Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa
File:                     3139332e34332e37312e302f32342d3332203d3e203536383736.roa (raw, json)
Hash identifier:          NeZ8icdf4yJt4Cla5YTUa1/0HeslbAxk7l6WIknSLlA=
Subject key identifier:   34:E0:E4:60:51:3E:70:C1:79:F0:C1:75:22:6F:3D:9D:A5:48:FE:24
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       6FB5F63186823AE27803911DF4F9C27160DE016F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa
Signing time:             Mon 29 Dec 2025 09:50:24 +0000
ROA not before:           Mon 29 Dec 2025 09:45:24 +0000
ROA not after:            Mon 28 Dec 2026 09:50:24 +0000
asID:                     56876
IP address blocks:        193.43.71.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:b5:f6:31:86:82:3a:e2:78:03:91:1d:f4:f9:c2:71:60:de:01:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Dec 29 09:45:24 2025 GMT
            Not After : Dec 28 09:50:24 2026 GMT
        Subject: CN=34E0E460513E70C179F0C175226F3D9DA548FE24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ee:ea:57:34:a9:4d:0f:a0:77:69:58:16:51:
                    32:ac:3b:c4:2b:c2:c2:9d:ff:98:e1:48:c0:b4:ad:
                    27:8f:e0:23:55:43:a4:aa:4b:9c:ff:88:cc:95:6c:
                    86:d3:a2:6f:6b:2b:14:1c:f6:e5:4d:84:44:62:4d:
                    f7:53:eb:06:9a:cb:67:bd:c3:0b:93:86:3e:7c:45:
                    2c:18:a1:8c:cf:06:d3:62:a8:ea:8d:1f:6b:d3:56:
                    69:c0:fc:4a:ff:6e:07:a6:30:08:3f:d5:f0:47:07:
                    52:18:81:3b:06:88:fd:8e:b7:29:a6:77:58:b7:1e:
                    ca:b1:56:0a:ab:40:4f:c9:61:cf:09:8d:07:e9:ba:
                    ae:1e:8b:a4:c0:63:9c:77:ad:8d:18:80:57:9a:c9:
                    d2:8e:11:2c:b1:26:12:94:c8:cc:dc:ff:59:b2:af:
                    c5:5f:9f:74:fb:f9:ae:31:38:a9:62:bc:58:e2:72:
                    1c:5f:fa:36:49:97:34:a0:e5:3c:c6:19:2a:1b:91:
                    f0:10:eb:ae:3c:57:dc:8c:09:ac:1e:34:b9:c3:f3:
                    c1:69:8f:d0:ca:f6:62:74:bb:99:57:8e:db:5c:5b:
                    d3:21:54:71:6d:85:55:d1:88:40:31:e4:f2:06:36:
                    ec:a7:7e:cc:6c:8e:d7:14:00:ef:28:e3:75:7e:90:
                    ac:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E0:E4:60:51:3E:70:C1:79:F0:C1:75:22:6F:3D:9D:A5:48:FE:24
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3139332e34332e37312e302f32342d3332203d3e203536383736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:99:48:34:a2:3c:f4:6c:f6:3b:e0:fb:88:9a:11:6e:96:b3:
         ff:85:79:a1:10:57:1a:4f:76:e7:5d:0e:f2:a5:86:38:03:d2:
         57:20:30:62:4c:db:7a:c4:81:43:aa:9e:e3:5a:16:0d:ef:1a:
         a8:d0:32:92:8e:3a:b5:23:d0:2f:ca:d8:e8:9b:8b:1f:f9:6d:
         c6:37:d8:bc:34:ff:96:34:04:2c:d4:07:be:cb:0c:7c:45:89:
         fd:4e:2c:37:dd:39:94:7c:e1:ac:19:03:31:15:a4:4e:00:f5:
         8c:5b:ef:60:e2:bf:1f:9c:c4:55:fb:04:6d:58:0a:8e:f9:13:
         35:8a:b0:cf:95:d4:a9:7c:65:ac:04:9e:23:3b:d6:36:f4:00:
         3c:a4:bf:fc:ab:7a:21:62:70:46:1c:b6:3b:7f:4c:60:50:50:
         73:6a:38:08:4b:ac:3b:54:19:13:b9:1e:e6:4b:4a:5e:cc:22:
         a5:79:ce:d7:46:fa:ae:37:11:b4:a0:c9:1e:d8:07:2b:7a:93:
         1f:ea:2f:57:aa:90:6b:09:c4:df:cc:2f:23:e3:87:90:c2:cd:
         38:8d:b3:52:1f:9d:e2:76:7c:8a:98:29:f5:ea:6a:c7:64:e6:
         b0:40:73:8a:46:fe:66:1b:a5:55:21:e6:19:47:26:d8:ba:32:
         c7:13:d5:98
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb7X2MYaCOuJ4A5Ed9PnCcWDeAW8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEyMjkwOTQ1MjRaFw0yNjEyMjgwOTUwMjRaMDMxMTAvBgNV
BAMTKDM0RTBFNDYwNTEzRTcwQzE3OUYwQzE3NTIyNkYzRDlEQTU0OEZFMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu7upXNKlND6B3aVgWUTKsO8Qr
wsKd/5jhSMC0rSeP4CNVQ6SqS5z/iMyVbIbTom9rKxQc9uVNhERiTfdT6waay2e9
wwuThj58RSwYoYzPBtNiqOqNH2vTVmnA/Er/bgemMAg/1fBHB1IYgTsGiP2Otymm
d1i3HsqxVgqrQE/JYc8JjQfpuq4ei6TAY5x3rY0YgFeaydKOESyxJhKUyMzc/1my
r8Vfn3T7+a4xOKlivFjichxf+jZJlzSg5TzGGSobkfAQ6648V9yMCaweNLnD88Fp
j9DK9mJ0u5lXjttcW9MhVHFthVXRiEAx5PIGNuynfsxsjtcUAO8o43V+kKwtAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUNODkYFE+cMF58MF1Im89naVI/iQwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzOTMzMmUzNDMzMmUzNzMx
MmUzMDJmMzIzNDJkMzMzMjIwM2QzZTIwMzUzNjM4MzczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEr
RzANBgkqhkiG9w0BAQsFAAOCAQEAV5lINKI89Gz2O+D7iJoRbpaz/4V5oRBXGk92
510O8qWGOAPSVyAwYkzbesSBQ6qe41oWDe8aqNAyko46tSPQL8rY6JuLH/ltxjfY
vDT/ljQELNQHvssMfEWJ/U4sN905lHzhrBkDMRWkTgD1jFvvYOK/H5zEVfsEbVgK
jvkTNYqwz5XUqXxlrASeIzvWNvQAPKS//Kt6IWJwRhy2O39MYFBQc2o4CEusO1QZ
E7ke5ktKXswipXnO10b6rjcRtKDJHtgHK3qTH+ovV6qQawnE38wvI+OHkMLNOI2z
Uh+d4nZ8ipgp9epqx2TmsEBzikb+ZhulVSHmGUcm2LoyxxPVmA==
-----END CERTIFICATE-----