16:f4:
                    0f:42:5d:41:bc:da:63:41:f8:13:7a:5a:da:56:4a:
                    9d:95:da:66:f0:25:8a:ec:ed:a9:89:57:b2:5a:0f:
                    ea:50:a7:81:c8:4e:50:23:2d:f8:9e:98:d6:4e:da:
                    3d:ce:dc:30:e7:9b:2b:3d:e0:7b:3f:76:63:99:15:
                    f3:16:5c:ab:f3:0d:0a:4c:8a:49:fa:86:b5:f2:b6:
                    ad:d3:61:3c:ea:61:8f:c7:96:77:5f:01:4e:2e:5c:
                    23:69:f2:83:4e:28:ea:3a:94:c2:c8:18:b1:82:2b:
                    92:83:48:4c:2e:33:f4:af:6f:8f:fa:29:35:24:f1:
                    65:2e:e2:b1:65:5a:58:0d:ee:fd:4b:4e:de:f1:f3:
                    fe:2e:23:0d:13:6e:ca:09:39:46:e9:d0:d8:72:a3:
                    d8:13:0a:a0:47:8f:5c:ca:a1:13:41:7e:45:e0:ff:
                    ed:37:78:a1:35:25:95:18:b7:08:3d:8b:c1:d0:92:
                    cd:9a:e5:f8:7f:3a:d1:c7:7f:89:3d:ed:6d:76:1d:
                    5b:17:4e:82:0c:25:a2:1d:ba:ff:85:a5:91:90:08:
                    25:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:7B:C9:A4:4A:BB:C2:E8:55:F0:0D:30:94:BE:15:D1:1C:1F:87:CD
            X509v3 Authority Key Identifier:
                keyid:9F:0D:24:C8:55:EE:E0:0F:E4:AB:F3:90:3C:6E:8F:CC:70:83:ED:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/9F0D24C855EEE00FE4ABF3903C6E8FCC7083ED4D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nw0kyFXu4A_kq_OQPG6PzHCD7U0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/af31768d-42b1-4e92-b83f-bef7ee017813/0/326130303a316466303a3a2f33322d3332203d3e2035343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1df0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:96:51:cf:82:84:22:6e:21:e9:b6:ee:44:de:38:13:d6:8b:
         83:51:53:b8:ec:1a:2d:3f:17:80:be:4c:ef:ed:61:de:f2:e4:
         12:11:91:03:fe:28:62:b9:27:1a:e7:78:b8:fa:67:f0:83:da:
         95:0f:a0:dd:20:c1:c3:56:f2:b1:34:db:f8:11:97:a0:f4:a1:
         48:21:d5:60:48:2a:10:5f:d6:e1:15:3f:ee:87:d4:ac:6f:ba:
         08:c7:c4:1a:d4:e8:4f:c7:10:10:4b:ff:0f:29:8c:60:7c:ec:
         38:e4:b8:3f:a3:75:c6:02:cb:61:27:c0:eb:20:2c:63:99:51:
         1e:6f:23:84:af:ea:1b:c9:63:34:2c:d5:24:c1:76:dc:1f:b2:
         b2:ef:3c:65:b5:ef:49:e4:10:33:f5:1b:a5:88:11:81:4f:5d:
         92:d2:44:4b:9f:9f:42:6d:cc:4f:b7:49:7e:6d:0f:9b:b4:34:
         65:fc:6d:ba:de:cf:89:31:22:82:eb:57:f3:75:4e:9f:c1:ea:
         1a:ce:e0:24:32:a3:c0:c2:b7:9b:c4:99:e0:2a:5f:a5:72:7f:
         ec:9e:f8:56:8b:56:97:b1:b3:31:0d:47:3c:4c:30:25:38:5d:
         1c:60:4f:8c:88:3c:57:af:00:fd:0b:be:73:56:20:fe:fb:70:
         d4:12:d3:9d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUbPyQ9GxNCpQ4a+6e1yt9CUbFjnAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWYwZDI0Yzg1NWVlZTAwZmU0YWJmMzkwM2M2ZThmY2M3
MDgzZWQ0ZDAeFw0yNjAzMjUxNzQxNTRaFw0yNzAzMjQxNzQ2NTRaMDMxMTAvBgNV
BAMTKDEyN0JDOUE0NEFCQkMyRTg1NUYwMEQzMDk0QkUxNUQxMUMxRjg3Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk+lrC0K2GFpZzZ/21/iH2PDPL
CPxZb882uwTCL5U9t/51sumB65CzGogW9A9CXUG82mNB+BN6WtpWSp2V2mbwJYrs
7amJV7JaD+pQp4HITlAjLfiemNZO2j3O3DDnmys94Hs/dmOZFfMWXKvzDQpMikn6
hrXytq3TYTzqYY/HlndfAU4uXCNp8oNOKOo6lMLIGLGCK5KDSEwuM/Svb4/6KTUk
8WUu4rFlWlgN7v1LTt7x8/4uIw0TbsoJOUbp0Nhyo9gTCqBHj1zKoRNBfkXg/+03
eKE1JZUYtwg9i8HQks2a5fh/OtHHf4k97W12HVsXToIMJaIduv+FpZGQCCX1AgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQUEnvJpEq7wuhV8A0wlL4V0Rwfh80wHwYDVR0j
BBgwFoAUnw0kyFXu4A/kq/OQPG6PzHCD7U0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQtNDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3
ODEzLzAvOUYwRDI0Qzg1NUVFRTAwRkU0QUJGMzkwM0M2RThGQ0M3MDgzRUQ0RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL253MGt5Rlh1NEFfa3FfT1FQRzZQekhD
RDdVMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWYzMTc2OGQt
NDJiMS00ZTkyLWI4M2YtYmVmN2VlMDE3ODEzLzAvMzI2MTMwMzAzYTMxNjQ2NjMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzUzNDM2MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqAB3w
MA0GCSqGSIb3DQEBCwUAA4IBAQBellHPgoQibiHptu5E3jgT1ouDUVO47BotPxeA
vkzv7WHe8uQSEZED/ihiuSca53i4+mfwg9qVD6DdIMHDVvKxNNv4EZeg9KFIIdVg
SCoQX9bhFT/uh9Ssb7oIx8Qa1OhPxxAQS/8PKYxgfOw45Lg/o3XGAsthJ8DrICxj
mVEebyOEr+obyWM0LNUkwXbcH7Ky7zxlte9J5BAz9RuliBGBT12S0kRLn59CbcxP
t0l+bQ+btDRl/G263s+JMSKC61fzdU6fweoazuAkMqPAwrebxJngKl+lcn/snvhW
i1aXsbMxDUc8TDAlOF0cYE+MiDxXrwD9C75zViD++3DUEtOd
-----END CERTIFICATE-----