Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e203533333536.roa
File:                     3135392e3235332e352e302f32342d3234203d3e203533333536.roa (raw, json)
Hash identifier:          COjiihfGoQusS2tdYaiH54XY2TSXbsu6hBU0g5l+1eA=
Subject key identifier:   CD:3C:D3:E5:9E:E4:E6:27:55:EE:3A:5A:E7:16:BC:5D:D2:4D:40:F8
Certificate issuer:       /CN=4c189e42f35c944d463d9ea6501f093eb62ba785
Certificate serial:       786C6FE99BB6AA39EFB0510ED195ABA8BDA6B009
Authority key identifier: 4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e203533333536.roa
Signing time:             Tue 28 Apr 2026 13:47:07 +0000
ROA not before:           Tue 28 Apr 2026 13:42:07 +0000
ROA not after:            Tue 27 Apr 2027 13:47:07 +0000
asID:                     53356
IP address blocks:        159.253.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:18:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:6c:6f:e9:9b:b6:aa:39:ef:b0:51:0e:d1:95:ab:a8:bd:a6:b0:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c189e42f35c944d463d9ea6501f093eb62ba785
        Validity
            Not Before: Apr 28 13:42:07 2026 GMT
            Not After : Apr 27 13:47:07 2027 GMT
        Subject: CN=CD3CD3E59EE4E62755EE3A5AE716BC5DD24D40F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:47:31:10:69:a1:97:d1:de:41:90:d8:1a:8a:
                    f6:44:7d:8b:f5:80:90:19:02:ee:69:bc:b2:30:2d:
                    02:ce:1c:42:b1:0c:72:2b:2e:8d:fb:ba:44:c7:c0:
                    e4:d4:64:56:e4:73:74:a4:31:5e:ec:fa:b5:7f:bc:
                    02:73:78:ae:e6:4e:12:42:10:ef:64:80:78:d2:95:
                    fd:8e:ad:2d:01:7f:74:e0:e7:1a:99:71:9b:2c:c6:
                    14:6c:68:ac:92:05:65:64:8d:26:5c:14:c3:c6:0b:
                    9f:88:a9:25:c7:76:f0:ad:ec:bc:0b:e7:d0:7f:02:
                    b5:e0:b0:15:46:77:30:ab:71:e4:33:c5:83:81:bb:
                    9f:9d:74:d6:0c:f6:a7:7b:00:d7:e9:c2:47:54:63:
                    6d:6a:88:c2:49:d0:ce:75:a9:9b:fb:9e:d6:a5:db:
                    7d:1d:e5:ed:e1:64:0c:b3:e1:c0:f2:13:2f:3b:a4:
                    8e:fe:bd:12:15:bd:74:90:f9:71:05:c5:20:96:7f:
                    8f:7a:bb:23:5b:a2:54:e9:59:5d:59:b4:77:5f:99:
                    4d:17:53:08:37:ce:60:4b:49:5b:bb:73:9d:b7:a5:
                    b4:b3:74:a7:20:fd:9e:ac:1d:ed:d1:7c:14:37:d3:
                    e7:cb:97:70:e8:30:55:b6:e4:bb:82:f9:82:a3:96:
                    4e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:3C:D3:E5:9E:E4:E6:27:55:EE:3A:5A:E7:16:BC:5D:D2:4D:40:F8
            X509v3 Authority Key Identifier:
                keyid:4C:18:9E:42:F3:5C:94:4D:46:3D:9E:A6:50:1F:09:3E:B6:2B:A7:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/4C189E42F35C944D463D9EA6501F093EB62BA785.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBieQvNclE1GPZ6mUB8JPrYrp4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ce510e17-31fa-414b-989e-026dbb6fdf51/0/3135392e3235332e352e302f32342d3234203d3e203533333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.253.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:19:77:31:71:a1:66:d6:38:74:a2:02:8c:0f:04:fb:e4:1b:
         6b:82:6d:97:63:21:aa:a7:ee:71:8d:7c:14:9f:e3:c6:92:b7:
         df:69:7f:c6:31:b3:0c:05:77:55:6b:c3:f9:d1:33:35:50:db:
         1c:fd:d7:ae:64:36:c6:d0:7e:dc:8f:c6:f5:3d:44:9c:10:aa:
         55:34:6d:49:31:1f:77:0b:f6:ae:b8:09:46:b1:de:29:02:4d:
         91:56:4c:35:9c:9b:a6:cb:fb:79:61:e2:6e:ef:0e:b0:42:92:
         70:79:00:4f:b2:a1:af:c8:54:4f:dc:d7:3d:3a:8e:56:e4:58:
         29:0c:0b:0a:0a:b2:99:ca:ba:e1:fb:2d:51:fa:f7:f3:05:c8:
         a3:7f:6c:aa:32:2a:7a:cc:d5:e0:f7:69:0c:3b:ef:11:69:89:
         56:11:57:e4:24:ce:3b:d7:2c:b4:ae:05:6e:b3:8f:88:55:9a:
         3f:13:f5:b1:db:85:fc:03:6f:26:69:4f:95:b7:48:b0:91:71:
         72:9d:88:7c:64:4b:d5:f2:b3:07:91:fc:05:44:ae:d8:64:1d:
         ac:fe:99:87:74:5f:75:9c:23:e3:05:39:a5:11:47:da:7f:bc:
         47:d1:5c:45:ac:7c:b2:3b:85:b4:42:8b:fe:96:9d:18:df:53:
         8b:24:14:04
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUeGxv6Zu2qjnvsFEO0ZWrqL2msAkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGMxODllNDJmMzVjOTQ0ZDQ2M2Q5ZWE2NTAxZjA5M2Vi
NjJiYTc4NTAeFw0yNjA0MjgxMzQyMDdaFw0yNzA0MjcxMzQ3MDdaMDMxMTAvBgNV
BAMTKENEM0NEM0U1OUVFNEU2Mjc1NUVFM0E1QUU3MTZCQzVERDI0RDQwRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkRzEQaaGX0d5BkNgaivZEfYv1
gJAZAu5pvLIwLQLOHEKxDHIrLo37ukTHwOTUZFbkc3SkMV7s+rV/vAJzeK7mThJC
EO9kgHjSlf2OrS0Bf3Tg5xqZcZssxhRsaKySBWVkjSZcFMPGC5+IqSXHdvCt7LwL
59B/ArXgsBVGdzCrceQzxYOBu5+ddNYM9qd7ANfpwkdUY21qiMJJ0M51qZv7ntal
230d5e3hZAyz4cDyEy87pI7+vRIVvXSQ+XEFxSCWf496uyNbolTpWV1ZtHdfmU0X
Uwg3zmBLSVu7c523pbSzdKcg/Z6sHe3RfBQ30+fLl3DoMFW25LuC+YKjlk5RAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUzTzT5Z7k5idV7jpa5xa8XdJNQPgwHwYDVR0j
BBgwFoAUTBieQvNclE1GPZ6mUB8JPrYrp4UwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2U1MTBlMTctMzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZk
ZjUxLzAvNEMxODlFNDJGMzVDOTQ0RDQ2M0Q5RUE2NTAxRjA5M0VCNjJCQTc4NS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1RCaWVRdk5jbEUxR1BaNm1VQjhKUHJZ
cnA0VS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvY2U1MTBlMTct
MzFmYS00MTRiLTk4OWUtMDI2ZGJiNmZkZjUxLzAvMzEzNTM5MmUzMjM1MzMyZTM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMzMzMzUzNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJ/9
BTANBgkqhkiG9w0BAQsFAAOCAQEAPxl3MXGhZtY4dKICjA8E++Qba4Jtl2Mhqqfu
cY18FJ/jxpK332l/xjGzDAV3VWvD+dEzNVDbHP3XrmQ2xtB+3I/G9T1EnBCqVTRt
STEfdwv2rrgJRrHeKQJNkVZMNZybpsv7eWHibu8OsEKScHkAT7Khr8hUT9zXPTqO
VuRYKQwLCgqymcq64fstUfr38wXIo39sqjIqeszV4PdpDDvvEWmJVhFX5CTOO9cs
tK4FbrOPiFWaPxP1sduF/ANvJmlPlbdIsJFxcp2IfGRL1fKzB5H8BUSu2GQdrP6Z
h3RfdZwj4wU5pRFH2n+8R9FcRax8sjuFtEKL/padGN9TiyQUBA==
-----END CERTIFICATE-----