Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34332e302f32342d3234203d3e20383334.roa
File:                     3134312e39382e34332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CEATl23EYBX+yz/bQgn1uVhhdG2D/AdhO5cExmk73Pg=
Subject key identifier:   D0:9A:40:B1:EB:5C:A7:B6:B5:09:91:5B:52:E9:BA:B9:EA:1A:B1:54
Certificate issuer:       /CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
Certificate serial:       22D5CEE9A03DE112669C3A868391ABDB6A518074
Authority key identifier: 7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34332e302f32342d3234203d3e20383334.roa
Signing time:             Tue 28 Oct 2025 10:09:02 +0000
ROA not before:           Tue 28 Oct 2025 10:04:02 +0000
ROA not after:            Tue 27 Oct 2026 10:09:02 +0000
asID:                     834
IP address blocks:        141.98.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:09:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d5:ce:e9:a0:3d:e1:12:66:9c:3a:86:83:91:ab:db:6a:51:80:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
        Validity
            Not Before: Oct 28 10:04:02 2025 GMT
            Not After : Oct 27 10:09:02 2026 GMT
        Subject: CN=D09A40B1EB5CA7B6B509915B52E9BAB9EA1AB154
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5b:b1:53:a4:1b:a2:07:7b:76:d5:13:61:18:
                    85:ad:f2:d8:3d:59:e7:4b:7b:b7:52:d9:02:fc:e8:
                    c1:2b:0f:fb:8a:d7:29:f5:e7:ce:b0:a6:66:2e:7c:
                    4e:82:48:89:51:ee:50:d2:4e:66:5b:e8:b7:ba:84:
                    74:51:06:62:9a:58:29:1e:73:4a:3c:12:dd:75:32:
                    d9:ba:42:ff:1d:3d:88:07:d6:19:9c:99:16:2c:54:
                    26:81:34:84:ff:a1:26:37:be:8c:f4:c4:40:d1:f4:
                    54:4d:d5:44:2f:81:10:19:92:f3:19:22:69:a5:41:
                    e3:f7:f1:47:7a:90:10:89:2c:62:79:cd:b5:55:d3:
                    8e:d3:ce:2b:1d:a7:51:84:ab:07:a0:78:75:25:48:
                    94:3a:05:f1:18:f8:63:d1:3f:63:a6:f0:d0:59:85:
                    0d:c1:30:1d:f5:79:1a:69:fa:32:1d:c4:21:59:70:
                    3d:da:22:35:ad:15:6d:21:75:9d:6a:94:41:5d:9f:
                    5f:46:9a:e7:17:cb:7f:d5:72:c5:03:a7:e2:57:4a:
                    69:39:7d:83:73:a4:32:e6:a0:27:86:3f:e6:5f:c2:
                    18:ff:82:ad:b3:83:f0:1d:06:d3:07:34:f4:71:59:
                    61:ce:17:50:fa:30:94:06:5c:96:f0:48:96:b0:89:
                    cc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9A:40:B1:EB:5C:A7:B6:B5:09:91:5B:52:E9:BA:B9:EA:1A:B1:54
            X509v3 Authority Key Identifier:
                keyid:7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:64:48:91:5e:f5:79:12:44:8e:81:c3:8c:21:15:32:9e:e1:
         59:26:5f:a3:a5:73:5d:4d:07:71:22:49:e7:f3:67:ac:df:67:
         98:35:9e:a4:e1:46:0a:d5:f7:3f:c1:8c:1d:af:0b:38:4c:d9:
         ff:72:0b:c6:de:dd:e4:6d:14:b1:a6:b1:d4:bd:84:94:44:b4:
         14:93:65:29:19:93:ef:ef:8b:d0:90:48:1f:ab:48:6c:eb:c7:
         c4:0a:58:4e:bd:fa:46:85:b7:d8:a6:34:dd:35:20:08:3b:55:
         62:8a:84:85:18:87:9a:8f:d2:39:aa:f7:f9:bd:06:39:86:b5:
         2c:c7:aa:15:f0:2a:6c:ff:e9:5d:5a:81:bf:b7:b6:6b:d4:4d:
         02:66:6d:8b:10:66:6c:d8:d5:0b:a0:9b:02:29:7e:b3:94:9c:
         8c:3c:78:af:41:cb:d5:e0:d5:13:ea:53:87:6e:fd:74:88:bf:
         87:bb:86:12:b1:77:39:0c:99:b8:38:0d:d3:cf:2d:17:40:11:
         8b:87:a4:27:2c:3b:5b:a0:b8:ae:d9:fe:be:ff:0b:47:2f:4f:
         83:a7:06:fd:8c:be:53:7f:db:17:56:4f:f6:09:11:a4:18:13:
         a4:7b:39:ed:51:04:39:6b:b3:f2:61:d6:98:83:b8:68:57:44:
         b3:28:8c:c1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUItXO6aA94RJmnDqGg5Gr22pRgHQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2U1MWNhYzFjZTJhZmUxOTU4YjFmYjZhNjIzNzcxN2Iw
YjVkNDgxMDAeFw0yNTEwMjgxMDA0MDJaFw0yNjEwMjcxMDA5MDJaMDMxMTAvBgNV
BAMTKEQwOUE0MEIxRUI1Q0E3QjZCNTA5OTE1QjUyRTlCQUI5RUExQUIxNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTW7FTpBuiB3t21RNhGIWt8tg9
WedLe7dS2QL86MErD/uK1yn1586wpmYufE6CSIlR7lDSTmZb6Le6hHRRBmKaWCke
c0o8Et11Mtm6Qv8dPYgH1hmcmRYsVCaBNIT/oSY3voz0xEDR9FRN1UQvgRAZkvMZ
ImmlQeP38Ud6kBCJLGJ5zbVV047Tzisdp1GEqwegeHUlSJQ6BfEY+GPRP2Om8NBZ
hQ3BMB31eRpp+jIdxCFZcD3aIjWtFW0hdZ1qlEFdn19GmucXy3/VcsUDp+JXSmk5
fYNzpDLmoCeGP+Zfwhj/gq2zg/AdBtMHNPRxWWHOF1D6MJQGXJbwSJawicypAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU0JpAsetcp7a1CZFbUum6ueoasVQwHwYDVR0j
BBgwFoAUflHKwc4q/hlYsftqYjdxewtdSBAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODgxYjdmMDgtZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJi
ZDMyLzAvN0U1MUNBQzFDRTJBRkUxOTU4QjFGQjZBNjIzNzcxN0IwQjVENDgxMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZsSEt3YzRxX2hsWXNmdHFZamR4ZXd0
ZFNCQS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODgxYjdmMDgt
ZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJiZDMyLzAvMzEzNDMxMmUzOTM4MmUzNDMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWIrMA0G
CSqGSIb3DQEBCwUAA4IBAQBwZEiRXvV5EkSOgcOMIRUynuFZJl+jpXNdTQdxIknn
82es32eYNZ6k4UYK1fc/wYwdrws4TNn/cgvG3t3kbRSxprHUvYSURLQUk2UpGZPv
74vQkEgfq0hs68fEClhOvfpGhbfYpjTdNSAIO1ViioSFGIeaj9I5qvf5vQY5hrUs
x6oV8Cps/+ldWoG/t7Zr1E0CZm2LEGZs2NULoJsCKX6zlJyMPHivQcvV4NUT6lOH
bv10iL+Hu4YSsXc5DJm4OA3Tzy0XQBGLh6QnLDtboLiu2f6+/wtHL0+Dpwb9jL5T
f9sXVk/2CRGkGBOkezntUQQ5a7PyYdaYg7hoV0SzKIzB
-----END CERTIFICATE-----