Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32342d3234203d3e20383334.roa
File:                     3139342e3139352e39342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          8NTYqIgoAds+PSuH0j3+eNT0CbRbpXbCztj7yI25gYI=
Subject key identifier:   20:12:BC:B1:E4:65:96:26:0A:8A:54:06:F0:99:E9:44:F2:6F:E8:A0
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       48CF7AB2ECC806DBD025CF1546D1BA90EC2EFB7C
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32342d3234203d3e20383334.roa
Signing time:             Tue 04 Nov 2025 17:08:02 +0000
ROA not before:           Tue 04 Nov 2025 17:03:02 +0000
ROA not after:            Tue 03 Nov 2026 17:08:02 +0000
asID:                     834
IP address blocks:        194.195.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 04:38:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:cf:7a:b2:ec:c8:06:db:d0:25:cf:15:46:d1:ba:90:ec:2e:fb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Nov  4 17:03:02 2025 GMT
            Not After : Nov  3 17:08:02 2026 GMT
        Subject: CN=2012BCB1E46596260A8A5406F099E944F26FE8A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:38:c9:d9:dd:17:30:98:59:b4:8b:99:a1:11:
                    64:59:e5:20:87:b4:42:c0:83:e5:34:c0:c0:de:23:
                    de:52:47:dc:59:6b:f4:22:db:e7:f0:3e:0a:42:4b:
                    89:f1:9f:d9:37:54:bf:17:91:43:a2:e2:9c:cc:5a:
                    d9:01:91:d8:e2:5a:92:cb:80:af:94:b9:67:a1:3c:
                    21:b7:4c:90:7c:b1:69:d6:ed:3b:74:bf:a3:36:0a:
                    12:ef:95:ee:e8:22:73:61:81:01:d4:5c:20:24:28:
                    3c:68:95:59:74:d6:2b:11:b5:04:52:19:3a:1b:f8:
                    80:31:2f:33:77:3d:9e:63:63:6d:b8:31:10:60:96:
                    47:2f:44:98:11:07:8e:56:09:82:f3:7e:83:aa:35:
                    10:ee:b8:f0:10:f0:fd:8a:8f:2b:51:e5:3f:7e:86:
                    55:a6:f6:8a:cb:e6:bc:51:1a:f4:96:75:65:81:7a:
                    3e:97:db:3b:e8:ee:1a:39:f5:e0:ef:c7:ef:83:9d:
                    14:bb:01:d1:e8:8a:26:15:d8:bc:ce:ae:aa:22:86:
                    17:ee:d9:3a:fd:29:8c:18:95:66:12:e1:f4:56:65:
                    31:e0:96:78:96:a9:9f:d4:59:f1:0f:07:7d:bf:a4:
                    5d:15:4d:6e:47:a8:8b:27:d1:55:90:cf:3d:d8:a5:
                    34:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:12:BC:B1:E4:65:96:26:0A:8A:54:06:F0:99:E9:44:F2:6F:E8:A0
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139342e3139352e39342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:06:7e:4f:54:f4:a1:3a:59:8a:1b:5b:0e:92:8c:f2:ba:66:
         1d:13:19:eb:82:5f:5a:dc:36:c9:a3:76:3c:a3:50:33:26:b2:
         26:37:f2:43:19:a0:c7:7e:c6:ee:5b:5e:fb:c7:86:15:77:75:
         55:7a:49:83:33:3d:d0:f5:2b:66:e2:56:59:0b:e2:be:75:ae:
         5d:26:fd:cc:00:76:34:a5:d8:b7:72:c6:a8:64:64:32:7a:5c:
         b8:77:33:40:27:5b:0c:dd:42:83:9d:8e:88:ae:89:1c:bf:81:
         9b:cf:ed:f5:ed:10:ac:42:e9:54:ba:81:10:40:eb:95:2e:53:
         7c:36:ec:13:fa:e6:4f:a6:01:84:10:37:7b:de:ca:72:e9:0c:
         5d:08:4d:14:db:a9:1b:d0:72:d0:2f:cf:26:d6:69:0b:e2:cd:
         70:cc:77:8b:8f:bd:7f:eb:06:33:33:f5:25:7a:2e:d4:63:64:
         d1:46:56:d6:74:22:de:33:0e:48:4b:3c:90:74:54:ac:36:7d:
         c7:24:19:31:70:93:94:ea:d9:70:86:4f:e5:ab:f0:6f:21:22:
         a4:9b:da:ad:5c:e4:95:af:58:0b:82:70:2f:f1:2c:8b:c2:d3:
         47:c3:13:0a:50:7e:20:fb:ba:44:fd:4a:f7:d6:78:5f:49:40:
         c2:ed:ff:52
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUSM96suzIBtvQJc8VRtG6kOwu+3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTExMDQxNzAzMDJaFw0yNjExMDMxNzA4MDJaMDMxMTAvBgNV
BAMTKDIwMTJCQ0IxRTQ2NTk2MjYwQThBNTQwNkYwOTlFOTQ0RjI2RkU4QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtOMnZ3RcwmFm0i5mhEWRZ5SCH
tELAg+U0wMDeI95SR9xZa/Qi2+fwPgpCS4nxn9k3VL8XkUOi4pzMWtkBkdjiWpLL
gK+UuWehPCG3TJB8sWnW7Tt0v6M2ChLvle7oInNhgQHUXCAkKDxolVl01isRtQRS
GTob+IAxLzN3PZ5jY224MRBglkcvRJgRB45WCYLzfoOqNRDuuPAQ8P2KjytR5T9+
hlWm9orL5rxRGvSWdWWBej6X2zvo7ho59eDvx++DnRS7AdHoiiYV2LzOrqoihhfu
2Tr9KYwYlWYS4fRWZTHglniWqZ/UWfEPB32/pF0VTW5HqIsn0VWQzz3YpTRlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUIBK8seRlliYKilQG8JnpRPJv6KAwHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTM0MmUzMTM5MzUyZTM5
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCw14w
DQYJKoZIhvcNAQELBQADggEBAEgGfk9U9KE6WYobWw6SjPK6Zh0TGeuCX1rcNsmj
djyjUDMmsiY38kMZoMd+xu5bXvvHhhV3dVV6SYMzPdD1K2biVlkL4r51rl0m/cwA
djSl2LdyxqhkZDJ6XLh3M0AnWwzdQoOdjoiuiRy/gZvP7fXtEKxC6VS6gRBA65Uu
U3w27BP65k+mAYQQN3veynLpDF0ITRTbqRvQctAvzybWaQvizXDMd4uPvX/rBjMz
9SV6LtRjZNFGVtZ0It4zDkhLPJB0VKw2fcckGTFwk5Tq2XCGT+Wr8G8hIqSb2q1c
5JWvWAuCcC/xLIvC00fDEwpQfiD7ukT9SvfWeF9JQMLt/1I=
-----END CERTIFICATE-----