Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20323036303333.roa
File:                     3130332e34392e3133302e302f32342d3234203d3e20323036303333.roa (raw, json)
Hash identifier:          v7D054EN2gERBe7aLvFn0V17UtLvh1fmGSVfmRoK+KQ=
Subject key identifier:   C6:93:1A:99:9A:07:E8:0F:4C:57:C5:60:C9:A9:9E:F5:16:07:20:B5
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       1D9330708212DA196193759B96031C1F84BF8E84
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20323036303333.roa
Signing time:             Sat 02 Aug 2025 12:43:12 +0000
ROA not before:           Sat 02 Aug 2025 12:38:12 +0000
ROA not after:            Sat 01 Aug 2026 12:43:12 +0000
asID:                     206033
IP address blocks:        103.49.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 13:52:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:93:30:70:82:12:da:19:61:93:75:9b:96:03:1c:1f:84:bf:8e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Aug  2 12:38:12 2025 GMT
            Not After : Aug  1 12:43:12 2026 GMT
        Subject: CN=C6931A999A07E80F4C57C560C9A99EF5160720B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:85:0c:3a:23:be:5b:bd:e8:ef:d8:9c:f2:a1:
                    66:aa:dd:21:b1:dc:b1:db:ac:af:65:dc:5a:68:a8:
                    87:95:57:44:81:5f:49:64:9a:13:66:da:ef:08:6f:
                    78:ef:19:22:08:b9:fa:32:a5:c3:0e:2e:7a:71:ea:
                    d5:85:54:7e:47:30:40:09:b0:97:7e:fa:06:f5:87:
                    96:d4:fc:57:76:d5:6d:7d:dd:a4:b1:cc:e6:a5:bf:
                    05:33:cd:0d:4f:89:ee:27:d0:46:a0:92:2d:41:5b:
                    bb:74:0c:59:32:af:8f:27:ce:1e:42:c5:0c:ee:a9:
                    e0:17:d0:85:f3:64:37:f8:69:6e:77:32:01:1c:da:
                    df:64:6d:f1:34:1a:7d:84:7b:34:ec:f0:d4:4c:0a:
                    ce:61:00:a7:03:30:f2:0d:47:5e:62:fa:2b:81:46:
                    5e:1b:bc:05:3c:a6:2f:34:8c:ba:7b:9f:bb:85:7b:
                    7f:24:5c:03:a3:72:c0:80:36:61:7f:78:12:99:ed:
                    85:a4:10:50:7d:6c:e5:d2:81:86:fa:8b:18:ab:0d:
                    eb:33:01:b1:1c:36:5d:8c:4d:63:c9:0f:3e:cb:17:
                    a3:43:94:74:7d:8f:9c:8a:d1:fd:d2:9a:e9:e1:c3:
                    e3:bd:75:4c:43:45:6a:97:79:51:fb:25:a0:72:d0:
                    7b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:93:1A:99:9A:07:E8:0F:4C:57:C5:60:C9:A9:9E:F5:16:07:20:B5
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20323036303333.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.49.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:51:fc:0f:fc:4a:5a:fd:f9:2a:0e:3d:22:df:5e:d3:42:70:
         66:06:82:72:b8:fe:58:34:46:f3:d4:a6:27:4f:9f:b4:43:92:
         47:f8:1b:ba:7f:7c:ab:d5:c2:84:c1:10:05:db:0e:96:91:1d:
         0d:be:54:43:4c:d1:38:3b:06:e6:f3:95:0a:db:68:4b:d9:bd:
         0e:e8:b2:b3:73:0d:37:5f:31:4b:90:10:e8:5d:32:71:fc:7b:
         e7:c2:f8:d3:18:32:41:9a:a3:49:8f:77:61:0d:08:cb:2b:b2:
         ea:5e:7c:e1:09:41:16:69:f9:93:e7:44:7c:40:b1:70:80:4d:
         0e:e1:c1:4c:6b:fd:eb:3f:78:68:67:e4:41:ba:ba:03:c8:a6:
         57:eb:11:95:d3:f9:9c:4f:19:2f:d4:15:b9:68:9c:3e:0a:01:
         fa:0f:0c:9d:bb:01:e7:4f:a0:0e:ca:53:6b:20:bc:7e:24:bd:
         ed:96:2f:2f:30:22:a7:b8:25:5c:32:91:9c:01:0d:8d:dc:e8:
         77:d6:ca:f5:68:51:81:98:a6:22:78:af:ba:4e:1d:8e:c7:17:
         cb:5d:a0:d4:66:96:bf:04:f7:48:85:67:a5:87:e7:6d:bc:15:
         6b:c7:1b:c2:0d:48:a7:62:c9:1b:73:3c:27:d1:fb:83:89:c8:
         a5:92:cf:db
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUHZMwcIIS2hlhk3WblgMcH4S/joQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA4MDIxMjM4MTJaFw0yNjA4MDExMjQzMTJaMDMxMTAvBgNV
BAMTKEM2OTMxQTk5OUEwN0U4MEY0QzU3QzU2MEM5QTk5RUY1MTYwNzIwQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCthQw6I75bvejv2JzyoWaq3SGx
3LHbrK9l3FpoqIeVV0SBX0lkmhNm2u8Ib3jvGSIIufoypcMOLnpx6tWFVH5HMEAJ
sJd++gb1h5bU/Fd21W193aSxzOalvwUzzQ1Pie4n0Eagki1BW7t0DFkyr48nzh5C
xQzuqeAX0IXzZDf4aW53MgEc2t9kbfE0Gn2EezTs8NRMCs5hAKcDMPINR15i+iuB
Rl4bvAU8pi80jLp7n7uFe38kXAOjcsCANmF/eBKZ7YWkEFB9bOXSgYb6ixirDesz
AbEcNl2MTWPJDz7LF6NDlHR9j5yK0f3Smunhw+O9dUxDRWqXeVH7JaBy0HsnAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUxpMamZoH6A9MV8Vgyame9RYHILUwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzEzMDMzMmUzNDM5MmUzMTMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMwMzYzMDMzMzMucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BABnMYIwDQYJKoZIhvcNAQELBQADggEBAD1R/A/8Slr9+SoOPSLfXtNCcGYGgnK4
/lg0RvPUpidPn7RDkkf4G7p/fKvVwoTBEAXbDpaRHQ2+VENM0Tg7BubzlQrbaEvZ
vQ7osrNzDTdfMUuQEOhdMnH8e+fC+NMYMkGao0mPd2ENCMsrsupefOEJQRZp+ZPn
RHxAsXCATQ7hwUxr/es/eGhn5EG6ugPIplfrEZXT+ZxPGS/UFblonD4KAfoPDJ27
AedPoA7KU2sgvH4kve2WLy8wIqe4JVwykZwBDY3c6HfWyvVoUYGYpiJ4r7pOHY7H
F8tdoNRmlr8E90iFZ6WH5228FWvHG8INSKdiyRtzPCfR+4OJyKWSz9s=
-----END CERTIFICATE-----
Generated at Tue Aug 5 17:31:06 2025 by rpki-client