Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33372e3233392e302f32342d3234203d3e2039333034.roa
File:                     3139332e33372e3233392e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          9pzFK4qO3nRFBDhlRWGrr4JBs8eFZMDxLV/JjUojquA=
Subject key identifier:   9A:A7:C5:B8:26:F6:11:B7:DE:D4:65:35:A7:8C:0C:15:5A:9F:8B:CD
Certificate issuer:       /CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
Certificate serial:       5E2FE6983EB5E0AC69318C132FD9FE7F93AE3905
Authority key identifier: 70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33372e3233392e302f32342d3234203d3e2039333034.roa
Signing time:             Thu 03 Jul 2025 13:58:31 +0000
ROA not before:           Thu 03 Jul 2025 13:53:31 +0000
ROA not after:            Thu 02 Jul 2026 13:58:31 +0000
asID:                     9304
IP address blocks:        193.37.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 06:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:2f:e6:98:3e:b5:e0:ac:69:31:8c:13:2f:d9:fe:7f:93:ae:39:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbd7a9817e470009c0f40ea1e370aa79b5fd91
        Validity
            Not Before: Jul  3 13:53:31 2025 GMT
            Not After : Jul  2 13:58:31 2026 GMT
        Subject: CN=9AA7C5B826F611B7DED46535A78C0C155A9F8BCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3c:93:01:8b:28:4b:95:bb:c3:63:ba:2e:fd:
                    f0:3f:cb:27:30:4f:5f:47:74:90:f7:83:76:47:c4:
                    10:9f:bf:b4:d7:fe:c1:a3:2f:50:be:4e:f7:2a:5d:
                    92:b0:99:5a:d9:9f:96:39:b4:82:e6:d1:f5:88:0a:
                    ab:9a:f8:40:4e:f1:65:5f:3e:fc:fa:ee:8c:67:49:
                    3e:f0:ec:93:02:93:f4:79:1e:52:bd:72:7e:83:cc:
                    c6:04:2e:6b:55:5c:bb:5a:25:a6:98:75:02:8f:41:
                    e9:de:ed:fe:24:e8:1f:9a:8f:6b:55:6b:40:d5:55:
                    57:6e:76:4c:89:23:90:0c:e2:64:2b:e3:01:1f:3e:
                    65:1a:ab:d2:1c:d5:67:90:d7:47:4d:5b:48:02:b4:
                    7d:37:a7:dd:46:0e:12:c0:01:ff:49:8e:79:f9:3e:
                    72:81:e8:de:5d:0d:0e:02:3d:97:c2:3a:46:7c:66:
                    f8:47:1e:17:c6:0f:00:77:d6:99:40:eb:7c:fc:fb:
                    80:d0:97:45:1a:9f:ee:47:b1:b5:19:ed:c7:0c:a6:
                    b8:19:bb:dc:76:22:6e:18:38:fc:f2:43:80:20:c4:
                    9e:95:fb:f7:01:95:43:2c:35:30:85:e4:95:e0:a9:
                    c8:d8:c1:1f:dd:3a:5c:a6:4e:eb:3f:63:8b:84:4d:
                    8f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A7:C5:B8:26:F6:11:B7:DE:D4:65:35:A7:8C:0C:15:5A:9F:8B:CD
            X509v3 Authority Key Identifier:
                keyid:70:CB:D7:A9:81:7E:47:00:09:C0:F4:0E:A1:E3:70:AA:79:B5:FD:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/70CBD7A9817E470009C0F40EA1E370AA79B5FD91.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvXqYF-RwAJwPQOoeNwqnm1_ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/b7332af0-dd73-4755-9d20-693ea8289f8a/0/3139332e33372e3233392e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:33:a4:dd:c1:93:40:c6:6c:63:f9:e6:a0:99:ea:b2:99:7b:
         49:31:4e:a4:7d:be:bb:76:42:41:6d:e4:6c:39:1d:b2:d3:e4:
         a4:0b:24:9b:e3:72:68:d2:6a:db:eb:9f:6e:c7:6d:81:a6:1a:
         94:c0:1e:c4:29:77:44:33:86:eb:8d:e3:f9:b1:04:47:93:61:
         e0:3d:ce:cd:dd:54:d3:94:90:9a:f6:65:27:52:5b:69:50:31:
         23:20:97:06:ad:5d:38:91:ff:37:96:a5:10:d8:51:65:ab:57:
         1c:f1:9f:43:74:8e:97:98:b6:f9:d4:c4:1a:8a:39:e6:3c:c8:
         3b:0f:b9:0b:b4:be:09:31:8b:f2:21:dd:69:2f:06:57:b3:4a:
         b2:a3:c7:e7:36:19:4c:dc:2d:0c:88:56:bb:61:63:c2:d6:89:
         d4:a8:1e:44:be:68:22:05:e1:b5:2d:82:fc:a3:72:98:76:56:
         76:a4:f0:c0:e0:b7:50:f5:d1:96:83:28:af:de:ca:3a:f8:f9:
         37:c6:6f:32:16:6a:05:cb:28:27:09:54:25:da:58:19:96:59:
         a5:10:42:1a:03:27:8a:44:23:0f:4e:46:3d:46:bd:48:fc:14:
         41:af:db:bd:3e:60:cc:09:b4:62:cf:b0:5c:3a:a1:d5:1c:a1:
         17:1e:ac:d0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUXi/mmD614KxpMYwTL9n+f5OuOQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzBjYmQ3YTk4MTdlNDcwMDA5YzBmNDBlYTFlMzcwYWE3
OWI1ZmQ5MTAeFw0yNTA3MDMxMzUzMzFaFw0yNjA3MDIxMzU4MzFaMDMxMTAvBgNV
BAMTKDlBQTdDNUI4MjZGNjExQjdERUQ0NjUzNUE3OEMwQzE1NUE5RjhCQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1PJMBiyhLlbvDY7ou/fA/yycw
T19HdJD3g3ZHxBCfv7TX/sGjL1C+TvcqXZKwmVrZn5Y5tILm0fWICqua+EBO8WVf
Pvz67oxnST7w7JMCk/R5HlK9cn6DzMYELmtVXLtaJaaYdQKPQene7f4k6B+aj2tV
a0DVVVdudkyJI5AM4mQr4wEfPmUaq9Ic1WeQ10dNW0gCtH03p91GDhLAAf9Jjnn5
PnKB6N5dDQ4CPZfCOkZ8ZvhHHhfGDwB31plA63z8+4DQl0Uan+5HsbUZ7ccMprgZ
u9x2Im4YOPzyQ4AgxJ6V+/cBlUMsNTCF5JXgqcjYwR/dOlymTus/Y4uETY+FAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUmqfFuCb2Ebfe1GU1p4wMFVqfi80wHwYDVR0j
BBgwFoAUcMvXqYF+RwAJwPQOoeNwqnm1/ZEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYjczMzJhZjAtZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5
ZjhhLzAvNzBDQkQ3QTk4MTdFNDcwMDA5QzBGNDBFQTFFMzcwQUE3OUI1RkQ5MS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NNdlhxWUYtUndBSndQUU9vZU53cW5t
MV9aRS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjczMzJhZjAt
ZGQ3My00NzU1LTlkMjAtNjkzZWE4Mjg5ZjhhLzAvMzEzOTMzMmUzMzM3MmUzMjMz
MzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEl
7zANBgkqhkiG9w0BAQsFAAOCAQEAKTOk3cGTQMZsY/nmoJnqspl7STFOpH2+u3ZC
QW3kbDkdstPkpAskm+NyaNJq2+ufbsdtgaYalMAexCl3RDOG643j+bEER5Nh4D3O
zd1U05SQmvZlJ1JbaVAxIyCXBq1dOJH/N5alENhRZatXHPGfQ3SOl5i2+dTEGoo5
5jzIOw+5C7S+CTGL8iHdaS8GV7NKsqPH5zYZTNwtDIhWu2FjwtaJ1KgeRL5oIgXh
tS2C/KNymHZWdqTwwOC3UPXRloMor97KOvj5N8ZvMhZqBcsoJwlUJdpYGZZZpRBC
GgMnikQjD05GPUa9SPwUQa/bvT5gzAm0Ys+wXDqh1RyhFx6s0A==
-----END CERTIFICATE-----