Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/3139342e31352e39362e302f32342d3234203d3e203239383032.roa
File:                     3139342e31352e39362e302f32342d3234203d3e203239383032.roa (raw, json)
Hash identifier:          SNE5+mAfww+BajoQNWNvmtYWTCO+zaPvqhulG++Zvic=
Subject key identifier:   E9:E0:18:A5:15:D6:31:82:4B:36:41:D1:F2:63:EB:99:06:17:DA:4B
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       01A0D8622F2E4F36ECBA79CB8FA8A57272DB129C
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/3139342e31352e39362e302f32342d3234203d3e203239383032.roa
Signing time:             Thu 26 Mar 2026 09:00:56 +0000
ROA not before:           Thu 26 Mar 2026 08:55:56 +0000
ROA not after:            Thu 25 Mar 2027 09:00:56 +0000
asID:                     29802
IP address blocks:        194.15.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:a0:d8:62:2f:2e:4f:36:ec:ba:79:cb:8f:a8:a5:72:72:db:12:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Mar 26 08:55:56 2026 GMT
            Not After : Mar 25 09:00:56 2027 GMT
        Subject: CN=E9E018A515D631824B3641D1F263EB990617DA4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0d:8a:34:a9:7e:8f:25:5b:0a:1d:df:44:db:
                    95:5b:00:d2:7a:41:8d:21:c4:b0:e2:8c:9f:ca:eb:
                    db:e5:d6:97:74:fd:e0:eb:08:38:7b:f9:4d:89:b6:
                    08:87:00:50:10:b7:72:c6:fd:5f:cc:bb:92:f2:66:
                    a8:59:e8:39:e3:c7:fe:f2:ee:5a:f0:65:ed:32:fb:
                    33:55:18:7e:51:a6:7c:0d:71:a4:28:94:99:20:51:
                    2e:96:7a:c0:42:a4:ff:a7:7a:20:62:af:79:39:26:
                    2a:d8:43:de:f8:52:1d:b0:c9:36:d7:6a:5c:5c:21:
                    f8:89:a4:ea:93:01:8e:18:3d:6f:53:47:da:7f:1d:
                    f7:28:f0:43:0b:e7:bd:30:00:d3:86:6a:e5:b4:a6:
                    ec:19:0c:ac:d0:93:ee:ee:d8:62:25:9c:a6:7a:30:
                    93:b5:13:c9:a2:2d:ac:69:1c:94:0d:2a:d3:ed:2e:
                    a1:83:b4:8b:8c:a6:a0:38:94:c8:64:c3:f1:9c:23:
                    15:95:db:33:97:72:a7:48:37:41:c2:55:d3:ec:4e:
                    4d:70:5e:62:ee:09:31:e2:3b:71:86:29:0e:22:e6:
                    ce:6d:d1:e8:15:d1:08:cf:4f:48:94:23:c3:10:8b:
                    37:18:15:08:6a:06:2f:d6:90:89:a2:88:00:27:e0:
                    ac:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E0:18:A5:15:D6:31:82:4B:36:41:D1:F2:63:EB:99:06:17:DA:4B
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/3139342e31352e39362e302f32342d3234203d3e203239383032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:2f:30:8d:04:cb:f8:4e:13:15:81:69:0d:de:3e:f2:5a:9b:
         49:f1:50:1a:b5:4f:1a:2f:fa:e6:09:6d:be:d0:57:4b:8d:c8:
         70:ff:51:38:6e:91:a9:62:75:1f:18:bf:d2:ce:a7:00:8d:ff:
         2d:c4:e2:7e:9b:8d:e7:1d:18:27:12:ba:21:e1:e2:3e:31:37:
         9b:d5:e2:4d:05:96:b9:23:95:b2:d9:81:52:a4:f7:11:8a:24:
         62:de:b7:90:d3:3c:96:93:cd:45:6d:20:db:85:cf:1e:fb:2b:
         ec:2f:98:22:ca:c4:27:24:a0:d4:55:c1:b6:1a:87:59:8e:2b:
         da:7b:fe:be:fb:c0:07:c6:0e:26:33:33:b5:4a:6c:dd:0f:4d:
         fc:6c:5e:84:4e:01:31:3a:18:8e:7d:4c:4e:4a:8b:f7:1c:2d:
         7d:2a:41:fe:29:59:e3:75:12:ad:ba:35:e8:1e:d8:2d:6f:c0:
         5d:6c:b6:08:f7:2d:9f:91:da:fa:67:83:eb:36:4e:3c:a5:c5:
         0b:0b:0a:09:60:23:c5:5b:97:c2:8c:33:9c:23:19:db:35:8f:
         65:cf:3a:e5:37:aa:69:50:2e:38:d4:a8:ee:71:c9:5f:78:da:
         e7:92:e2:6d:01:07:25:14:73:12:14:ee:10:20:c2:49:09:34:
         46:45:51:dd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUAaDYYi8uTzbsunnLj6ilcnLbEpwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjAzMjYwODU1NTZaFw0yNzAzMjUwOTAwNTZaMDMxMTAvBgNV
BAMTKEU5RTAxOEE1MTVENjMxODI0QjM2NDFEMUYyNjNFQjk5MDYxN0RBNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClDYo0qX6PJVsKHd9E25VbANJ6
QY0hxLDijJ/K69vl1pd0/eDrCDh7+U2JtgiHAFAQt3LG/V/Mu5LyZqhZ6Dnjx/7y
7lrwZe0y+zNVGH5RpnwNcaQolJkgUS6WesBCpP+neiBir3k5JirYQ974Uh2wyTbX
alxcIfiJpOqTAY4YPW9TR9p/Hfco8EML570wANOGauW0puwZDKzQk+7u2GIlnKZ6
MJO1E8miLaxpHJQNKtPtLqGDtIuMpqA4lMhkw/GcIxWV2zOXcqdIN0HCVdPsTk1w
XmLuCTHiO3GGKQ4i5s5t0egV0QjPT0iUI8MQizcYFQhqBi/WkImiiAAn4Kz1AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQU6eAYpRXWMYJLNkHR8mPrmQYX2kswHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzEzOTM0MmUzMTM1MmUzOTM2
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzOTM4MzAzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIP
YDANBgkqhkiG9w0BAQsFAAOCAQEAFC8wjQTL+E4TFYFpDd4+8lqbSfFQGrVPGi/6
5gltvtBXS43IcP9ROG6RqWJ1Hxi/0s6nAI3/LcTifpuN5x0YJxK6IeHiPjE3m9Xi
TQWWuSOVstmBUqT3EYokYt63kNM8lpPNRW0g24XPHvsr7C+YIsrEJySg1FXBthqH
WY4r2nv+vvvAB8YOJjMztUps3Q9N/GxehE4BMToYjn1MTkqL9xwtfSpB/ilZ43US
rbo16B7YLW/AXWy2CPctn5Ha+meD6zZOPKXFCwsKCWAjxVuXwowznCMZ2zWPZc86
5TeqaVAuONSo7nHJX3ja55LibQEHJRRzEhTuECDCSQk0RkVR3Q==
-----END CERTIFICATE-----