Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235342e302f32342d3234203d3e20313532363732.roa
File:                     3139342e33342e3235342e302f32342d3234203d3e20313532363732.roa (raw, json)
Hash identifier:          hKPfS0qlA4vPTLhw9nwXVGJzFe2/vcx6+01rQ/Eesqo=
Subject key identifier:   28:01:27:D4:34:93:59:39:B3:B5:44:FE:E6:5C:F2:E0:BE:76:19:B0
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       4B49D32838B2360F1596A1FAC33048C0A6226944
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235342e302f32342d3234203d3e20313532363732.roa
Signing time:             Sun 29 Jun 2025 17:18:05 +0000
ROA not before:           Sun 29 Jun 2025 17:13:05 +0000
ROA not after:            Sun 28 Jun 2026 17:18:05 +0000
asID:                     152672
IP address blocks:        194.34.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:14:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:49:d3:28:38:b2:36:0f:15:96:a1:fa:c3:30:48:c0:a6:22:69:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Jun 29 17:13:05 2025 GMT
            Not After : Jun 28 17:18:05 2026 GMT
        Subject: CN=280127D434935939B3B544FEE65CF2E0BE7619B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5d:50:1a:5f:f3:69:12:d9:e3:49:d7:45:f7:
                    e7:9e:f2:56:fd:72:e9:a3:cb:6f:56:a7:c5:21:92:
                    2e:54:16:d7:d6:23:2d:12:35:bf:a8:bb:ed:1b:e6:
                    64:61:04:d0:50:f4:ad:18:a1:b0:da:ea:04:8c:c0:
                    b8:86:64:3e:d9:1f:59:68:46:c6:8f:e7:44:bf:9d:
                    ef:27:20:2e:8a:3f:aa:b4:6a:f0:cc:62:2e:1e:41:
                    c5:1a:61:5b:c8:6a:39:42:51:63:a7:e4:be:ad:5b:
                    eb:69:e6:b0:11:1f:e7:a8:60:82:62:80:bb:ec:fa:
                    4a:b9:13:c8:6b:d0:f9:b3:46:42:bf:3e:d3:bd:ff:
                    08:95:a8:51:1e:6f:6d:7d:fe:c0:a3:92:e6:e4:86:
                    3a:75:94:bf:f0:fd:fb:82:7a:89:cc:76:2a:ca:99:
                    f3:86:12:18:92:54:4e:46:b8:f5:c0:bf:77:38:fc:
                    3f:56:16:4c:ad:6f:21:f5:b6:e8:d2:cf:18:0c:24:
                    8e:5a:5c:3e:9a:3b:19:c5:fd:1c:09:8c:de:80:b8:
                    85:2e:29:76:88:41:1a:dd:57:ec:3e:15:2d:4b:06:
                    40:9f:ce:98:f9:9d:7c:f7:3b:c1:88:e0:93:dc:2c:
                    57:b3:db:fd:1e:c7:8e:0d:06:1d:ce:00:8c:2b:39:
                    47:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:01:27:D4:34:93:59:39:B3:B5:44:FE:E6:5C:F2:E0:BE:76:19:B0
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235342e302f32342d3234203d3e20313532363732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:8a:3b:31:45:c6:0c:d5:83:52:8c:14:49:ea:5b:f9:ce:5c:
         db:6b:f5:12:8a:d3:40:a3:80:e1:ed:d8:50:bd:05:3a:e4:28:
         3e:87:bc:a4:54:11:08:29:9d:bb:6f:ea:f5:74:f5:7a:d3:b6:
         5a:bf:72:d5:66:3c:9e:13:81:f7:d6:66:d7:f4:67:09:bb:5e:
         8e:5b:2b:0d:ca:19:d5:ab:28:0d:e8:1c:68:d3:d0:cf:8f:46:
         43:61:2a:3e:ba:3f:dc:97:1f:af:c0:fe:dd:b0:1c:5e:07:e3:
         d9:a2:55:bd:75:9f:5d:90:1b:03:15:f1:a4:bc:26:df:be:8e:
         c5:b4:21:3f:09:0b:cb:54:7e:9b:d9:3e:66:2c:5d:93:74:a4:
         0f:b4:ce:d4:fe:a7:b2:2a:02:31:32:de:19:fb:8d:27:59:64:
         d5:ae:11:dc:e9:53:e6:a5:e5:32:b9:f0:c7:95:18:bb:36:78:
         59:9b:ab:57:fa:88:55:67:cf:95:67:8d:86:6e:68:ba:bf:eb:
         ef:72:3c:7c:bc:8f:9a:11:31:90:16:cb:dd:d3:08:15:f0:26:
         66:44:68:0a:b8:6f:cc:03:ca:b6:1f:e7:77:ab:39:9b:cc:78:
         5c:d7:cc:b1:6e:ce:83:ee:58:65:c7:ee:1c:3f:43:5d:d8:c0:
         11:33:b6:0a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIUS0nTKDiyNg8VlqH6wzBIwKYiaUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTA2MjkxNzEzMDVaFw0yNjA2MjgxNzE4MDVaMDMxMTAvBgNV
BAMTKDI4MDEyN0Q0MzQ5MzU5MzlCM0I1NDRGRUU2NUNGMkUwQkU3NjE5QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTXVAaX/NpEtnjSddF9+ee8lb9
cumjy29Wp8Uhki5UFtfWIy0SNb+ou+0b5mRhBNBQ9K0YobDa6gSMwLiGZD7ZH1lo
RsaP50S/ne8nIC6KP6q0avDMYi4eQcUaYVvIajlCUWOn5L6tW+tp5rARH+eoYIJi
gLvs+kq5E8hr0PmzRkK/PtO9/wiVqFEeb219/sCjkubkhjp1lL/w/fuCeonMdirK
mfOGEhiSVE5GuPXAv3c4/D9WFkytbyH1tujSzxgMJI5aXD6aOxnF/RwJjN6AuIUu
KXaIQRrdV+w+FS1LBkCfzpj5nXz3O8GI4JPcLFez2/0ex44NBh3OAIwrOUdVAgMB
AAGjggI/MIICOzAdBgNVHQ4EFgQUKAEn1DSTWTmztUT+5lzy4L52GbAwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwga8GCCsGAQUFBwELBIGiMIGfMIGcBggrBgEFBQcwC4aBj3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM0MmUzMzM0MmUzMjM1
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMTM1MzIzNjM3MzIucm9hMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYD
BADCIv4wDQYJKoZIhvcNAQELBQADggEBAAiKOzFFxgzVg1KMFEnqW/nOXNtr9RKK
00CjgOHt2FC9BTrkKD6HvKRUEQgpnbtv6vV09XrTtlq/ctVmPJ4TgffWZtf0Zwm7
Xo5bKw3KGdWrKA3oHGjT0M+PRkNhKj66P9yXH6/A/t2wHF4H49miVb11n12QGwMV
8aS8Jt++jsW0IT8JC8tUfpvZPmYsXZN0pA+0ztT+p7IqAjEy3hn7jSdZZNWuEdzp
U+al5TK58MeVGLs2eFmbq1f6iFVnz5VnjYZuaLq/6+9yPHy8j5oRMZAWy93TCBXw
JmZEaAq4b8wDyrYf53erOZvMeFzXzLFuzoPuWGXH7hw/Q13YwBEztgo=
-----END CERTIFICATE-----
Generated at Wed Jul 23 01:32:37 2025 by rpki-client