Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235332e302f32342d3234203d3e2035303635.roa
File:                     3139342e33342e3235332e302f32342d3234203d3e2035303635.roa (raw, json)
Hash identifier:          tD+eYvXQsGkCcpnz6s7EBRYpOf8Iu4vdb3Qy27wUI6g=
Subject key identifier:   1F:EF:69:2C:E4:44:F2:DA:42:D7:08:B5:4B:70:07:E9:D0:13:F4:BA
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       639AB507C7D100FD0D21A5CED44D91EBD60DFE96
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235332e302f32342d3234203d3e2035303635.roa
Signing time:             Wed 12 Mar 2025 12:53:23 +0000
ROA not before:           Wed 12 Mar 2025 12:48:23 +0000
ROA not after:            Wed 11 Mar 2026 12:53:23 +0000
asID:                     5065
IP address blocks:        194.34.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:9a:b5:07:c7:d1:00:fd:0d:21:a5:ce:d4:4d:91:eb:d6:0d:fe:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Mar 12 12:48:23 2025 GMT
            Not After : Mar 11 12:53:23 2026 GMT
        Subject: CN=1FEF692CE444F2DA42D708B54B7007E9D013F4BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:88:0c:41:e7:da:3d:e7:16:d3:14:55:11:e7:
                    e9:82:7e:77:b2:1c:04:c1:54:ca:11:cf:40:6e:f4:
                    47:d5:4c:e0:b5:c5:e5:1e:84:d5:1e:eb:a6:9c:7b:
                    b2:ef:23:ac:5c:5c:f6:88:74:2f:2c:ff:e6:69:0f:
                    04:a8:24:9f:bb:73:ba:9b:fc:01:c1:42:96:30:a7:
                    fb:c3:42:ec:3c:80:9e:cf:6c:03:94:e4:35:9b:ed:
                    e4:2b:e4:7e:c9:e1:2d:4b:f3:4b:46:a3:65:0c:ec:
                    d7:b9:69:8c:d5:69:a1:7c:55:c1:07:12:d1:63:0e:
                    cf:a6:c9:c2:be:fd:8f:ae:69:80:65:03:5f:7e:a9:
                    77:f7:07:4e:5f:87:4e:c5:1e:ef:2c:25:f9:c2:3e:
                    80:00:d8:de:0a:12:74:7a:b7:bc:b0:56:bc:54:d9:
                    bb:76:c7:c9:06:34:47:dc:ff:65:c8:f7:16:c6:a1:
                    bb:18:a1:02:2c:22:32:7c:5c:e0:e4:cd:75:68:a2:
                    45:69:05:16:22:9a:14:d3:a9:a8:7e:6c:56:fd:32:
                    f5:bf:7b:87:6f:10:b7:b6:c4:c1:53:83:df:52:60:
                    5f:73:ef:78:25:ea:52:7a:c6:93:ae:41:a8:ad:40:
                    01:ba:dd:3f:b4:b2:97:6e:9f:6f:df:d2:15:88:b4:
                    b0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:EF:69:2C:E4:44:F2:DA:42:D7:08:B5:4B:70:07:E9:D0:13:F4:BA
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235332e302f32342d3234203d3e2035303635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:02:7b:2d:a8:5f:5a:f1:34:e1:5a:d7:22:05:9d:58:9c:a4:
         5b:92:08:d5:e9:00:e7:3d:f5:49:2e:44:bb:35:f9:c1:25:25:
         49:2f:d7:d8:d3:07:22:6e:4b:84:66:fb:17:5d:4c:89:79:dd:
         e9:bd:bf:ca:50:24:1d:2e:50:cb:e5:78:e4:b7:1c:79:a3:0a:
         c3:8a:0d:80:05:2c:34:b4:44:a0:3a:b8:92:f6:f7:4a:6b:0e:
         0f:40:e7:6f:55:ba:b7:4c:8e:c8:48:95:5a:36:a2:b9:6f:ec:
         a5:f7:eb:63:81:26:e0:2d:99:c1:41:65:e7:3b:47:60:9e:f7:
         bc:7c:53:a1:d6:de:5d:f5:9f:0d:e3:29:66:a7:e0:e7:6a:19:
         51:ae:16:a6:52:32:4d:36:40:7e:47:cf:ba:cf:d4:de:09:77:
         39:e8:83:67:32:6c:05:d4:67:42:04:93:48:d4:a7:d5:d8:85:
         28:92:d9:73:b5:d0:b9:09:ec:33:72:11:8c:82:3c:b5:29:67:
         b1:c4:f8:fe:df:e1:a4:20:ca:2d:24:06:77:03:b9:2d:a7:c4:
         41:a5:97:71:46:5a:40:5e:6c:bb:85:39:c2:ca:7e:99:1e:85:
         30:27:9f:2e:c6:6d:8a:7b:f5:03:6e:af:1c:14:99:42:c4:49:
         e2:6d:18:6d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUY5q1B8fRAP0NIaXO1E2R69YN/pYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTAzMTIxMjQ4MjNaFw0yNjAzMTExMjUzMjNaMDMxMTAvBgNV
BAMTKDFGRUY2OTJDRTQ0NEYyREE0MkQ3MDhCNTRCNzAwN0U5RDAxM0Y0QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUiAxB59o95xbTFFUR5+mCfney
HATBVMoRz0Bu9EfVTOC1xeUehNUe66ace7LvI6xcXPaIdC8s/+ZpDwSoJJ+7c7qb
/AHBQpYwp/vDQuw8gJ7PbAOU5DWb7eQr5H7J4S1L80tGo2UM7Ne5aYzVaaF8VcEH
EtFjDs+mycK+/Y+uaYBlA19+qXf3B05fh07FHu8sJfnCPoAA2N4KEnR6t7ywVrxU
2bt2x8kGNEfc/2XI9xbGobsYoQIsIjJ8XODkzXVookVpBRYimhTTqah+bFb9MvW/
e4dvELe2xMFTg99SYF9z73gl6lJ6xpOuQaitQAG63T+0spdun2/f0hWItLDNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUH+9pLORE8tpC1wi1S3AH6dAT9LowHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM0MmUzMzM0MmUzMjM1
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMwMzYzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIi
/TANBgkqhkiG9w0BAQsFAAOCAQEAOQJ7LahfWvE04VrXIgWdWJykW5II1ekA5z31
SS5EuzX5wSUlSS/X2NMHIm5LhGb7F11MiXnd6b2/ylAkHS5Qy+V45LcceaMKw4oN
gAUsNLREoDq4kvb3SmsOD0Dnb1W6t0yOyEiVWjaiuW/spffrY4Em4C2ZwUFl5ztH
YJ73vHxTodbeXfWfDeMpZqfg52oZUa4WplIyTTZAfkfPus/U3gl3OeiDZzJsBdRn
QgSTSNSn1diFKJLZc7XQuQnsM3IRjII8tSlnscT4/t/hpCDKLSQGdwO5LafEQaWX
cUZaQF5su4U5wsp+mR6FMCefLsZtinv1A26vHBSZQsRJ4m0YbQ==
-----END CERTIFICATE-----