Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa
File:                     3130332e34392e3133302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          2kviFL54lDpfPzXEFZx4nMFKp96iC4oZ7nWuGME1pqQ=
Subject key identifier:   DD:12:3E:2C:4F:70:A3:57:E2:A2:91:6F:26:1E:FD:99:89:86:10:E5
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       7EE4A4D6BD9808548C09D636EAF36A00BBBC2E97
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 10 Jun 2025 00:03:22 +0000
ROA not before:           Mon 09 Jun 2025 23:58:22 +0000
ROA not after:            Tue 09 Jun 2026 00:03:22 +0000
asID:                     834
IP address blocks:        103.49.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:e4:a4:d6:bd:98:08:54:8c:09:d6:36:ea:f3:6a:00:bb:bc:2e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Jun  9 23:58:22 2025 GMT
            Not After : Jun  9 00:03:22 2026 GMT
        Subject: CN=DD123E2C4F70A357E2A2916F261EFD99898610E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:80:ae:08:55:72:a3:aa:d7:ef:56:34:d4:01:
                    e9:ab:78:ac:4e:ce:36:cb:fb:6e:43:8c:0c:56:7f:
                    ee:ea:2e:ab:a2:80:b2:c9:cf:b8:f1:ed:9c:fc:75:
                    16:dc:7c:cb:d6:fd:bc:5a:44:e4:35:b6:59:81:d4:
                    52:8e:75:a9:8d:be:54:4e:52:3c:93:e7:27:94:69:
                    ed:4a:13:e2:84:cb:09:6a:43:d2:7e:b3:f2:b3:29:
                    cd:67:54:e5:17:9b:83:3f:7b:ba:4f:8b:c1:20:1b:
                    35:1a:31:fb:16:23:af:32:4c:69:03:72:d1:64:1f:
                    71:0f:1b:d8:27:1c:7b:1d:ca:c2:03:1b:d6:e8:23:
                    15:c1:c3:f0:78:a7:0f:b3:01:05:11:30:0a:5d:27:
                    5f:34:af:bb:ce:31:95:de:16:79:3a:29:e6:26:bb:
                    53:7b:bc:78:c2:cb:b9:31:41:f8:30:1c:1b:af:e1:
                    df:b2:78:3a:89:00:ae:71:a4:15:b8:48:28:3d:52:
                    8b:ec:82:6c:5a:3d:9c:c0:21:60:cf:f1:b7:d1:9f:
                    44:f3:7b:ea:71:c1:b7:40:6a:34:70:58:9a:2b:de:
                    aa:75:58:c8:e0:49:73:e4:9c:18:8f:c3:d5:3c:3e:
                    a6:30:7c:f4:06:16:cf:74:76:3e:07:0b:cc:07:9c:
                    ef:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:12:3E:2C:4F:70:A3:57:E2:A2:91:6F:26:1E:FD:99:89:86:10:E5
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.49.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:64:f0:d0:62:b4:d2:44:7a:3c:cf:02:47:fb:ab:ba:ae:3d:
         e7:9d:e4:f4:a7:25:1a:00:a1:aa:fd:bc:d5:5f:f0:69:96:ec:
         be:2c:0e:d1:7c:83:0a:bc:90:f6:f9:c3:78:82:ad:26:10:8b:
         fe:00:f5:e4:49:72:a3:04:f0:ef:33:73:81:0c:82:c1:e6:de:
         29:65:58:47:68:a5:35:2a:a1:ab:da:dd:71:81:8c:44:d5:1f:
         90:d0:4b:6b:4a:0f:d6:96:63:40:a7:48:5a:7f:7d:8a:92:74:
         6e:9f:97:b3:17:bf:ce:49:d0:7c:37:9f:64:d0:91:14:9e:c6:
         d8:68:fe:df:72:ee:a7:d4:7e:46:73:8a:ff:61:d0:22:9a:53:
         9d:1a:95:7b:23:8b:7b:31:39:b7:34:de:02:4b:12:3d:54:89:
         82:6e:11:a4:26:01:4b:e5:1d:42:9c:f2:12:2d:07:18:28:7f:
         54:28:00:7e:65:bf:06:0e:9d:43:e0:cc:c2:ae:c8:8d:8a:fd:
         82:dc:17:d1:9e:90:52:c3:af:de:64:92:19:df:7e:b2:5a:7b:
         e1:73:a1:be:2e:7d:97:db:78:28:4a:0b:8b:d7:7c:25:7c:27:
         e2:aa:94:f1:2e:e9:09:6f:91:51:1d:fb:1f:38:a5:8c:51:54:
         0e:3f:c3:e9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUfuSk1r2YCFSMCdY26vNqALu8LpcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNTA2MDkyMzU4MjJaFw0yNjA2MDkwMDAzMjJaMDMxMTAvBgNV
BAMTKEREMTIzRTJDNEY3MEEzNTdFMkEyOTE2RjI2MUVGRDk5ODk4NjEwRTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWgK4IVXKjqtfvVjTUAemreKxO
zjbL+25DjAxWf+7qLquigLLJz7jx7Zz8dRbcfMvW/bxaROQ1tlmB1FKOdamNvlRO
UjyT5yeUae1KE+KEywlqQ9J+s/KzKc1nVOUXm4M/e7pPi8EgGzUaMfsWI68yTGkD
ctFkH3EPG9gnHHsdysIDG9boIxXBw/B4pw+zAQURMApdJ180r7vOMZXeFnk6KeYm
u1N7vHjCy7kxQfgwHBuv4d+yeDqJAK5xpBW4SCg9UovsgmxaPZzAIWDP8bfRn0Tz
e+pxwbdAajRwWJor3qp1WMjgSXPknBiPw9U8PqYwfPQGFs90dj4HC8wHnO9RAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU3RI+LE9wo1fiopFvJh79mYmGEOUwHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzEzMDMzMmUzNDM5MmUzMTMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABnMYIw
DQYJKoZIhvcNAQELBQADggEBAG5k8NBitNJEejzPAkf7q7quPeed5PSnJRoAoar9
vNVf8GmW7L4sDtF8gwq8kPb5w3iCrSYQi/4A9eRJcqME8O8zc4EMgsHm3illWEdo
pTUqoava3XGBjETVH5DQS2tKD9aWY0CnSFp/fYqSdG6fl7MXv85J0Hw3n2TQkRSe
xtho/t9y7qfUfkZziv9h0CKaU50alXsji3sxObc03gJLEj1UiYJuEaQmAUvlHUKc
8hItBxgof1QoAH5lvwYOnUPgzMKuyI2K/YLcF9GekFLDr95kkhnffrJae+Fzob4u
fZfbeChKC4vXfCV8J+KqlPEu6QlvkVEd+x84pYxRVA4/w+k=
-----END CERTIFICATE-----