Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3137352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          FcLLBqjTpJym6wB0Y9svH/8IepgD7tNuY/4SZNNrqjk=
Subject key identifier:   4F:F0:28:9B:87:3C:CF:15:7D:E4:E9:04:BD:FE:F3:69:45:19:D6:B4
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       073E634C9D4EC5AFF70DB295172F0917152C744F
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa
Signing time:             Sun 12 Apr 2026 08:13:49 +0000
ROA not before:           Sun 12 Apr 2026 08:08:49 +0000
ROA not after:            Sun 11 Apr 2027 08:13:49 +0000
asID:                     834
IP address blocks:        109.110.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:3e:63:4c:9d:4e:c5:af:f7:0d:b2:95:17:2f:09:17:15:2c:74:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Apr 12 08:08:49 2026 GMT
            Not After : Apr 11 08:13:49 2027 GMT
        Subject: CN=4FF0289B873CCF157DE4E904BDFEF3694519D6B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a5:47:2c:43:66:1a:2c:50:79:c4:0f:7d:b9:
                    ab:69:d1:25:34:aa:40:74:ea:9d:0b:84:99:37:2d:
                    ad:44:d7:b5:47:58:b7:c3:d5:18:a2:6a:2d:b0:0c:
                    79:11:bf:17:62:fe:92:f8:09:7d:f3:dc:2f:58:1f:
                    7a:b4:c9:08:1c:22:f6:92:11:08:fd:d8:e4:63:b4:
                    17:03:90:6f:a4:ca:73:4c:0a:d8:ee:ad:f2:65:81:
                    97:fe:c5:78:0b:e1:d5:d4:3c:71:3d:79:19:8d:96:
                    49:96:39:5a:22:2a:49:d6:e7:37:49:a8:81:4e:00:
                    88:5c:26:13:e6:91:e8:3a:74:fc:f3:d8:1a:4e:d2:
                    61:02:b6:c9:11:6e:e9:a8:e1:c7:0a:03:6c:8d:1c:
                    aa:a1:c3:92:ca:3f:4b:c4:e5:6e:72:4d:fa:64:91:
                    9f:b0:38:01:a7:c7:37:16:71:a2:82:08:ce:b7:76:
                    2d:24:cc:cb:59:e4:9f:34:dd:0f:91:d1:cc:d1:cc:
                    ce:67:ce:58:15:82:50:22:8c:d2:a8:4e:15:a5:3e:
                    56:34:17:0b:91:e9:03:de:ae:8a:5a:89:98:6a:7c:
                    ee:e9:5b:8d:10:12:60:83:ca:d6:61:b0:4e:d2:f8:
                    9c:f6:eb:83:29:b3:e6:c6:7a:50:c5:d6:44:35:70:
                    d2:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:F0:28:9B:87:3C:CF:15:7D:E4:E9:04:BD:FE:F3:69:45:19:D6:B4
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:37:c9:6e:c0:76:5b:33:9e:c5:63:63:a7:d5:4b:5d:97:d0:
         97:e2:b5:09:be:df:12:74:93:69:29:26:26:d7:2f:2b:bb:a6:
         18:c6:d7:2a:dc:46:a2:6d:56:e7:6c:98:f8:df:4e:a9:8a:ca:
         bb:f5:02:56:f1:d9:d9:f3:78:6f:82:a6:fa:af:12:4b:1d:46:
         82:5e:28:49:a5:6f:6d:bf:6f:39:02:b0:02:18:12:d5:d1:30:
         05:3f:6f:e0:2e:42:da:3c:1d:2a:7b:2f:6e:e1:f7:f4:6d:d1:
         9b:e2:e3:22:99:76:6d:38:59:28:68:3f:80:bd:5b:28:bd:3e:
         dc:cd:68:23:3d:ab:c5:82:95:20:1b:05:30:c3:69:52:76:d4:
         68:80:ef:99:c6:a7:1d:aa:be:ac:8b:4c:63:2e:ea:fd:56:c6:
         68:20:9b:83:5d:99:38:83:2c:82:59:76:07:58:c8:23:c0:2e:
         56:0d:08:64:2d:4f:fe:5f:64:6d:b3:38:7c:91:ad:c9:14:a6:
         3e:5f:60:b8:c0:0c:c8:97:27:20:24:12:29:fa:ba:44:61:63:
         9c:d7:8f:49:4c:6f:4f:aa:6e:82:c6:f2:29:20:f2:f8:3b:8c:
         27:eb:0c:47:02:e4:1d:a6:21:b2:b8:3b:03:f9:64:01:2e:24:
         9f:d9:cf:81
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUBz5jTJ1Oxa/3DbKVFy8JFxUsdE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjA0MTIwODA4NDlaFw0yNzA0MTEwODEzNDlaMDMxMTAvBgNV
BAMTKDRGRjAyODlCODczQ0NGMTU3REU0RTkwNEJERkVGMzY5NDUxOUQ2QjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZpUcsQ2YaLFB5xA99uatp0SU0
qkB06p0LhJk3La1E17VHWLfD1Riiai2wDHkRvxdi/pL4CX3z3C9YH3q0yQgcIvaS
EQj92ORjtBcDkG+kynNMCtjurfJlgZf+xXgL4dXUPHE9eRmNlkmWOVoiKknW5zdJ
qIFOAIhcJhPmkeg6dPzz2BpO0mECtskRbumo4ccKA2yNHKqhw5LKP0vE5W5yTfpk
kZ+wOAGnxzcWcaKCCM63di0kzMtZ5J803Q+R0czRzM5nzlgVglAijNKoThWlPlY0
FwuR6QPeropaiZhqfO7pW40QEmCDytZhsE7S+Jz264Mps+bGelDF1kQ1cNL/AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUT/Aom4c8zxV95OkEvf7zaUUZ1rQwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzczNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
rzANBgkqhkiG9w0BAQsFAAOCAQEAfzfJbsB2WzOexWNjp9VLXZfQl+K1Cb7fEnST
aSkmJtcvK7umGMbXKtxGom1W52yY+N9OqYrKu/UCVvHZ2fN4b4Km+q8SSx1Ggl4o
SaVvbb9vOQKwAhgS1dEwBT9v4C5C2jwdKnsvbuH39G3Rm+LjIpl2bThZKGg/gL1b
KL0+3M1oIz2rxYKVIBsFMMNpUnbUaIDvmcanHaq+rItMYy7q/VbGaCCbg12ZOIMs
gll2B1jII8AuVg0IZC1P/l9kbbM4fJGtyRSmPl9guMAMyJcnICQSKfq6RGFjnNeP
SUxvT6pugsbyKSDy+DuMJ+sMRwLkHaYhsrg7A/lkAS4kn9nPgQ==
-----END CERTIFICATE-----