Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132332e302f32342d3234203d3e20383334.roa
File:                     3231332e3135372e3132332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          AFtivI61gfbdC46y0xOZPBtrdddcwvL1pKOVKApf6R4=
Subject key identifier:   C1:42:70:46:C2:24:BC:D5:4D:BA:5C:7A:9D:89:6F:53:1B:24:0A:BE
Certificate issuer:       /CN=8184669b0189b7fabe05e700325a0d74957beb27
Certificate serial:       2C0F487306A67D8A787F5D6162CD663EF0C0E212
Authority key identifier: 81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132332e302f32342d3234203d3e20383334.roa
Signing time:             Fri 11 Jul 2025 00:04:14 +0000
ROA not before:           Thu 10 Jul 2025 23:59:14 +0000
ROA not after:            Fri 10 Jul 2026 00:04:14 +0000
asID:                     834
IP address blocks:        213.157.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:0f:48:73:06:a6:7d:8a:78:7f:5d:61:62:cd:66:3e:f0:c0:e2:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8184669b0189b7fabe05e700325a0d74957beb27
        Validity
            Not Before: Jul 10 23:59:14 2025 GMT
            Not After : Jul 10 00:04:14 2026 GMT
        Subject: CN=C1427046C224BCD54DBA5C7A9D896F531B240ABE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:24:7f:0c:2d:fa:24:a9:77:86:4e:92:04:4d:
                    33:ed:6e:ae:3a:00:e6:e8:2d:fc:31:18:38:5c:e6:
                    86:f6:9f:97:21:1b:3f:38:9e:fa:94:18:b6:45:05:
                    d2:60:71:81:23:ea:e7:21:29:60:6d:1c:0f:79:ef:
                    f0:8e:00:e5:17:bd:99:a8:63:19:8d:ba:a1:60:fd:
                    57:7a:7d:61:59:46:9e:be:5a:33:d7:1a:0c:97:a2:
                    4e:86:ca:33:9d:22:15:fb:dd:eb:cd:73:3e:8d:c7:
                    19:82:e6:0a:71:9c:aa:b3:e3:b2:47:2d:28:e9:b0:
                    a3:fd:cd:29:1f:31:0b:25:5f:17:22:c7:44:e6:29:
                    14:38:fa:8c:a3:28:56:26:9b:22:88:42:1a:f7:c9:
                    64:b3:63:9b:9a:e5:e7:13:21:ee:9d:9f:12:e8:5d:
                    08:21:ae:fb:62:67:f6:4f:35:5a:34:6e:b7:4f:80:
                    7b:a5:dc:ac:22:d0:d9:20:d4:9a:07:94:b3:55:d3:
                    9f:ad:a3:f9:f1:2a:df:d6:14:bd:92:60:b5:3b:01:
                    28:d5:df:f4:65:93:ec:5a:1e:f0:c3:6a:75:15:99:
                    02:94:f4:89:f5:f6:de:2f:3b:34:50:87:ae:5d:9f:
                    f9:75:83:f7:66:7c:6f:3e:52:42:c5:5e:98:91:a7:
                    4d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:42:70:46:C2:24:BC:D5:4D:BA:5C:7A:9D:89:6F:53:1B:24:0A:BE
            X509v3 Authority Key Identifier:
                keyid:81:84:66:9B:01:89:B7:FA:BE:05:E7:00:32:5A:0D:74:95:7B:EB:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/8184669B0189B7FABE05E700325A0D74957BEB27.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gYRmmwGJt_q-BecAMloNdJV76yc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a431e42e-0d7f-44d0-813f-b5e3a2abbe25/0/3231332e3135372e3132332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.157.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e5:36:f9:19:c0:b8:5c:cb:3e:b5:0c:31:fa:c2:cd:c3:f3:
         2f:6a:0e:fa:f3:61:6a:4d:3c:bd:a3:7d:1f:57:7d:66:f8:2c:
         69:1f:28:ea:68:ea:3b:94:4d:07:5d:f1:fd:89:cc:c1:27:e9:
         08:e0:5a:18:c2:ea:36:d0:c2:e0:60:55:0e:75:0b:ea:96:35:
         8d:52:15:69:c0:2a:1a:0f:b8:a8:2a:b5:8b:74:37:fb:ba:c3:
         ef:f4:29:f4:c5:de:30:fb:60:96:12:00:49:5a:f7:b4:5c:1f:
         20:08:c5:d3:8d:10:b9:d9:dc:c5:fe:2d:fe:cf:85:9f:b1:5c:
         e8:4e:87:4c:c1:8a:5d:26:f6:4a:fa:96:38:a9:bb:50:a8:04:
         43:ab:9d:24:38:21:99:dc:25:3e:cf:6d:f1:3b:fd:bf:11:69:
         cc:0e:32:ea:fe:2d:75:77:32:fc:d9:b9:a6:74:43:0d:5b:30:
         ed:50:e9:65:3a:3c:d0:71:2d:c5:0c:dc:4c:57:b4:b4:fe:df:
         6c:84:b6:fe:dd:75:a8:94:91:43:cc:51:cb:a7:eb:98:0e:64:
         64:75:81:57:cb:d9:ee:00:07:a2:9b:9a:49:c6:ce:a4:35:1c:
         b6:d7:85:95:0c:aa:8f:26:7a:3e:2b:17:79:a7:3c:5f:02:64:
         0f:eb:3f:fe
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIULA9IcwamfYp4f11hYs1mPvDA4hIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODE4NDY2OWIwMTg5YjdmYWJlMDVlNzAwMzI1YTBkNzQ5
NTdiZWIyNzAeFw0yNTA3MTAyMzU5MTRaFw0yNjA3MTAwMDA0MTRaMDMxMTAvBgNV
BAMTKEMxNDI3MDQ2QzIyNEJDRDU0REJBNUM3QTlEODk2RjUzMUIyNDBBQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdJH8MLfokqXeGTpIETTPtbq46
AOboLfwxGDhc5ob2n5chGz84nvqUGLZFBdJgcYEj6uchKWBtHA957/COAOUXvZmo
YxmNuqFg/Vd6fWFZRp6+WjPXGgyXok6GyjOdIhX73evNcz6NxxmC5gpxnKqz47JH
LSjpsKP9zSkfMQslXxcix0TmKRQ4+oyjKFYmmyKIQhr3yWSzY5ua5ecTIe6dnxLo
XQghrvtiZ/ZPNVo0brdPgHul3Kwi0Nkg1JoHlLNV05+to/nxKt/WFL2SYLU7ASjV
3/Rlk+xaHvDDanUVmQKU9In19t4vOzRQh65dn/l1g/dmfG8+UkLFXpiRp01bAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwUJwRsIkvNVNulx6nYlvUxskCr4wHwYDVR0j
BBgwFoAUgYRmmwGJt/q+BecAMloNdJV76ycwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUtMGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJi
ZTI1LzAvODE4NDY2OUIwMTg5QjdGQUJFMDVFNzAwMzI1QTBENzQ5NTdCRUIyNy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2dZUm1td0dKdF9xLUJlY0FNbG9OZEpW
NzZ5Yy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTQzMWU0MmUt
MGQ3Zi00NGQwLTgxM2YtYjVlM2EyYWJiZTI1LzAvMzIzMTMzMmUzMTM1MzcyZTMx
MzIzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWd
ezANBgkqhkiG9w0BAQsFAAOCAQEAOOU2+RnAuFzLPrUMMfrCzcPzL2oO+vNhak08
vaN9H1d9ZvgsaR8o6mjqO5RNB13x/YnMwSfpCOBaGMLqNtDC4GBVDnUL6pY1jVIV
acAqGg+4qCq1i3Q3+7rD7/Qp9MXeMPtglhIASVr3tFwfIAjF040Qudncxf4t/s+F
n7Fc6E6HTMGKXSb2SvqWOKm7UKgEQ6udJDghmdwlPs9t8Tv9vxFpzA4y6v4tdXcy
/Nm5pnRDDVsw7VDpZTo80HEtxQzcTFe0tP7fbIS2/t11qJSRQ8xRy6frmA5kZHWB
V8vZ7gAHopuaScbOpDUctteFlQyqjyZ6PisXeac8XwJkD+s//g==
-----END CERTIFICATE-----