Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3132382e302f32332d3234203d3e20383334.roa
File:                     3130332e34392e3132382e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          cwv6U5HtTbEKzJMeb3nfWtIwqYRG9Jzq6qWtzvszezA=
Subject key identifier:   F3:D3:5D:77:F9:94:74:BB:06:0C:7B:27:12:60:E6:D9:3E:BD:1A:C2
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       6677FBBD62F6040D9E77584391C7474E4257A81F
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3132382e302f32332d3234203d3e20383334.roa
Signing time:             Tue 10 Jun 2025 00:03:21 +0000
ROA not before:           Mon 09 Jun 2025 23:58:21 +0000
ROA not after:            Tue 09 Jun 2026 00:03:21 +0000
asID:                     834
IP address blocks:        103.49.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 15:15:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:77:fb:bd:62:f6:04:0d:9e:77:58:43:91:c7:47:4e:42:57:a8:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Jun  9 23:58:21 2025 GMT
            Not After : Jun  9 00:03:21 2026 GMT
        Subject: CN=F3D35D77F99474BB060C7B271260E6D93EBD1AC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:47:a7:a8:36:a1:23:2b:e8:24:a3:da:d0:39:
                    d7:f9:7d:f0:61:c0:02:c2:b6:38:c6:ec:9b:0a:e2:
                    f8:51:53:1d:06:0e:c6:7d:bb:fc:c1:d1:62:14:f2:
                    b8:10:fd:50:a0:4a:14:f2:f0:2d:53:af:7a:39:48:
                    c4:fd:b3:26:02:4f:3b:0a:ff:f5:aa:61:f1:89:ae:
                    6b:8c:68:a0:a6:1a:68:fc:3b:ec:9e:ef:49:10:7e:
                    be:7e:d4:d2:cc:ca:9c:c0:55:66:48:6e:a7:08:51:
                    f9:ef:68:16:bc:ec:95:a6:a8:08:97:1e:d6:7e:ba:
                    ba:91:d0:c5:13:d9:d8:7e:72:eb:af:10:75:b2:36:
                    b6:94:e2:58:0a:6c:f3:3f:c2:d7:fc:9d:89:e3:33:
                    e1:31:0e:75:a4:e0:ed:1d:48:e7:1a:d7:3e:68:54:
                    db:05:ae:99:f6:b6:ca:00:05:b5:d8:76:bb:42:75:
                    69:d5:a7:77:89:5c:70:7b:df:f0:89:2c:6b:11:1b:
                    a7:10:f1:de:c1:46:da:cd:b0:5e:dc:03:ba:c4:ae:
                    8d:c3:85:93:cf:ae:a0:c7:f8:35:ea:15:3e:3a:9f:
                    ff:4b:ba:bf:5a:69:b5:6c:3e:a8:bd:40:81:fc:d0:
                    4e:89:cb:c1:20:a9:fe:f9:21:c2:75:9a:bd:6d:ef:
                    26:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D3:5D:77:F9:94:74:BB:06:0C:7B:27:12:60:E6:D9:3E:BD:1A:C2
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3132382e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.49.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:9e:a9:30:d5:f5:9a:b3:a8:58:09:66:e7:e2:55:3b:8a:4a:
         8a:ab:c4:f1:eb:0f:76:da:94:b9:fe:c1:bd:ec:1f:cc:94:42:
         5f:b9:d0:22:13:74:50:7d:83:91:8c:29:63:8f:b0:a2:f1:b5:
         49:fa:8d:cf:de:66:5c:33:bf:69:54:cd:0a:7d:f3:63:f4:f8:
         6e:05:76:55:6c:88:9e:97:85:6d:55:4e:e1:1f:69:bf:fe:f0:
         d7:b8:12:98:b7:66:47:44:ec:e2:63:35:9b:c9:bd:0e:5b:6a:
         a2:6f:10:e5:04:22:69:7f:0b:4d:6d:30:b9:03:81:0c:51:e6:
         4e:a1:cb:d2:f4:e5:b9:0d:b0:8b:49:bd:fe:d8:44:d8:14:fe:
         f4:00:36:9c:cf:4f:46:17:a7:b2:9f:f1:65:54:fa:61:6c:79:
         30:27:4b:b1:c0:47:8d:6f:c3:c4:24:1e:6a:6e:65:98:c3:6a:
         cd:47:c9:d1:8d:4e:0d:a6:43:13:c3:da:f7:e7:2f:5b:1d:72:
         f5:7d:81:ad:4f:0d:ca:d4:3f:1d:98:7f:27:46:3b:7b:e9:f0:
         a6:54:c1:78:40:00:aa:0c:f4:ec:31:f4:fe:45:be:5c:85:be:
         4b:ca:d2:c2:c4:47:51:9d:bd:ae:02:8d:77:fd:46:de:5a:4f:
         5a:c3:d7:ae
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUZnf7vWL2BA2ed1hDkcdHTkJXqB8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA2MDkyMzU4MjFaFw0yNjA2MDkwMDAzMjFaMDMxMTAvBgNV
BAMTKEYzRDM1RDc3Rjk5NDc0QkIwNjBDN0IyNzEyNjBFNkQ5M0VCRDFBQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2R6eoNqEjK+gko9rQOdf5ffBh
wALCtjjG7JsK4vhRUx0GDsZ9u/zB0WIU8rgQ/VCgShTy8C1Tr3o5SMT9syYCTzsK
//WqYfGJrmuMaKCmGmj8O+ye70kQfr5+1NLMypzAVWZIbqcIUfnvaBa87JWmqAiX
HtZ+urqR0MUT2dh+cuuvEHWyNraU4lgKbPM/wtf8nYnjM+ExDnWk4O0dSOca1z5o
VNsFrpn2tsoABbXYdrtCdWnVp3eJXHB73/CJLGsRG6cQ8d7BRtrNsF7cA7rEro3D
hZPPrqDH+DXqFT46n/9Lur9aabVsPqi9QIH80E6Jy8Egqf75IcJ1mr1t7ybnAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU89Ndd/mUdLsGDHsnEmDm2T69GsIwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzEzMDMzMmUzNDM5MmUzMTMy
MzgyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFnMYAw
DQYJKoZIhvcNAQELBQADggEBAEaeqTDV9ZqzqFgJZufiVTuKSoqrxPHrD3balLn+
wb3sH8yUQl+50CITdFB9g5GMKWOPsKLxtUn6jc/eZlwzv2lUzQp982P0+G4FdlVs
iJ6XhW1VTuEfab/+8Ne4Epi3ZkdE7OJjNZvJvQ5baqJvEOUEIml/C01tMLkDgQxR
5k6hy9L05bkNsItJvf7YRNgU/vQANpzPT0YXp7Kf8WVU+mFseTAnS7HAR41vw8Qk
HmpuZZjDas1HydGNTg2mQxPD2vfnL1sdcvV9ga1PDcrUPx2YfydGO3vp8KZUwXhA
AKoM9Owx9P5FvlyFvkvK0sLER1Gdva4CjXf9Rt5aT1rD164=
-----END CERTIFICATE-----