Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/3139332e332e3136352e302f32342d3234203d3e203434333535.roa
File:                     3139332e332e3136352e302f32342d3234203d3e203434333535.roa (raw, json)
Hash identifier:          8+PpyJbtCrTrR5hMXklV6jn0Gbpl8JRn1mZ/sbUihXw=
Subject key identifier:   82:C8:C9:3B:CF:4D:99:C6:78:10:D1:F8:AE:E4:6A:C6:F7:0D:D7:FD
Certificate issuer:       /CN=0839a93dab544c296ffa143456844a8b2818b1d0
Certificate serial:       0E00D755512BB9DE5E3681CD24DFB3840DDB2061
Authority key identifier: 08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/3139332e332e3136352e302f32342d3234203d3e203434333535.roa
Signing time:             Tue 10 Jun 2025 19:26:57 +0000
ROA not before:           Tue 10 Jun 2025 19:21:57 +0000
ROA not after:            Tue 09 Jun 2026 19:26:57 +0000
asID:                     44355
IP address blocks:        193.3.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 22:41:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:00:d7:55:51:2b:b9:de:5e:36:81:cd:24:df:b3:84:0d:db:20:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0839a93dab544c296ffa143456844a8b2818b1d0
        Validity
            Not Before: Jun 10 19:21:57 2025 GMT
            Not After : Jun  9 19:26:57 2026 GMT
        Subject: CN=82C8C93BCF4D99C67810D1F8AEE46AC6F70DD7FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ec:a0:66:f0:17:fd:34:a3:c0:cf:71:ae:b3:
                    72:18:56:39:73:dd:6f:46:5d:e6:f5:1b:50:e3:3a:
                    c6:56:92:f6:e4:3d:e1:26:22:59:d3:7f:ed:43:be:
                    e8:d8:19:35:85:d2:91:d6:05:76:aa:c3:4e:1e:b7:
                    d9:8f:1f:ef:81:5b:5f:03:fa:e1:79:d9:87:cc:b5:
                    65:cb:ea:33:78:56:4c:7f:b5:a8:63:df:a9:2d:27:
                    48:a6:18:40:d2:2a:3f:92:f7:c4:69:86:a0:ad:24:
                    c9:4b:84:7f:30:34:cf:6c:82:89:17:42:1f:e5:38:
                    38:52:47:d4:25:a5:2c:8c:41:d2:44:18:00:1a:46:
                    1c:b0:45:85:61:9c:43:be:25:ac:0f:ff:7a:a7:a8:
                    cf:d6:d8:61:db:a3:4f:0d:5b:3a:b9:05:55:2f:09:
                    82:fa:44:cb:16:01:a6:7d:6d:64:87:6d:47:1c:33:
                    f2:79:52:92:68:2d:a0:19:d6:7f:7b:42:97:af:94:
                    c4:bb:34:e7:06:65:62:22:aa:f5:de:b1:e6:6b:a9:
                    64:29:ce:7a:df:6f:bf:65:a0:21:a2:8f:e8:59:1c:
                    26:c9:8a:b1:f9:05:56:b0:8e:28:e4:8d:9f:56:ca:
                    75:08:1e:28:25:04:f2:f8:ba:64:2c:02:36:20:e0:
                    29:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:C8:C9:3B:CF:4D:99:C6:78:10:D1:F8:AE:E4:6A:C6:F7:0D:D7:FD
            X509v3 Authority Key Identifier:
                keyid:08:39:A9:3D:AB:54:4C:29:6F:FA:14:34:56:84:4A:8B:28:18:B1:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/0839A93DAB544C296FFA143456844A8B2818B1D0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDmpPatUTClv-hQ0VoRKiygYsdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/dde837fb-6390-41b5-82a0-f0d02c03a2c6/7/3139332e332e3136352e302f32342d3234203d3e203434333535.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:93:40:d4:3e:16:83:39:b2:d8:0e:83:a9:04:95:4e:7f:2a:
         36:71:44:8e:e7:c0:fc:c6:40:56:c5:d4:93:9d:28:dd:27:30:
         1e:a3:20:38:ac:e8:79:51:24:2a:75:57:62:07:1b:2f:5a:de:
         0b:f5:1d:fb:db:91:1f:3a:0e:e4:88:a1:b7:c0:4c:c2:d4:23:
         57:91:f5:8a:11:83:47:4a:05:78:a5:a6:15:62:1f:67:29:b0:
         de:e7:86:63:e0:9b:7f:d3:2f:69:89:b5:8e:0d:2e:5f:12:a8:
         04:a8:8c:41:f9:f0:53:bc:86:81:68:3b:88:e7:12:45:78:ab:
         ad:14:ac:1e:34:77:1c:bc:03:cc:70:4e:43:0d:57:26:10:28:
         6d:53:ea:1c:6d:18:a1:85:60:25:2c:e0:82:34:e7:11:62:79:
         6d:7c:28:27:73:ce:b9:19:e4:5a:e3:5a:11:5f:02:16:25:86:
         8a:fa:61:78:00:2f:2d:41:f6:d6:84:08:7a:f5:50:bc:6a:7d:
         c6:e3:58:db:8c:1d:c3:5d:ef:d7:22:e0:10:91:44:eb:1a:ce:
         44:0e:35:f0:6f:d2:46:07:c7:ad:f4:5f:88:e4:73:cd:27:a5:
         73:5e:b9:80:f2:e3:2a:7b:45:b0:7a:0e:c1:70:4b:4e:70:d5:
         9e:13:5c:0c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDgDXVVErud5eNoHNJN+zhA3bIGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDgzOWE5M2RhYjU0NGMyOTZmZmExNDM0NTY4NDRhOGIy
ODE4YjFkMDAeFw0yNTA2MTAxOTIxNTdaFw0yNjA2MDkxOTI2NTdaMDMxMTAvBgNV
BAMTKDgyQzhDOTNCQ0Y0RDk5QzY3ODEwRDFGOEFFRTQ2QUM2RjcwREQ3RkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm7KBm8Bf9NKPAz3Gus3IYVjlz
3W9GXeb1G1DjOsZWkvbkPeEmIlnTf+1DvujYGTWF0pHWBXaqw04et9mPH++BW18D
+uF52YfMtWXL6jN4Vkx/tahj36ktJ0imGEDSKj+S98RphqCtJMlLhH8wNM9sgokX
Qh/lODhSR9QlpSyMQdJEGAAaRhywRYVhnEO+JawP/3qnqM/W2GHbo08NWzq5BVUv
CYL6RMsWAaZ9bWSHbUccM/J5UpJoLaAZ1n97QpevlMS7NOcGZWIiqvXeseZrqWQp
znrfb79loCGij+hZHCbJirH5BVawjijkjZ9WynUIHiglBPL4umQsAjYg4CmLAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUgsjJO89NmcZ4ENH4ruRqxvcN1/0wHwYDVR0j
BBgwFoAUCDmpPatUTClv+hQ0VoRKiygYsdAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZGRlODM3ZmItNjM5MC00MWI1LTgyYTAtZjBkMDJjMDNh
MmM2LzcvMDgzOUE5M0RBQjU0NEMyOTZGRkExNDM0NTY4NDRBOEIyODE4QjFEMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NEbXBQYXRVVENsdi1oUTBWb1JLaXln
WXNkQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGRlODM3ZmIt
NjM5MC00MWI1LTgyYTAtZjBkMDJjMDNhMmM2LzcvMzEzOTMzMmUzMzJlMzEzNjM1
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzNDMzMzUzNS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMED
pTANBgkqhkiG9w0BAQsFAAOCAQEAmpNA1D4Wgzmy2A6DqQSVTn8qNnFEjufA/MZA
VsXUk50o3ScwHqMgOKzoeVEkKnVXYgcbL1reC/Ud+9uRHzoO5Iiht8BMwtQjV5H1
ihGDR0oFeKWmFWIfZymw3ueGY+Cbf9MvaYm1jg0uXxKoBKiMQfnwU7yGgWg7iOcS
RXirrRSsHjR3HLwDzHBOQw1XJhAobVPqHG0YoYVgJSzggjTnEWJ5bXwoJ3POuRnk
WuNaEV8CFiWGivpheAAvLUH21oQIevVQvGp9xuNY24wdw13v1yLgEJFE6xrORA41
8G/SRgfHrfRfiORzzSelc165gPLjKntFsHoOwXBLTnDVnhNcDA==
-----END CERTIFICATE-----