Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/3139332e32352e3137302e302f32342d3234203d3e20313734.roa
File:                     3139332e32352e3137302e302f32342d3234203d3e20313734.roa (raw, json)
Hash identifier:          gUCz46pmpri/V6R2A0/vYa2at3JvkKr4X8pmgSsdW38=
Subject key identifier:   F1:0B:6E:D1:8B:05:03:35:94:90:AA:FE:53:2B:B7:DF:60:20:06:EA
Certificate issuer:       /CN=199cdd14c27fbf6b005a0ada004d53cbcb9667ff
Certificate serial:       44D449C84787852440F9C4E7716C1FDDBEEDAFC1
Authority key identifier: 19:9C:DD:14:C2:7F:BF:6B:00:5A:0A:DA:00:4D:53:CB:CB:96:67:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/3139332e32352e3137302e302f32342d3234203d3e20313734.roa
Signing time:             Wed 27 May 2026 07:12:38 +0000
ROA not before:           Wed 27 May 2026 07:07:38 +0000
ROA not after:            Wed 26 May 2027 07:12:38 +0000
asID:                     174
IP address blocks:        193.25.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d4:49:c8:47:87:85:24:40:f9:c4:e7:71:6c:1f:dd:be:ed:af:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=199cdd14c27fbf6b005a0ada004d53cbcb9667ff
        Validity
            Not Before: May 27 07:07:38 2026 GMT
            Not After : May 26 07:12:38 2027 GMT
        Subject: CN=F10B6ED18B0503359490AAFE532BB7DF602006EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1f:09:89:1f:61:56:a3:66:34:b9:1b:94:85:
                    fa:d6:be:4f:a4:1b:4b:fc:c3:7c:db:12:11:6f:3a:
                    23:41:c6:1d:e5:17:1f:ea:cb:e8:9a:30:71:56:18:
                    4e:35:1c:c8:8f:45:68:55:43:14:7c:05:53:41:72:
                    1f:64:0b:48:e7:60:4e:78:19:92:04:aa:96:5a:b8:
                    76:02:ba:13:9f:7d:91:f5:f1:29:5d:d0:ea:78:33:
                    57:e3:e6:a0:0e:d7:02:72:d5:1c:c7:db:e9:af:09:
                    98:77:3e:6d:13:ae:09:1e:fe:d0:05:0a:4b:0b:54:
                    31:36:14:8d:e4:8c:7a:b6:ee:13:ba:c2:7f:a1:cd:
                    e2:f1:da:5b:ea:bc:a4:4a:be:d3:69:05:3f:6e:e8:
                    f6:b4:6f:ce:78:df:4b:c5:25:ac:f8:a8:d1:a2:0c:
                    e0:3c:e1:4a:2f:a5:a1:6a:03:f2:b0:eb:c9:46:59:
                    5c:b0:41:37:77:e9:1e:47:b2:d1:d9:41:06:67:21:
                    cc:73:5b:88:37:80:da:bb:0d:21:75:c9:75:58:b5:
                    e4:c4:0a:0a:df:74:5c:56:a1:db:b7:3d:83:c9:47:
                    6f:7d:2c:d8:6e:f7:ef:b5:36:39:57:55:97:1d:61:
                    4f:22:d7:b7:84:f5:72:b1:6b:37:cf:40:47:c6:3b:
                    b9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:0B:6E:D1:8B:05:03:35:94:90:AA:FE:53:2B:B7:DF:60:20:06:EA
            X509v3 Authority Key Identifier:
                keyid:19:9C:DD:14:C2:7F:BF:6B:00:5A:0A:DA:00:4D:53:CB:CB:96:67:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/3139332e32352e3137302e302f32342d3234203d3e20313734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:5c:62:a6:ea:52:8b:00:9d:1c:df:9a:0e:56:20:4c:5a:19:
         b4:02:6f:fb:e1:88:de:d9:99:8e:dc:1c:79:75:7b:2c:83:06:
         97:8f:fe:72:42:03:91:7f:bf:bb:47:22:25:3b:3b:9a:29:0e:
         3e:a3:4a:4d:57:e2:ac:2e:12:0a:42:23:18:fe:90:86:89:98:
         f0:ba:e8:80:c8:0a:0f:04:36:dd:5d:57:02:1b:3d:01:55:83:
         43:b5:9a:99:8b:ae:b3:70:e8:24:f0:70:e8:01:cd:58:c1:20:
         e7:97:0a:3c:b9:c2:9f:81:a3:4f:bc:9f:92:69:1d:4d:61:23:
         03:82:89:53:37:4a:66:bf:57:c2:6d:92:97:2f:84:10:e1:9c:
         52:4c:70:e5:af:5d:55:93:02:67:07:9b:41:1c:7b:c9:71:1c:
         53:5e:b6:13:ba:f7:91:07:f5:d6:6d:18:33:e2:01:f1:f1:70:
         d2:00:7d:48:52:e6:27:17:76:ad:df:32:e4:fe:b1:fe:0a:d2:
         e5:9d:c3:db:d9:2e:21:88:74:cb:a0:b4:19:d4:27:30:c8:58:
         d4:95:59:6b:e2:e6:3f:ea:2b:95:fb:ce:a2:c6:23:0a:75:79:
         a8:b6:9e:ab:c7:d1:56:8c:83:ed:12:43:53:6b:93:6d:fb:3b:
         6a:d5:8c:13
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIURNRJyEeHhSRA+cTncWwf3b7tr8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTk5Y2RkMTRjMjdmYmY2YjAwNWEwYWRhMDA0ZDUzY2Jj
Yjk2NjdmZjAeFw0yNjA1MjcwNzA3MzhaFw0yNzA1MjYwNzEyMzhaMDMxMTAvBgNV
BAMTKEYxMEI2RUQxOEIwNTAzMzU5NDkwQUFGRTUzMkJCN0RGNjAyMDA2RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbHwmJH2FWo2Y0uRuUhfrWvk+k
G0v8w3zbEhFvOiNBxh3lFx/qy+iaMHFWGE41HMiPRWhVQxR8BVNBch9kC0jnYE54
GZIEqpZauHYCuhOffZH18Sld0Op4M1fj5qAO1wJy1RzH2+mvCZh3Pm0Trgke/tAF
CksLVDE2FI3kjHq27hO6wn+hzeLx2lvqvKRKvtNpBT9u6Pa0b85430vFJaz4qNGi
DOA84UovpaFqA/Kw68lGWVywQTd36R5HstHZQQZnIcxzW4g3gNq7DSF1yXVYteTE
CgrfdFxWodu3PYPJR299LNhu9++1NjlXVZcdYU8i17eE9XKxazfPQEfGO7n9AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU8Qtu0YsFAzWUkKr+Uyu332AgBuowHwYDVR0j
BBgwFoAUGZzdFMJ/v2sAWgraAE1Ty8uWZ/8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzIwMjNjNTMtMTg0Yi00ODRiLWI2NzYtNTk4ZjY0ZDg4
ZjIyLzAvMTk5Q0REMTRDMjdGQkY2QjAwNUEwQURBMDA0RDUzQ0JDQjk2NjdGRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0daemRGTUpfdjJzQVdncmFBRTFUeTh1
V1pfOC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzIwMjNjNTMt
MTg0Yi00ODRiLWI2NzYtNTk4ZjY0ZDg4ZjIyLzAvMzEzOTMzMmUzMjM1MmUzMTM3
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM3MzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBGaow
DQYJKoZIhvcNAQELBQADggEBANFcYqbqUosAnRzfmg5WIExaGbQCb/vhiN7ZmY7c
HHl1eyyDBpeP/nJCA5F/v7tHIiU7O5opDj6jSk1X4qwuEgpCIxj+kIaJmPC66IDI
Cg8ENt1dVwIbPQFVg0O1mpmLrrNw6CTwcOgBzVjBIOeXCjy5wp+Bo0+8n5JpHU1h
IwOCiVM3Sma/V8JtkpcvhBDhnFJMcOWvXVWTAmcHm0Ece8lxHFNethO695EH9dZt
GDPiAfHxcNIAfUhS5icXdq3fMuT+sf4K0uWdw9vZLiGIdMugtBnUJzDIWNSVWWvi
5j/qK5X7zqLGIwp1eai2nqvH0VaMg+0SQ1Nrk237O2rVjBM=
-----END CERTIFICATE-----