Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3138352e3138392e32372e302f32342d3234203d3e2033313730.roa
File:                     3138352e3138392e32372e302f32342d3234203d3e2033313730.roa (raw, json)
Hash identifier:          Wd65Nkxs8kNNzdN7ry69jCmWY+avhcyrb16km9zXRrY=
Subject key identifier:   06:09:20:48:C9:2B:6F:71:17:67:4B:87:2B:BD:84:EB:D4:34:F9:AD
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       2BC8754FC153BAF47C8C7FB9176AEFC1A2F2057E
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3138352e3138392e32372e302f32342d3234203d3e2033313730.roa
Signing time:             Tue 24 Mar 2026 17:39:32 +0000
ROA not before:           Tue 24 Mar 2026 17:34:32 +0000
ROA not after:            Tue 23 Mar 2027 17:39:32 +0000
asID:                     3170
IP address blocks:        185.189.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:c8:75:4f:c1:53:ba:f4:7c:8c:7f:b9:17:6a:ef:c1:a2:f2:05:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Mar 24 17:34:32 2026 GMT
            Not After : Mar 23 17:39:32 2027 GMT
        Subject: CN=06092048C92B6F7117674B872BBD84EBD434F9AD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:71:e0:15:07:c6:65:44:09:f2:31:93:33:17:
                    ae:37:d1:8e:cb:c1:f2:dc:db:14:69:2d:d8:69:e4:
                    d0:4c:a1:d2:b3:6d:60:4b:86:91:3d:6d:eb:16:ac:
                    3e:1b:18:bc:d9:75:4a:94:34:7d:4d:b9:e6:b5:85:
                    43:48:da:d9:23:22:51:e2:f2:8f:03:16:c6:25:e7:
                    36:f2:46:6c:df:02:38:85:93:ec:e3:e0:57:1c:f6:
                    af:c0:26:f4:c8:87:16:4b:c0:62:1d:f2:a2:e2:5e:
                    1f:60:dc:45:56:05:95:ac:0e:99:2f:65:f8:68:99:
                    57:f4:ab:b4:c2:a0:66:f2:e2:b7:86:05:3b:9f:55:
                    65:62:bc:88:9d:ab:6d:3d:38:62:35:5b:4c:fa:48:
                    1f:12:50:d4:02:b5:0f:a4:37:53:a8:d1:98:f3:3f:
                    9d:34:ab:2a:86:99:48:01:95:15:f4:65:fe:b2:7c:
                    7f:ce:64:5b:92:5e:8e:a3:a0:a3:74:d9:8c:7e:1a:
                    f3:62:6e:f1:6e:33:5d:1b:1d:5f:c4:ae:99:4a:13:
                    b4:bc:f4:91:a7:36:a9:77:ac:75:fc:fa:82:8a:c3:
                    d8:02:b2:5b:54:0d:2f:5b:86:f1:e1:f9:1a:48:36:
                    2a:61:7e:09:58:75:0f:33:27:b2:a7:a3:d7:a6:cb:
                    f9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:09:20:48:C9:2B:6F:71:17:67:4B:87:2B:BD:84:EB:D4:34:F9:AD
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3138352e3138392e32372e302f32342d3234203d3e2033313730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:01:6a:8c:d2:22:1f:ba:ce:35:9f:18:5d:30:1d:b3:5e:fb:
         08:a4:38:f9:1e:ad:f9:f1:83:0c:b2:fc:f2:2e:98:a1:ff:d7:
         4c:b4:93:6f:66:c0:7b:3c:3d:06:86:9e:b3:d7:07:cc:04:d4:
         8e:b2:df:53:4f:83:6b:b6:16:0d:53:de:77:38:d4:27:09:1f:
         ca:a9:77:66:78:4c:3c:69:09:cb:6d:93:4d:b8:1b:97:1d:0d:
         2b:30:d9:bd:87:72:53:45:c5:7c:70:83:af:75:bd:83:74:b0:
         a7:d9:57:aa:73:85:b7:78:d6:3d:28:63:6b:25:e4:3a:44:15:
         7b:3a:0e:84:81:66:d5:ff:67:ed:ee:b8:48:e8:f9:5d:77:0d:
         ab:77:09:ef:08:85:5a:a5:5d:a5:68:ad:f4:de:03:20:3b:73:
         08:d0:c0:3c:a3:b0:ed:25:b4:25:35:dd:c5:3a:39:da:fa:4c:
         df:bb:10:05:92:38:b4:00:27:89:5b:eb:88:16:28:0c:06:b8:
         41:dd:b8:f9:4d:3b:ba:19:3b:2a:b9:85:1d:20:21:3a:4a:12:
         44:58:7b:6b:d4:54:ce:fd:e5:78:d3:9e:b9:11:09:b9:ca:78:
         63:f1:fa:e6:3e:10:a4:7f:85:e6:89:d5:e0:63:14:88:f2:dc:
         63:e2:3f:88
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUK8h1T8FTuvR8jH+5F2rvwaLyBX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjAzMjQxNzM0MzJaFw0yNzAzMjMxNzM5MzJaMDMxMTAvBgNV
BAMTKDA2MDkyMDQ4QzkyQjZGNzExNzY3NEI4NzJCQkQ4NEVCRDQzNEY5QUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvceAVB8ZlRAnyMZMzF6430Y7L
wfLc2xRpLdhp5NBModKzbWBLhpE9besWrD4bGLzZdUqUNH1Nuea1hUNI2tkjIlHi
8o8DFsYl5zbyRmzfAjiFk+zj4Fcc9q/AJvTIhxZLwGId8qLiXh9g3EVWBZWsDpkv
ZfhomVf0q7TCoGby4reGBTufVWVivIidq209OGI1W0z6SB8SUNQCtQ+kN1Oo0Zjz
P500qyqGmUgBlRX0Zf6yfH/OZFuSXo6joKN02Yx+GvNibvFuM10bHV/ErplKE7S8
9JGnNql3rHX8+oKKw9gCsltUDS9bhvHh+RpINiphfglYdQ8zJ7Kno9emy/nbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUBgkgSMkrb3EXZ0uHK72E69Q0+a0wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzODM1MmUzMTM4MzkyZTMy
MzcyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMzMxMzczMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALm9
GzANBgkqhkiG9w0BAQsFAAOCAQEAIAFqjNIiH7rONZ8YXTAds177CKQ4+R6t+fGD
DLL88i6Yof/XTLSTb2bAezw9Boaes9cHzATUjrLfU0+Da7YWDVPedzjUJwkfyql3
ZnhMPGkJy22TTbgblx0NKzDZvYdyU0XFfHCDr3W9g3Swp9lXqnOFt3jWPShjayXk
OkQVezoOhIFm1f9n7e64SOj5XXcNq3cJ7wiFWqVdpWit9N4DIDtzCNDAPKOw7SW0
JTXdxTo52vpM37sQBZI4tAAniVvriBYoDAa4Qd24+U07uhk7KrmFHSAhOkoSRFh7
a9RUzv3leNOeuREJucp4Y/H65j4QpH+F5onV4GMUiPLcY+I/iA==
-----END CERTIFICATE-----