Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa
File:                     3130332e34392e3133302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          VPeEGuiTMEezqu9Y3QXa9FXunzgFBKsfQ157WaIaVOI=
Subject key identifier:   EB:D1:30:36:EB:7B:C8:C7:2F:10:34:C7:AD:4A:47:B8:F0:23:51:ED
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       4B6597F30081870BAD4D547A72C971372921D7C3
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 14 Apr 2026 12:46:25 +0000
ROA not before:           Tue 14 Apr 2026 12:41:25 +0000
ROA not after:            Tue 13 Apr 2027 12:46:25 +0000
asID:                     834
IP address blocks:        103.49.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:65:97:f3:00:81:87:0b:ad:4d:54:7a:72:c9:71:37:29:21:d7:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Apr 14 12:41:25 2026 GMT
            Not After : Apr 13 12:46:25 2027 GMT
        Subject: CN=EBD13036EB7BC8C72F1034C7AD4A47B8F02351ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f4:49:e2:e0:92:e8:00:23:11:12:c2:af:6d:
                    29:15:d6:5b:26:8d:78:0f:d5:e9:55:ae:7a:4c:c7:
                    b1:d2:9d:ca:f0:72:4e:b2:d2:83:fd:c7:2d:23:63:
                    61:5c:ec:3e:08:7a:28:6d:13:2f:67:15:9c:98:3c:
                    1a:68:77:6d:ee:83:05:90:c7:ac:59:b1:3f:85:0c:
                    d5:85:ca:15:dc:29:a0:f8:de:3b:12:14:c7:27:8b:
                    fe:6d:74:c2:f6:19:29:ac:4d:4a:8c:90:da:8a:b1:
                    5e:4a:74:45:64:eb:fd:8e:94:32:67:73:16:15:b4:
                    d0:a2:98:ca:01:1f:4b:2f:cb:00:03:86:9b:30:ef:
                    3e:9b:81:87:c0:db:71:68:71:34:1e:a3:16:b7:13:
                    15:8a:9a:3f:e9:f6:9a:57:6d:60:27:3e:30:41:cc:
                    60:60:35:c7:46:9b:52:61:0b:32:84:a1:6d:d3:6f:
                    19:76:58:f5:d3:2e:d8:96:c8:e2:cd:59:da:15:9c:
                    55:76:ba:35:18:cf:32:aa:eb:9b:bc:1b:07:40:de:
                    d3:91:4c:84:52:ef:75:74:14:b4:f7:79:47:fb:bb:
                    62:3d:a0:cf:eb:8c:3b:8d:7e:53:1b:f4:b8:f3:5e:
                    45:9e:f5:7e:39:cc:40:6c:b0:19:3d:4c:26:fc:f9:
                    df:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D1:30:36:EB:7B:C8:C7:2F:10:34:C7:AD:4A:47:B8:F0:23:51:ED
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.49.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:ad:c7:9d:07:aa:f8:70:fe:3f:d6:8f:6a:9c:66:d3:b8:f5:
         f6:49:65:50:cf:8b:dc:36:74:f1:d1:54:30:5e:c4:24:4f:f5:
         6f:94:91:d0:9f:3b:d4:b8:24:57:c9:b8:e8:bd:ae:f2:05:56:
         b4:51:48:36:35:bc:6e:35:cb:28:0f:68:9a:6a:09:16:0a:89:
         93:b3:e5:33:50:56:19:ec:75:8e:91:20:2f:1e:9d:4a:e0:f7:
         13:22:ef:a3:69:6f:a7:8c:42:d3:bc:1d:80:f2:20:41:69:57:
         cc:17:45:0f:78:23:a1:37:bb:c3:c0:2d:3f:77:c4:de:06:d2:
         38:2a:03:b1:57:ae:0f:68:2b:b8:fb:fd:49:61:15:c6:c3:35:
         93:f4:d7:92:f8:29:56:c6:66:db:3e:3b:f7:87:5e:5a:1b:c9:
         05:33:58:fd:ef:8e:7a:1f:4f:9e:5d:66:7f:ec:d5:b1:01:81:
         bc:cf:7d:c9:44:05:f1:26:5e:e9:43:ff:e5:b4:93:2b:b9:5d:
         12:93:62:26:1b:56:13:07:a9:ce:18:56:8c:ae:aa:0c:86:2f:
         2f:9c:1d:39:24:c8:8e:d6:de:18:54:b7:ab:68:44:94:05:58:
         87:16:e0:c2:89:90:5e:b5:a5:a1:c6:a0:2d:eb:72:aa:14:3d:
         8f:f0:1e:f4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUS2WX8wCBhwutTVR6cslxNykh18MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNjA0MTQxMjQxMjVaFw0yNzA0MTMxMjQ2MjVaMDMxMTAvBgNV
BAMTKEVCRDEzMDM2RUI3QkM4QzcyRjEwMzRDN0FENEE0N0I4RjAyMzUxRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb9Eni4JLoACMREsKvbSkV1lsm
jXgP1elVrnpMx7HSncrwck6y0oP9xy0jY2Fc7D4IeihtEy9nFZyYPBpod23ugwWQ
x6xZsT+FDNWFyhXcKaD43jsSFMcni/5tdML2GSmsTUqMkNqKsV5KdEVk6/2OlDJn
cxYVtNCimMoBH0svywADhpsw7z6bgYfA23FocTQeoxa3ExWKmj/p9ppXbWAnPjBB
zGBgNcdGm1JhCzKEoW3Tbxl2WPXTLtiWyOLNWdoVnFV2ujUYzzKq65u8GwdA3tOR
TIRS73V0FLT3eUf7u2I9oM/rjDuNflMb9LjzXkWe9X45zEBssBk9TCb8+d8LAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU69EwNut7yMcvEDTHrUpHuPAjUe0wHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzEzMDMzMmUzNDM5MmUzMTMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABnMYIw
DQYJKoZIhvcNAQELBQADggEBACmtx50Hqvhw/j/Wj2qcZtO49fZJZVDPi9w2dPHR
VDBexCRP9W+UkdCfO9S4JFfJuOi9rvIFVrRRSDY1vG41yygPaJpqCRYKiZOz5TNQ
VhnsdY6RIC8enUrg9xMi76Npb6eMQtO8HYDyIEFpV8wXRQ94I6E3u8PALT93xN4G
0jgqA7FXrg9oK7j7/UlhFcbDNZP015L4KVbGZts+O/eHXlobyQUzWP3vjnofT55d
Zn/s1bEBgbzPfclEBfEmXulD/+W0kyu5XRKTYiYbVhMHqc4YVoyuqgyGLy+cHTkk
yI7W3hhUt6toRJQFWIcW4MKJkF61paHGoC3rcqoUPY/wHvQ=
-----END CERTIFICATE-----