Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3132382e302f32342d3234203d3e20313531313036.roa
File:                     3130332e34392e3132382e302f32342d3234203d3e20313531313036.roa (raw, json)
Hash identifier:          JqZwwTv3XcFCl1IzFcnoBrVKvFS5JMd+d9rIxVN+6kI=
Subject key identifier:   83:D3:6C:A2:56:F4:1A:25:BD:AD:88:A4:C8:F2:9A:01:27:6D:AE:E7
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       330F4695A42491BA28435CCC28DCB8B7FF02AE84
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3132382e302f32342d3234203d3e20313531313036.roa
Signing time:             Thu 10 Apr 2025 14:26:45 +0000
ROA not before:           Thu 10 Apr 2025 14:21:45 +0000
ROA not after:            Thu 09 Apr 2026 14:26:45 +0000
asID:                     151106
IP address blocks:        103.49.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 02:53:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:0f:46:95:a4:24:91:ba:28:43:5c:cc:28:dc:b8:b7:ff:02:ae:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Apr 10 14:21:45 2025 GMT
            Not After : Apr  9 14:26:45 2026 GMT
        Subject: CN=83D36CA256F41A25BDAD88A4C8F29A01276DAEE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:97:a7:32:e9:91:1e:19:c7:1a:56:41:84:46:
                    33:53:9d:27:86:04:53:70:2a:a2:1a:a9:40:23:db:
                    80:d4:42:2e:f2:aa:cf:74:35:a8:a8:ac:33:bd:df:
                    8b:58:e6:cb:5b:c5:3a:16:90:92:70:22:7c:39:17:
                    1a:a8:56:2e:79:3e:44:2c:e4:84:0e:d6:e3:00:68:
                    61:b4:ef:71:7e:e9:de:58:4d:b3:39:f0:06:92:38:
                    27:c0:d0:4e:5e:ec:a5:d8:5b:ca:b1:2e:2a:fb:f7:
                    58:46:99:00:27:69:8a:d0:ee:9f:a9:78:48:56:96:
                    a6:bf:f8:23:34:7a:83:ce:7b:58:7f:b2:6d:2b:f2:
                    20:8d:4e:b1:8e:e6:19:bc:11:71:af:d1:5a:c8:e5:
                    55:fd:30:ad:9b:df:b8:a0:7d:97:93:ba:dd:f9:e7:
                    e5:68:c7:1c:9a:69:84:2e:0c:9a:f1:90:ea:54:0d:
                    ea:cf:37:3c:7e:12:a1:fe:47:7f:9f:9c:84:59:55:
                    bc:6f:58:19:14:5d:6c:fa:a4:29:94:cf:d7:d4:25:
                    42:42:ed:6b:8b:e7:9c:e1:c5:93:19:70:dd:da:aa:
                    66:b2:aa:7a:41:44:e5:d6:e9:db:d6:2b:cf:0a:3a:
                    a3:8c:d7:4d:64:e7:27:1f:b2:8b:b1:84:fd:a6:3f:
                    cf:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D3:6C:A2:56:F4:1A:25:BD:AD:88:A4:C8:F2:9A:01:27:6D:AE:E7
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3132382e302f32342d3234203d3e20313531313036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.49.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:23:17:b5:64:97:9d:b5:00:a5:06:68:83:5e:62:1d:5c:23:
         2e:69:cf:3f:95:66:b1:2d:27:d9:13:94:a5:d7:5a:7f:ea:06:
         27:13:a7:b7:67:1e:93:10:28:50:4a:b7:10:f9:60:52:c1:1a:
         ea:60:d2:ef:02:e0:90:4e:a5:dd:eb:9e:5c:85:bb:22:1e:2a:
         3e:ef:fa:72:f4:78:85:7d:bd:fe:4f:db:3f:f5:55:da:3c:b2:
         c4:36:db:43:99:ff:71:71:9f:24:b5:1f:fa:38:28:5e:ba:40:
         ca:28:29:17:f1:7f:69:28:f4:96:24:d4:28:3c:f0:92:d7:4a:
         60:95:e7:39:b6:e5:24:8c:12:24:37:37:bc:19:dd:11:43:cf:
         7e:05:5b:8c:b6:7a:8a:c1:29:5e:88:48:08:b9:96:05:c4:22:
         26:68:ed:b7:22:80:a9:d5:75:b0:65:32:78:10:a6:4c:5d:62:
         df:c6:ce:f4:8f:77:b3:eb:63:ae:1b:b4:15:c7:db:7e:ff:fe:
         43:ee:92:2a:33:01:90:7b:51:0b:3e:f9:12:70:57:bc:bc:70:
         ca:02:05:41:f0:c3:d6:d9:83:37:4a:d1:3b:4a:b9:eb:90:86:
         93:72:8c:c5:e2:13:4e:2f:39:35:3f:17:1c:9a:1f:cc:03:ad:
         58:b2:bd:eb
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUMw9GlaQkkbooQ1zMKNy4t/8CroQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA0MTAxNDIxNDVaFw0yNjA0MDkxNDI2NDVaMDMxMTAvBgNV
BAMTKDgzRDM2Q0EyNTZGNDFBMjVCREFEODhBNEM4RjI5QTAxMjc2REFFRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvl6cy6ZEeGccaVkGERjNTnSeG
BFNwKqIaqUAj24DUQi7yqs90NaiorDO934tY5stbxToWkJJwInw5FxqoVi55PkQs
5IQO1uMAaGG073F+6d5YTbM58AaSOCfA0E5e7KXYW8qxLir791hGmQAnaYrQ7p+p
eEhWlqa/+CM0eoPOe1h/sm0r8iCNTrGO5hm8EXGv0VrI5VX9MK2b37igfZeTut35
5+VoxxyaaYQuDJrxkOpUDerPNzx+EqH+R3+fnIRZVbxvWBkUXWz6pCmUz9fUJUJC
7WuL55zhxZMZcN3aqmayqnpBROXW6dvWK88KOqOM101k5ycfsouxhP2mP89BAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUg9Nsolb0GiW9rYikyPKaASdtrucwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzEzMDMzMmUzNDM5MmUzMTMy
MzgyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzEzMTMwMzYucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABnMYAwDQYJKoZIhvcNAQELBQADggEBAIwjF7Vkl521AKUGaINeYh1cIy5pzz+V
ZrEtJ9kTlKXXWn/qBicTp7dnHpMQKFBKtxD5YFLBGupg0u8C4JBOpd3rnlyFuyIe
Kj7v+nL0eIV9vf5P2z/1Vdo8ssQ220OZ/3FxnyS1H/o4KF66QMooKRfxf2ko9JYk
1Cg88JLXSmCV5zm25SSMEiQ3N7wZ3RFDz34FW4y2eorBKV6ISAi5lgXEIiZo7bci
gKnVdbBlMngQpkxdYt/GzvSPd7PrY64btBXH237//kPukiozAZB7UQs++RJwV7y8
cMoCBUHww9bZgzdK0TtKueuQhpNyjMXiE04vOTU/FxyaH8wDrViyves=
-----END CERTIFICATE-----
Generated at Sun Apr 27 13:00:25 2025 by rpki-client