Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235352e302f32342d3234203d3e20383334.roa
File:                     3139342e33342e3235352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          sWRad4mWldO9xLik8rL1xnTcoxRiYLKker+8Ja89ZOQ=
Subject key identifier:   60:B7:C7:96:E1:B6:FA:0D:97:9A:1A:52:62:22:26:05:6F:13:7B:06
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       6B7DA3846A4E20F94754981B3CA7C49E23C904E9
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235352e302f32342d3234203d3e20383334.roa
Signing time:             Fri 13 Jun 2025 11:52:41 +0000
ROA not before:           Fri 13 Jun 2025 11:47:41 +0000
ROA not after:            Fri 12 Jun 2026 11:52:41 +0000
asID:                     834
IP address blocks:        194.34.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:7d:a3:84:6a:4e:20:f9:47:54:98:1b:3c:a7:c4:9e:23:c9:04:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Jun 13 11:47:41 2025 GMT
            Not After : Jun 12 11:52:41 2026 GMT
        Subject: CN=60B7C796E1B6FA0D979A1A52622226056F137B06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:df:9c:8c:79:9f:76:2d:de:35:93:66:81:3d:
                    c6:f0:cf:31:d9:ef:9c:40:f0:c0:07:ac:43:ba:98:
                    ec:fd:a2:70:f5:c3:ae:b8:b7:66:af:64:7d:81:66:
                    ce:55:fa:7f:ec:f2:fc:49:33:21:fe:ad:2e:06:04:
                    f3:6b:4d:e5:18:c1:e0:7d:55:f2:29:fc:be:8b:3b:
                    b6:be:a6:61:29:cd:91:94:0c:50:a4:84:27:db:43:
                    cf:3a:d2:32:86:dd:0c:73:40:80:00:16:e8:2a:33:
                    3c:ce:ab:8c:09:9b:e8:6b:73:f6:82:c2:16:b4:be:
                    11:65:2d:ad:a8:c0:cb:60:0e:1d:94:56:46:26:1a:
                    44:34:99:45:11:84:4d:0e:46:88:22:9a:6b:1e:83:
                    b7:04:89:33:cb:d4:83:e6:08:7a:ce:5c:79:71:1e:
                    39:12:2c:77:c2:eb:39:d0:6c:4c:a9:92:a2:26:63:
                    cc:8f:a6:c5:8c:96:33:9d:eb:cb:1b:5d:79:98:67:
                    29:05:1c:aa:2d:39:80:f7:11:c0:7b:59:6f:d5:f2:
                    e8:ee:5b:ec:9b:fe:08:c0:f6:de:77:50:ad:1c:5d:
                    59:8f:20:4f:28:3d:d4:93:45:72:da:85:47:10:d3:
                    6d:94:ff:4c:13:24:7c:00:7f:00:4f:37:3b:af:bf:
                    29:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B7:C7:96:E1:B6:FA:0D:97:9A:1A:52:62:22:26:05:6F:13:7B:06
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:9c:34:cc:14:2a:cf:b9:42:19:b3:f1:cf:9c:8e:9f:45:8a:
         55:87:1e:14:ec:fb:85:8a:f3:25:c6:3e:a4:4a:3d:31:b2:84:
         72:4a:89:5e:30:d2:bc:62:0f:03:b4:04:23:4a:e3:1e:00:2a:
         d1:3a:46:fc:f6:d1:03:04:ff:b9:f1:93:c8:51:0f:29:70:a4:
         0e:1c:80:2e:1f:ef:12:5c:9c:1a:70:80:2f:6a:01:39:54:17:
         64:4d:09:cb:7d:b3:c6:36:0f:76:f2:31:5e:8f:d7:41:6f:c4:
         7b:e0:30:32:ac:1b:f7:89:18:a3:47:0d:c1:7d:e2:1b:8b:78:
         66:c2:c5:32:bb:d0:f4:0f:8e:20:94:4e:16:41:e6:eb:b8:7b:
         b8:f5:19:07:0b:26:0a:bd:ed:ff:1e:fe:8e:e2:cf:47:62:de:
         27:99:2b:df:3f:24:84:3d:26:03:ec:cb:a1:b9:ac:a6:7b:4d:
         8c:12:b7:df:80:9f:ea:9f:42:73:c8:7e:b7:89:ea:9c:81:84:
         9b:79:85:8c:55:ec:ad:79:74:f9:0f:8e:2c:e0:f4:64:2e:58:
         73:da:33:d3:de:38:19:48:21:13:be:25:d4:e1:77:7d:18:f5:
         c3:8f:e3:a8:4c:d4:b7:b3:b3:89:c4:a5:b2:9e:62:b4:2a:4f:
         c5:cb:eb:90
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUa32jhGpOIPlHVJgbPKfEniPJBOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTA2MTMxMTQ3NDFaFw0yNjA2MTIxMTUyNDFaMDMxMTAvBgNV
BAMTKDYwQjdDNzk2RTFCNkZBMEQ5NzlBMUE1MjYyMjIyNjA1NkYxMzdCMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa35yMeZ92Ld41k2aBPcbwzzHZ
75xA8MAHrEO6mOz9onD1w664t2avZH2BZs5V+n/s8vxJMyH+rS4GBPNrTeUYweB9
VfIp/L6LO7a+pmEpzZGUDFCkhCfbQ8860jKG3QxzQIAAFugqMzzOq4wJm+hrc/aC
wha0vhFlLa2owMtgDh2UVkYmGkQ0mUURhE0ORogimmseg7cEiTPL1IPmCHrOXHlx
HjkSLHfC6znQbEypkqImY8yPpsWMljOd68sbXXmYZykFHKotOYD3EcB7WW/V8uju
W+yb/gjA9t53UK0cXVmPIE8oPdSTRXLahUcQ022U/0wTJHwAfwBPNzuvvykFAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUYLfHluG2+g2XmhpSYiImBW8TewYwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM0MmUzMzM0MmUzMjM1
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCIv8w
DQYJKoZIhvcNAQELBQADggEBAG2cNMwUKs+5Qhmz8c+cjp9FilWHHhTs+4WK8yXG
PqRKPTGyhHJKiV4w0rxiDwO0BCNK4x4AKtE6Rvz20QME/7nxk8hRDylwpA4cgC4f
7xJcnBpwgC9qATlUF2RNCct9s8Y2D3byMV6P10FvxHvgMDKsG/eJGKNHDcF94huL
eGbCxTK70PQPjiCUThZB5uu4e7j1GQcLJgq97f8e/o7iz0di3ieZK98/JIQ9JgPs
y6G5rKZ7TYwSt9+An+qfQnPIfreJ6pyBhJt5hYxV7K15dPkPjizg9GQuWHPaM9Pe
OBlIIRO+JdThd30Y9cOP46hM1Lezs4nEpbKeYrQqT8XL65A=
-----END CERTIFICATE-----