Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3134392e36322e33362e302f32342d3234203d3e20383334.roa
File:                     3134392e36322e33362e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          bPEjWuQ9JemKQ2NU5roX7yRjC7iUrqH1Fs2a4u0zcgA=
Subject key identifier:   3F:87:AE:19:04:29:E7:5D:CE:F3:47:2B:A6:9F:A5:21:0A:70:07:88
Certificate issuer:       /CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
Certificate serial:       2D157A7B8AA70D887C1F2454ADA867A327873CC7
Authority key identifier: 09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3134392e36322e33362e302f32342d3234203d3e20383334.roa
Signing time:             Thu 31 Jul 2025 11:40:47 +0000
ROA not before:           Thu 31 Jul 2025 11:35:47 +0000
ROA not after:            Thu 30 Jul 2026 11:40:47 +0000
asID:                     834
IP address blocks:        149.62.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:15:7a:7b:8a:a7:0d:88:7c:1f:24:54:ad:a8:67:a3:27:87:3c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=097a28f77eb0a4ac354a8ac28754b2a3bbe3a959
        Validity
            Not Before: Jul 31 11:35:47 2025 GMT
            Not After : Jul 30 11:40:47 2026 GMT
        Subject: CN=3F87AE190429E75DCEF3472BA69FA5210A700788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9d:e7:63:14:3a:3b:51:af:c8:6c:c7:bd:cb:
                    a7:d4:8d:05:10:20:bc:b5:24:3e:93:42:c0:ba:47:
                    4e:d0:b3:a8:d2:32:98:4f:20:3f:3d:fb:94:91:a9:
                    5e:d3:62:e1:56:93:cf:7b:48:4c:f1:8d:90:55:33:
                    b8:3b:0c:5d:52:1a:51:8a:87:04:42:bf:14:a8:63:
                    66:f7:b5:2f:1d:08:c9:2b:80:95:84:8f:65:06:30:
                    5c:ea:5b:db:d6:06:c6:9c:8b:97:33:03:00:e9:bd:
                    a6:b6:13:49:0d:75:59:92:80:47:b0:60:a9:28:60:
                    6e:8f:9e:b6:67:36:9a:e4:50:14:10:62:05:84:1c:
                    bc:d6:05:a1:8b:14:d1:f2:49:85:0e:e6:a3:88:96:
                    f4:52:e1:39:db:84:81:44:76:37:fb:10:82:d0:17:
                    74:d9:31:af:18:54:46:40:e7:72:41:7d:9b:79:75:
                    36:74:7e:12:2e:d6:0a:9b:ff:b8:69:69:ff:7a:4d:
                    ee:7f:ce:e5:4a:d2:cd:a4:8b:be:e4:c4:61:8d:a8:
                    dd:63:aa:1a:a2:57:83:91:46:50:74:42:c1:3d:c8:
                    ab:ea:98:95:23:5d:2d:cb:06:2d:6f:36:e9:0e:1d:
                    00:90:8d:1e:19:2e:c0:1c:c7:60:e7:60:24:fd:06:
                    1f:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:87:AE:19:04:29:E7:5D:CE:F3:47:2B:A6:9F:A5:21:0A:70:07:88
            X509v3 Authority Key Identifier:
                keyid:09:7A:28:F7:7E:B0:A4:AC:35:4A:8A:C2:87:54:B2:A3:BB:E3:A9:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/097A28F77EB0A4AC354A8AC28754B2A3BBE3A959.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CXoo936wpKw1SorCh1Syo7vjqVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/177/3134392e36322e33362e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:97:6e:b5:29:b1:21:4c:56:8a:a1:34:3b:8b:21:f8:b9:45:
         5c:2b:63:53:f2:19:e0:13:f3:82:0e:e5:1c:4b:b6:7f:60:ba:
         fa:51:fe:09:e0:58:71:09:b6:4f:cc:d7:b7:e4:13:44:bf:90:
         06:9a:28:c6:4b:1e:6a:aa:e6:13:ab:20:a2:10:80:21:24:5f:
         51:30:31:6c:bd:de:db:c1:b7:be:f6:85:eb:63:b1:7c:eb:8f:
         d9:42:90:b3:38:fa:b7:b0:94:7a:8a:88:46:a7:54:7c:91:4d:
         6e:24:6e:10:63:c5:05:fc:35:32:87:a1:83:2a:20:8f:d5:73:
         c6:00:10:26:fd:dc:61:bc:ab:37:4f:be:38:86:84:be:10:23:
         cb:13:0e:66:49:f5:f3:ec:99:da:e9:17:34:31:a5:db:c2:74:
         69:c0:40:3d:77:1a:e5:3b:a6:89:65:33:37:10:44:55:6d:76:
         2b:00:8a:ac:12:a1:c3:28:c9:82:ac:74:12:73:fc:44:27:c6:
         a4:6d:b9:ec:3b:2c:a5:d5:ee:6e:11:96:9d:ce:8b:ed:ff:ea:
         a0:cf:cf:35:87:5a:a9:31:86:8a:1a:11:a6:24:1d:39:1d:dd:
         81:fe:f2:f8:25:71:c8:f3:ba:f4:02:23:fa:84:31:b4:76:14:
         be:e7:62:29
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgIULRV6e4qnDYh8HyRUrahnoyeHPMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDk3YTI4Zjc3ZWIwYTRhYzM1NGE4YWMyODc1NGIyYTNi
YmUzYTk1OTAeFw0yNTA3MzExMTM1NDdaFw0yNjA3MzAxMTQwNDdaMDMxMTAvBgNV
BAMTKDNGODdBRTE5MDQyOUU3NURDRUYzNDcyQkE2OUZBNTIxMEE3MDA3ODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQConedjFDo7Ua/IbMe9y6fUjQUQ
ILy1JD6TQsC6R07Qs6jSMphPID89+5SRqV7TYuFWk897SEzxjZBVM7g7DF1SGlGK
hwRCvxSoY2b3tS8dCMkrgJWEj2UGMFzqW9vWBsaci5czAwDpvaa2E0kNdVmSgEew
YKkoYG6PnrZnNprkUBQQYgWEHLzWBaGLFNHySYUO5qOIlvRS4TnbhIFEdjf7EILQ
F3TZMa8YVEZA53JBfZt5dTZ0fhIu1gqb/7hpaf96Te5/zuVK0s2ki77kxGGNqN1j
qhqiV4ORRlB0QsE9yKvqmJUjXS3LBi1vNukOHQCQjR4ZLsAcx2DnYCT9Bh/LAgMB
AAGjggI8MIICODAdBgNVHQ4EFgQUP4euGQQp513O80crpp+lIQpwB4gwHwYDVR0j
BBgwFoAUCXoo936wpKw1SorCh1Syo7vjqVkwDgYDVR0PAQH/BAQDAgeAMIGYBgNV
HR8EgZAwgY0wgYqggYeggYSGgYFyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L2ZlMzcwOGEwLTY3ZDUtNGFjMi1hYmM0LWEzMzI1OTBi
OTlhZi8xNzcvMDk3QTI4Rjc3RUIwQTRBQzM1NEE4QUMyODc1NEIyQTNCQkUzQTk1
OS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NYb285MzZ3cEt3MVNvckNoMVN5
bzd2anFWay5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJz
eW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4
YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzE3Ny8zMTM0MzkyZTM2MzIy
ZTMzMzYyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACV
PiQwDQYJKoZIhvcNAQELBQADggEBAFyXbrUpsSFMVoqhNDuLIfi5RVwrY1PyGeAT
84IO5RxLtn9guvpR/gngWHEJtk/M17fkE0S/kAaaKMZLHmqq5hOrIKIQgCEkX1Ew
MWy93tvBt772hetjsXzrj9lCkLM4+rewlHqKiEanVHyRTW4kbhBjxQX8NTKHoYMq
II/Vc8YAECb93GG8qzdPvjiGhL4QI8sTDmZJ9fPsmdrpFzQxpdvCdGnAQD13GuU7
pollMzcQRFVtdisAiqwSocMoyYKsdBJz/EQnxqRtuew7LKXV7m4Rlp3Oi+3/6qDP
zzWHWqkxhooaEaYkHTkd3YH+8vglccjzuvQCI/qEMbR2FL7nYik=
-----END CERTIFICATE-----