Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e302e3230312e302f32342d3234203d3e20383334.roa
File:                     3139342e302e3230312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          962syMnSL760mMDLAsDewS+OxPF4JOafSV5OLWv7zMU=
Subject key identifier:   55:15:5D:7E:68:79:EE:E8:2B:83:AF:79:65:FA:9E:A4:CB:71:11:98
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       0A350E7D78C1AC8531563676115E335C4D692FEB
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e302e3230312e302f32342d3234203d3e20383334.roa
Signing time:             Thu 31 Jul 2025 11:40:27 +0000
ROA not before:           Thu 31 Jul 2025 11:35:27 +0000
ROA not after:            Thu 30 Jul 2026 11:40:27 +0000
asID:                     834
IP address blocks:        194.0.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:07:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:35:0e:7d:78:c1:ac:85:31:56:36:76:11:5e:33:5c:4d:69:2f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Jul 31 11:35:27 2025 GMT
            Not After : Jul 30 11:40:27 2026 GMT
        Subject: CN=55155D7E6879EEE82B83AF7965FA9EA4CB711198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e9:16:43:a3:13:30:e8:e2:2a:c7:07:00:c5:
                    c9:a6:07:e2:2e:1d:44:71:be:22:0e:7f:54:bc:d1:
                    89:e1:67:70:ee:4a:fb:c9:9f:5c:ef:fd:39:d2:e9:
                    87:f3:b0:44:84:29:79:c6:a3:99:0e:63:c0:f2:4f:
                    ab:ec:a2:2c:d0:7a:1f:67:a1:79:44:0e:3c:11:c1:
                    81:ed:3a:31:d3:72:e1:1b:b8:dd:9c:aa:8c:43:3a:
                    42:47:62:ba:1a:10:1f:21:74:5c:1f:b2:45:39:4a:
                    ac:05:f8:ca:2e:d0:8d:85:be:5c:cf:82:96:91:4c:
                    c7:a5:6e:31:49:6b:9b:c9:5d:4e:d4:9d:63:4e:a3:
                    7c:28:88:be:e9:55:fb:ac:ac:26:2c:bd:1d:87:9b:
                    b5:ec:51:a3:cd:82:19:f2:f5:a9:68:c3:8f:28:c9:
                    71:e7:f1:34:29:be:03:1d:fc:93:7e:d2:4f:b6:8b:
                    2a:7a:83:a2:46:32:da:95:77:1e:2d:29:67:f4:ae:
                    b2:f9:4e:55:a1:e1:05:7c:f3:54:6d:c6:7c:2a:82:
                    68:1e:4e:b7:e2:09:14:39:81:a3:2f:f4:3f:d0:41:
                    a6:28:bd:0e:e9:48:21:f9:31:be:74:ef:44:d1:62:
                    2a:1d:63:8f:a3:43:e1:0a:78:f3:cf:68:66:3d:6c:
                    e2:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:15:5D:7E:68:79:EE:E8:2B:83:AF:79:65:FA:9E:A4:CB:71:11:98
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e302e3230312e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:39:c5:0e:8b:e5:d3:58:06:e3:5c:11:06:b6:4d:55:48:c1:
         b0:6d:b0:5c:38:e6:4d:44:37:da:0b:26:8d:20:54:1f:30:25:
         21:44:f7:d6:36:4b:f0:1f:87:27:3c:95:2a:d0:d6:16:7a:01:
         9b:b1:cc:31:7d:74:3e:39:9d:5f:1f:15:69:d5:e3:e6:15:4c:
         07:e2:be:d3:ca:b8:57:6a:31:f7:ee:10:27:a8:39:99:3c:06:
         63:a7:53:49:34:31:5f:79:be:08:7a:aa:74:62:fd:93:af:6e:
         af:74:9a:8a:ec:42:9a:03:e9:10:79:e7:3a:fe:01:ab:36:e9:
         76:19:0d:a8:42:27:c0:98:a0:0b:6c:de:84:60:13:eb:08:0f:
         6d:b4:ac:54:61:12:2f:c3:98:0b:6c:5f:98:65:13:9a:3d:c4:
         08:fa:f9:c7:73:61:c8:46:9c:53:0e:19:f9:96:9e:3f:7d:a8:
         b8:1b:92:e5:d1:01:dc:a3:38:7f:9e:1e:fc:c5:23:69:f1:8e:
         45:e1:a6:83:43:fd:f9:32:49:b7:3a:1c:be:e7:f1:d8:08:2b:
         41:6c:64:06:9a:fc:39:e5:f9:1e:f8:55:4f:f0:1a:4b:4f:a8:
         5f:a4:35:f0:21:fc:dd:d0:1d:b0:b1:a6:be:af:57:1a:60:7d:
         7f:45:e0:7f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUCjUOfXjBrIUxVjZ2EV4zXE1pL+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTA3MzExMTM1MjdaFw0yNjA3MzAxMTQwMjdaMDMxMTAvBgNV
BAMTKDU1MTU1RDdFNjg3OUVFRTgyQjgzQUY3OTY1RkE5RUE0Q0I3MTExOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+6RZDoxMw6OIqxwcAxcmmB+Iu
HURxviIOf1S80YnhZ3DuSvvJn1zv/TnS6YfzsESEKXnGo5kOY8DyT6vsoizQeh9n
oXlEDjwRwYHtOjHTcuEbuN2cqoxDOkJHYroaEB8hdFwfskU5SqwF+Mou0I2FvlzP
gpaRTMelbjFJa5vJXU7UnWNOo3woiL7pVfusrCYsvR2Hm7XsUaPNghny9alow48o
yXHn8TQpvgMd/JN+0k+2iyp6g6JGMtqVdx4tKWf0rrL5TlWh4QV881Rtxnwqgmge
TrfiCRQ5gaMv9D/QQaYovQ7pSCH5Mb5070TRYiodY4+jQ+EKePPPaGY9bOIzAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUVRVdfmh57ugrg695ZfqepMtxEZgwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMDJlMzIzMDMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDJMA0G
CSqGSIb3DQEBCwUAA4IBAQB7OcUOi+XTWAbjXBEGtk1VSMGwbbBcOOZNRDfaCyaN
IFQfMCUhRPfWNkvwH4cnPJUq0NYWegGbscwxfXQ+OZ1fHxVp1ePmFUwH4r7TyrhX
ajH37hAnqDmZPAZjp1NJNDFfeb4Ieqp0Yv2Tr26vdJqK7EKaA+kQeec6/gGrNul2
GQ2oQifAmKALbN6EYBPrCA9ttKxUYRIvw5gLbF+YZROaPcQI+vnHc2HIRpxTDhn5
lp4/fai4G5Ll0QHcozh/nh78xSNp8Y5F4aaDQ/35Mkm3Ohy+5/HYCCtBbGQGmvw5
5fke+FVP8BpLT6hfpDXwIfzd0B2wsaa+r1caYH1/ReB/
-----END CERTIFICATE-----