Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa
File:                     326131313a353730303a3a2f33322d3332203d3e203438303730.roa (raw, json)
Hash identifier:          MbZniZRQMpujnB5CTF7VLJsyV8yR9CJ1rSdo27cUHsc=
Subject key identifier:   DD:C9:11:4F:0B:1A:54:EA:84:9C:98:0B:EE:65:22:8C:BD:D8:13:CB
Certificate issuer:       /CN=98a87cad5b710890a9528f166f4202393824e6b8
Certificate serial:       6C759AE04AAA40AF500EB4DC382A00B6722837AC
Authority key identifier: 98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa
Signing time:             Tue 28 Apr 2026 16:07:19 +0000
ROA not before:           Tue 28 Apr 2026 16:02:19 +0000
ROA not after:            Tue 27 Apr 2027 16:07:19 +0000
asID:                     48070
IP address blocks:        2a11:5700::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 04:09:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:75:9a:e0:4a:aa:40:af:50:0e:b4:dc:38:2a:00:b6:72:28:37:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98a87cad5b710890a9528f166f4202393824e6b8
        Validity
            Not Before: Apr 28 16:02:19 2026 GMT
            Not After : Apr 27 16:07:19 2027 GMT
        Subject: CN=DDC9114F0B1A54EA849C980BEE65228CBDD813CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:db:e7:34:fb:21:a9:7d:e0:21:dc:5b:89:ac:
                    93:40:d3:29:0b:3c:2f:19:10:6e:c4:d3:24:14:8e:
                    43:5e:c4:3a:53:1c:ab:80:f0:f4:5d:d1:30:64:f6:
                    d5:62:5b:23:52:1d:a5:bb:44:c4:f0:04:89:22:49:
                    59:4a:ed:17:40:f4:9e:36:34:cd:1c:6e:71:de:19:
                    7a:7c:1d:2a:7b:77:ea:7a:6f:6a:a7:d1:69:33:d6:
                    0e:1b:02:e4:47:91:3e:fd:d9:bd:f2:a3:c2:91:59:
                    c9:bf:37:09:b8:7c:2f:1c:6d:02:0f:0e:da:a4:af:
                    a6:d6:da:b8:3b:79:f3:d2:34:ae:79:38:08:cf:05:
                    07:ed:0c:16:b0:f3:a0:c6:45:77:85:c2:c0:72:a5:
                    e2:3a:f1:ae:16:26:a8:1e:fb:36:da:c6:3a:40:96:
                    42:36:ec:69:c2:20:a0:1c:60:f8:5c:14:90:bc:80:
                    c9:e5:8d:ce:06:94:b1:bb:a5:69:41:41:34:82:c3:
                    31:ca:6c:cb:57:12:3b:47:02:c4:eb:ec:cd:81:88:
                    f3:c8:36:bd:67:13:40:38:99:f9:10:6b:2e:a3:c3:
                    bc:f1:83:fd:4b:98:87:28:57:79:96:1c:ac:e2:36:
                    98:f1:dc:e8:97:a4:5d:4b:e1:84:46:55:97:7f:9d:
                    e8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:C9:11:4F:0B:1A:54:EA:84:9C:98:0B:EE:65:22:8C:BD:D8:13:CB
            X509v3 Authority Key Identifier:
                keyid:98:A8:7C:AD:5B:71:08:90:A9:52:8F:16:6F:42:02:39:38:24:E6:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/98A87CAD5B710890A9528F166F4202393824E6B8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mKh8rVtxCJCpUo8Wb0ICOTgk5rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dce196fe-4b1a-46ea-9c95-4af12964a49d/0/326131313a353730303a3a2f33322d3332203d3e203438303730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:41:e4:17:5a:86:a1:1b:62:38:75:35:0a:ab:a8:e4:7b:fa:
         8a:5c:47:d7:9a:ca:44:16:44:11:91:3e:9a:b6:05:08:11:ad:
         46:5f:a9:6e:33:0d:8a:c5:17:d8:ef:88:b2:9e:a5:5a:6b:58:
         2d:87:15:2d:15:c7:15:ed:9e:c8:6e:0a:09:05:05:69:00:a8:
         ee:53:ac:b4:cf:88:48:71:da:26:88:24:b7:ec:3c:15:26:71:
         a0:49:97:cd:89:ff:1e:db:33:85:93:db:35:48:c6:c7:fb:02:
         9c:b4:92:9c:17:a4:cb:f9:7a:d8:0f:a9:75:04:86:46:5d:0b:
         2f:4e:73:03:d5:e9:7a:ef:4c:66:b3:0b:4f:a8:33:a4:0a:5b:
         25:f5:09:ae:c8:23:fb:fb:db:60:b4:97:4b:79:2b:b8:78:89:
         90:7e:c7:9b:7a:18:e4:3c:75:cc:2c:6a:62:43:40:85:37:92:
         01:fc:b9:a9:1f:91:45:82:83:53:fc:b7:1f:e8:a8:5a:38:14:
         21:de:1d:ff:49:a4:34:67:0d:67:ae:b5:c8:5f:cd:b1:87:04:
         de:ee:e9:5a:be:c6:d4:a5:df:ce:fd:18:8c:1d:b3:19:56:02:
         e6:f6:0b:3a:8d:7d:a2:f2:03:89:47:45:37:6a:3e:2e:5f:23:
         17:14:f2:91
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIUbHWa4EqqQK9QDrTcOCoAtnIoN6wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOThhODdjYWQ1YjcxMDg5MGE5NTI4ZjE2NmY0MjAyMzkz
ODI0ZTZiODAeFw0yNjA0MjgxNjAyMTlaFw0yNzA0MjcxNjA3MTlaMDMxMTAvBgNV
BAMTKEREQzkxMTRGMEIxQTU0RUE4NDlDOTgwQkVFNjUyMjhDQkREODEzQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR2+c0+yGpfeAh3FuJrJNA0ykL
PC8ZEG7E0yQUjkNexDpTHKuA8PRd0TBk9tViWyNSHaW7RMTwBIkiSVlK7RdA9J42
NM0cbnHeGXp8HSp7d+p6b2qn0Wkz1g4bAuRHkT792b3yo8KRWcm/Nwm4fC8cbQIP
Dtqkr6bW2rg7efPSNK55OAjPBQftDBaw86DGRXeFwsBypeI68a4WJqge+zbaxjpA
lkI27GnCIKAcYPhcFJC8gMnljc4GlLG7pWlBQTSCwzHKbMtXEjtHAsTr7M2BiPPI
Nr1nE0A4mfkQay6jw7zxg/1LmIcoV3mWHKziNpjx3OiXpF1L4YRGVZd/negPAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQU3ckRTwsaVOqEnJgL7mUijL3YE8swHwYDVR0j
BBgwFoAUmKh8rVtxCJCpUo8Wb0ICOTgk5rgwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUtNGIxYS00NmVhLTljOTUtNGFmMTI5NjRh
NDlkLzAvOThBODdDQUQ1QjcxMDg5MEE5NTI4RjE2NkY0MjAyMzkzODI0RTZCOC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL21LaDhyVnR4Q0pDcFVvOFdiMElDT1Rn
azVyZy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGNlMTk2ZmUt
NGIxYS00NmVhLTljOTUtNGFmMTI5NjRhNDlkLzAvMzI2MTMxMzEzYTM1MzczMDMw
M2EzYTJmMzMzMjJkMzMzMjIwM2QzZTIwMzQzODMwMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoR
VwAwDQYJKoZIhvcNAQELBQADggEBAI5B5BdahqEbYjh1NQqrqOR7+opcR9eaykQW
RBGRPpq2BQgRrUZfqW4zDYrFF9jviLKepVprWC2HFS0VxxXtnshuCgkFBWkAqO5T
rLTPiEhx2iaIJLfsPBUmcaBJl82J/x7bM4WT2zVIxsf7Apy0kpwXpMv5etgPqXUE
hkZdCy9OcwPV6XrvTGazC0+oM6QKWyX1Ca7II/v722C0l0t5K7h4iZB+x5t6GOQ8
dcwsamJDQIU3kgH8uakfkUWCg1P8tx/oqFo4FCHeHf9JpDRnDWeutchfzbGHBN7u
6Vq+xtSl3879GIwdsxlWAub2CzqNfaLyA4lHRTdqPi5fIxcU8pE=
-----END CERTIFICATE-----