Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/3139342e31352e39372e302f32342d3234203d3e203230343733.roa
File:                     3139342e31352e39372e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          0b17idBD6AeKWeXmYyIPqt38AtCgWAHhHs/4uLIwthU=
Subject key identifier:   1F:4C:15:2F:DF:AD:3A:39:EE:B4:0E:E2:04:B4:A7:61:CD:7C:C4:C1
Certificate issuer:       /CN=7374bc6d025135bed9539779a03fdd64abeba11f
Certificate serial:       264DC1BD633697DCB87CB08B206BDB1BD30F3CED
Authority key identifier: 73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/3139342e31352e39372e302f32342d3234203d3e203230343733.roa
Signing time:             Thu 26 Mar 2026 09:00:55 +0000
ROA not before:           Thu 26 Mar 2026 08:55:55 +0000
ROA not after:            Thu 25 Mar 2027 09:00:55 +0000
asID:                     20473
IP address blocks:        194.15.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 12:59:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:4d:c1:bd:63:36:97:dc:b8:7c:b0:8b:20:6b:db:1b:d3:0f:3c:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7374bc6d025135bed9539779a03fdd64abeba11f
        Validity
            Not Before: Mar 26 08:55:55 2026 GMT
            Not After : Mar 25 09:00:55 2027 GMT
        Subject: CN=1F4C152FDFAD3A39EEB40EE204B4A761CD7CC4C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:02:b7:fe:4d:57:b3:f4:65:d2:67:52:de:21:
                    52:ab:ef:88:c8:13:24:f9:35:a9:68:82:f5:9f:40:
                    98:82:0f:63:c5:26:28:45:de:00:56:6c:57:cf:78:
                    a4:e3:1e:86:a3:cf:fd:0d:8e:9b:21:23:76:7b:ed:
                    13:b9:37:0c:6e:36:df:85:a4:f0:b3:e5:69:ab:82:
                    3d:c0:cd:12:6a:81:19:f8:41:e2:09:e2:9b:8a:62:
                    17:40:28:bc:11:7e:76:8d:3f:a6:78:29:06:b4:4e:
                    06:a1:7b:3c:00:48:6d:04:6a:10:5a:6a:08:4e:15:
                    ae:22:b7:b3:f9:2d:21:2c:ec:a7:ca:53:5f:d2:c9:
                    5b:ba:b5:7a:51:1a:66:2d:01:95:11:10:0f:0e:83:
                    3e:91:26:97:93:f9:c8:dc:8e:f9:b0:ab:eb:50:d0:
                    ca:95:7b:6d:fe:86:4b:32:90:b2:9f:70:ac:41:bd:
                    f3:48:3f:7e:20:77:01:0e:a1:f3:37:7d:a6:fe:c1:
                    41:e5:64:12:cf:cc:33:fb:18:1b:2e:d8:50:e1:9e:
                    5d:91:7d:c6:e4:6c:ad:d8:fe:b5:1a:60:35:ca:85:
                    2e:ef:1f:7b:9f:6d:ff:7d:69:a7:ed:23:6c:1e:b5:
                    84:c0:03:5f:a0:d7:8e:e4:12:10:b9:a5:1a:9c:c3:
                    2e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:4C:15:2F:DF:AD:3A:39:EE:B4:0E:E2:04:B4:A7:61:CD:7C:C4:C1
            X509v3 Authority Key Identifier:
                keyid:73:74:BC:6D:02:51:35:BE:D9:53:97:79:A0:3F:DD:64:AB:EB:A1:1F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/7374BC6D025135BED9539779A03FDD64ABEBA11F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3S8bQJRNb7ZU5d5oD_dZKvroR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/e42585f7-bc1b-4970-bd34-dbfd2b2147d2/0/3139342e31352e39372e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:29:2b:84:27:e2:19:d9:ac:4d:b7:bc:75:85:b6:19:08:b7:
         c4:c3:46:fd:07:f2:3d:de:23:46:98:75:3e:bc:de:c6:12:20:
         78:91:e8:44:5f:2b:2a:2b:9a:1b:b5:c3:66:1d:2b:b3:8f:fc:
         94:bb:0a:1f:d8:44:0d:54:c4:12:b3:7a:8d:df:09:da:4e:1d:
         d4:ff:cd:86:b1:b6:6e:df:14:d5:67:0c:24:5d:f7:49:f5:c1:
         66:3d:52:75:75:f7:e8:39:81:76:c3:8e:62:49:46:07:72:e1:
         14:19:19:ab:86:6f:05:f3:3c:14:07:cd:6c:35:4f:72:e1:58:
         a9:43:fc:7d:ee:77:2f:c4:08:8f:82:41:be:32:72:c4:0d:3d:
         39:84:62:88:29:92:9a:72:ca:e2:9e:e9:60:b6:6a:5e:00:ce:
         80:55:ec:6c:55:d8:22:82:ab:b5:c5:5e:cf:f4:99:3d:c4:b5:
         85:69:3c:ad:cd:e1:f6:69:93:44:ab:ff:29:f4:29:ea:7c:cd:
         c5:e0:a2:fe:b2:0f:c7:12:21:3e:82:fa:b1:5c:cd:b1:0c:78:
         aa:db:a4:60:b3:31:fc:c9:a4:00:e7:06:a4:d4:e3:32:61:88:
         39:fc:e1:6e:2e:7b:a6:29:a1:28:bc:c6:db:9f:92:0f:5f:04:
         91:ac:33:a7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJk3BvWM2l9y4fLCLIGvbG9MPPO0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzM3NGJjNmQwMjUxMzViZWQ5NTM5Nzc5YTAzZmRkNjRh
YmViYTExZjAeFw0yNjAzMjYwODU1NTVaFw0yNzAzMjUwOTAwNTVaMDMxMTAvBgNV
BAMTKDFGNEMxNTJGREZBRDNBMzlFRUI0MEVFMjA0QjRBNzYxQ0Q3Q0M0QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Arf+TVez9GXSZ1LeIVKr74jI
EyT5NalogvWfQJiCD2PFJihF3gBWbFfPeKTjHoajz/0NjpshI3Z77RO5NwxuNt+F
pPCz5Wmrgj3AzRJqgRn4QeIJ4puKYhdAKLwRfnaNP6Z4KQa0TgahezwASG0EahBa
aghOFa4it7P5LSEs7KfKU1/SyVu6tXpRGmYtAZUREA8Ogz6RJpeT+cjcjvmwq+tQ
0MqVe23+hksykLKfcKxBvfNIP34gdwEOofM3fab+wUHlZBLPzDP7GBsu2FDhnl2R
fcbkbK3Y/rUaYDXKhS7vH3ufbf99aaftI2wetYTAA1+g147kEhC5pRqcwy7tAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUH0wVL9+tOjnutA7iBLSnYc18xMEwHwYDVR0j
BBgwFoAUc3S8bQJRNb7ZU5d5oD/dZKvroR8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZTQyNTg1ZjctYmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0
N2QyLzAvNzM3NEJDNkQwMjUxMzVCRUQ5NTM5Nzc5QTAzRkRENjRBQkVCQTExRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzUzhiUUpSTmI3WlU1ZDVvRF9kWkt2
cm9SOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTQyNTg1Zjct
YmMxYi00OTcwLWJkMzQtZGJmZDJiMjE0N2QyLzAvMzEzOTM0MmUzMTM1MmUzOTM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIP
YTANBgkqhkiG9w0BAQsFAAOCAQEAYikrhCfiGdmsTbe8dYW2GQi3xMNG/QfyPd4j
Rph1PrzexhIgeJHoRF8rKiuaG7XDZh0rs4/8lLsKH9hEDVTEErN6jd8J2k4d1P/N
hrG2bt8U1WcMJF33SfXBZj1SdXX36DmBdsOOYklGB3LhFBkZq4ZvBfM8FAfNbDVP
cuFYqUP8fe53L8QIj4JBvjJyxA09OYRiiCmSmnLK4p7pYLZqXgDOgFXsbFXYIoKr
tcVez/SZPcS1hWk8rc3h9mmTRKv/KfQp6nzNxeCi/rIPxxIhPoL6sVzNsQx4qtuk
YLMx/MmkAOcGpNTjMmGIOfzhbi57pimhKLzG25+SD18Ekawzpw==
-----END CERTIFICATE-----