Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          xgKMjkFU51KJd1vuVi8cRly5Hpc4cXUOeplv7u10IAo=
Subject key identifier:   00:6A:7C:44:A3:1E:D9:21:E7:57:80:74:6F:6C:60:4E:F8:D0:E8:4D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       05054D37AE79FB45EA68B867DDD12DEDE4266BB0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa
Signing time:             Sun 19 Oct 2025 21:55:09 +0000
ROA not before:           Sun 19 Oct 2025 21:50:09 +0000
ROA not after:            Sun 18 Oct 2026 21:55:09 +0000
asID:                     25369
IP address blocks:        141.11.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 02:39:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:05:4d:37:ae:79:fb:45:ea:68:b8:67:dd:d1:2d:ed:e4:26:6b:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct 19 21:50:09 2025 GMT
            Not After : Oct 18 21:55:09 2026 GMT
        Subject: CN=006A7C44A31ED921E75780746F6C604EF8D0E84D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:55:32:40:c5:6d:41:20:3d:88:5b:05:93:06:
                    7a:d6:5b:29:cc:75:5c:32:74:39:48:50:65:fe:49:
                    aa:95:c1:c1:44:83:51:38:99:98:23:35:cc:dc:2e:
                    e8:c8:07:b7:f3:00:5e:3c:5f:dd:d8:ba:f1:68:23:
                    00:66:5e:df:19:49:e5:b6:ed:1a:7b:06:73:22:f0:
                    1a:18:0b:cc:d8:5e:0b:5e:e5:32:5d:25:1d:3f:10:
                    02:58:08:e0:88:5b:8b:f6:da:96:06:35:3a:b1:f8:
                    c3:05:81:cf:ac:17:de:f5:57:de:9b:5d:58:cf:04:
                    27:f8:76:2b:8c:82:e0:ee:bc:30:11:e6:21:6c:aa:
                    45:55:ce:86:64:84:b6:7e:e3:6b:20:ba:e8:a9:83:
                    33:e5:c9:20:8e:a3:b8:a2:e6:e7:16:3d:64:20:28:
                    47:e8:0c:c7:b6:b3:56:f2:e4:75:9f:88:07:51:e6:
                    10:ab:9f:a4:91:a4:8f:da:36:66:8b:be:1e:4e:bd:
                    0a:9e:49:03:73:29:29:8d:4c:13:43:18:0f:dc:8d:
                    ec:1f:cd:09:af:c3:bd:88:ea:08:f7:e4:6b:17:60:
                    11:82:a9:80:26:c6:b0:8f:70:2b:ee:2b:b1:10:41:
                    db:e3:b7:f2:c7:41:97:f4:d1:1a:c8:4c:0c:a8:d7:
                    f9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6A:7C:44:A3:1E:D9:21:E7:57:80:74:6F:6C:60:4E:F8:D0:E8:4D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:4b:03:ec:bd:be:32:cb:04:f3:61:6f:e7:92:9e:6f:61:69:
         52:d3:1b:af:7d:90:16:69:a7:6c:c2:2f:f5:4d:54:7d:9e:96:
         2c:60:2a:04:18:fa:56:50:75:56:0b:96:91:5b:38:65:14:0d:
         ab:56:4f:f9:46:a3:75:53:e1:3b:09:ea:cc:c9:26:a8:a9:11:
         18:6b:af:cd:7d:d2:f1:c5:37:42:b8:cf:c3:3f:03:7d:f1:75:
         61:7f:d6:f2:0d:64:be:a9:3d:49:63:48:52:85:b3:04:32:4c:
         24:d3:c4:39:6b:ac:2e:bc:72:3d:6d:c9:2d:4c:7c:88:7f:30:
         f4:3b:7b:fd:4b:31:bd:c1:fe:fe:85:7d:55:92:0e:9f:b2:d3:
         b3:76:fe:fd:88:67:8e:af:00:d3:63:48:0a:50:4d:90:27:0b:
         48:38:9a:f2:0d:78:1b:00:1d:84:20:c2:6b:be:8e:ce:c5:e2:
         eb:0e:13:2f:60:d9:59:33:4e:e7:03:d2:4b:a9:bd:de:f3:5f:
         59:21:a5:35:48:8a:0f:05:8c:90:4e:8c:d5:cf:51:fd:94:a6:
         8f:1d:3a:02:2c:b7:63:23:9c:17:1e:fb:7c:ec:3d:99:41:8c:
         49:25:ff:57:1b:fe:0e:c6:42:99:c3:84:81:ad:26:be:4e:e9:
         cf:17:4a:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUBQVNN655+0XqaLhn3dEt7eQma7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTEwMTkyMTUwMDlaFw0yNjEwMTgyMTU1MDlaMDMxMTAvBgNV
BAMTKDAwNkE3QzQ0QTMxRUQ5MjFFNzU3ODA3NDZGNkM2MDRFRjhEMEU4NEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOVTJAxW1BID2IWwWTBnrWWynM
dVwydDlIUGX+SaqVwcFEg1E4mZgjNczcLujIB7fzAF48X93YuvFoIwBmXt8ZSeW2
7Rp7BnMi8BoYC8zYXgte5TJdJR0/EAJYCOCIW4v22pYGNTqx+MMFgc+sF971V96b
XVjPBCf4diuMguDuvDAR5iFsqkVVzoZkhLZ+42sguuipgzPlySCOo7ii5ucWPWQg
KEfoDMe2s1by5HWfiAdR5hCrn6SRpI/aNmaLvh5OvQqeSQNzKSmNTBNDGA/cjewf
zQmvw72I6gj35GsXYBGCqYAmxrCPcCvuK7EQQdvjt/LHQZf00RrITAyo1/nvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUAGp8RKMe2SHnV4B0b2xgTvjQ6E0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCyMw
DQYJKoZIhvcNAQELBQADggEBABlLA+y9vjLLBPNhb+eSnm9haVLTG699kBZpp2zC
L/VNVH2elixgKgQY+lZQdVYLlpFbOGUUDatWT/lGo3VT4TsJ6szJJqipERhrr819
0vHFN0K4z8M/A33xdWF/1vINZL6pPUljSFKFswQyTCTTxDlrrC68cj1tyS1MfIh/
MPQ7e/1LMb3B/v6FfVWSDp+y07N2/v2IZ46vANNjSApQTZAnC0g4mvINeBsAHYQg
wmu+js7F4usOEy9g2VkzTucD0kupvd7zX1khpTVIig8FjJBOjNXPUf2Upo8dOgIs
t2MjnBce+3zsPZlBjEkl/1cb/g7GQpnDhIGtJr5O6c8XSjo=
-----END CERTIFICATE-----