Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/3139332e32352e3137312e302f32342d3234203d3e2032393134.roa
File:                     3139332e32352e3137312e302f32342d3234203d3e2032393134.roa (raw, json)
Hash identifier:          arWXT2PubGe9M8bDcOmGqKzDFtv/A2/+wj2Z/kqOP7w=
Subject key identifier:   B9:DB:F6:35:00:F5:AE:1C:04:E8:C5:3D:81:1F:86:9D:8D:82:FA:24
Certificate issuer:       /CN=199cdd14c27fbf6b005a0ada004d53cbcb9667ff
Certificate serial:       459954103E5B79A6FA4C42C393FF7FDFC472492A
Authority key identifier: 19:9C:DD:14:C2:7F:BF:6B:00:5A:0A:DA:00:4D:53:CB:CB:96:67:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/3139332e32352e3137312e302f32342d3234203d3e2032393134.roa
Signing time:             Tue 31 Mar 2026 07:39:19 +0000
ROA not before:           Tue 31 Mar 2026 07:34:19 +0000
ROA not after:            Tue 30 Mar 2027 07:39:19 +0000
asID:                     2914
IP address blocks:        193.25.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 09:49:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:99:54:10:3e:5b:79:a6:fa:4c:42:c3:93:ff:7f:df:c4:72:49:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=199cdd14c27fbf6b005a0ada004d53cbcb9667ff
        Validity
            Not Before: Mar 31 07:34:19 2026 GMT
            Not After : Mar 30 07:39:19 2027 GMT
        Subject: CN=B9DBF63500F5AE1C04E8C53D811F869D8D82FA24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:24:e9:ee:44:fd:96:20:64:e2:fa:e7:db:ff:
                    cf:f2:6b:24:b2:04:35:ce:d6:5a:f5:18:20:37:0b:
                    a8:53:d7:d3:7a:3d:3c:a9:1a:a9:4e:b3:f8:a4:72:
                    77:6f:8e:7a:d6:78:d9:b0:0a:24:81:33:b6:c4:84:
                    83:03:60:b4:28:74:5a:d8:ee:ce:d3:31:d9:c9:21:
                    28:31:78:ab:7a:fe:b3:51:de:df:52:87:7b:7b:4d:
                    8a:e6:7f:b4:0b:ed:bf:51:c6:c5:a9:fb:b9:29:0e:
                    7a:86:db:1f:de:85:39:02:ca:e8:63:ac:64:22:9c:
                    aa:0d:99:a4:71:9d:76:cd:98:c6:cb:a6:70:05:b0:
                    14:c9:47:f0:a6:fb:63:36:ec:98:bb:74:7d:91:23:
                    f5:5a:02:f0:19:21:44:4a:41:0b:d2:1c:2b:d4:19:
                    5d:10:af:bb:bc:c7:8f:92:08:27:10:88:c8:8f:8e:
                    d9:7a:f1:e7:0b:35:31:7e:ed:b9:44:e2:7c:d7:bc:
                    46:85:f8:ec:75:69:c0:6e:4d:ed:42:f3:77:7d:73:
                    d0:a7:bd:bd:0b:c6:c4:2c:4d:dc:b7:88:bb:ee:53:
                    e7:70:d5:e2:b0:80:a4:29:9a:d9:d8:56:3f:30:02:
                    f1:c6:86:ea:69:fa:35:da:70:c8:32:64:0b:c1:8c:
                    76:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:DB:F6:35:00:F5:AE:1C:04:E8:C5:3D:81:1F:86:9D:8D:82:FA:24
            X509v3 Authority Key Identifier:
                keyid:19:9C:DD:14:C2:7F:BF:6B:00:5A:0A:DA:00:4D:53:CB:CB:96:67:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/199CDD14C27FBF6B005A0ADA004D53CBCB9667FF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GZzdFMJ_v2sAWgraAE1Ty8uWZ_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c2023c53-184b-484b-b676-598f64d88f22/0/3139332e32352e3137312e302f32342d3234203d3e2032393134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:4e:f6:15:39:38:99:84:1e:d0:3a:16:4f:03:a1:6b:f4:2e:
         18:34:a0:73:33:d1:40:ac:16:b9:08:3a:33:ec:66:62:d9:c2:
         46:e2:d9:04:f6:57:2f:89:79:90:91:34:5b:a1:75:cc:64:e9:
         51:6f:b3:61:62:e8:d2:c2:97:6b:12:e2:a9:d1:aa:a0:30:38:
         b7:eb:42:c4:1f:af:16:b1:79:46:63:3b:3f:63:b5:61:fb:57:
         b8:22:3b:12:ad:0c:6d:ef:b3:a9:29:db:aa:46:5b:f2:a9:d3:
         a4:dc:94:0c:53:07:a3:05:90:ec:62:77:14:09:22:1d:71:ef:
         8e:5c:61:05:28:38:69:d6:c6:97:86:ce:d4:d9:73:3c:b6:51:
         1c:85:01:ab:5e:cf:4b:81:47:61:65:f4:d4:67:de:81:8e:6c:
         22:2e:f7:2f:15:6b:8a:43:3e:aa:71:50:bd:59:0e:6c:0e:58:
         de:ae:c6:e9:49:76:a6:a8:cf:c9:9a:27:57:72:f7:a2:e4:90:
         50:17:f3:51:65:f9:ef:da:98:56:b9:8d:52:67:21:c5:eb:7d:
         e5:13:9c:12:e0:de:f6:b0:c1:a4:09:12:eb:ed:b1:fc:e5:b0:
         60:e6:7a:a7:af:3e:10:16:8f:39:13:54:a9:bc:46:41:0e:ea:
         23:12:86:b7
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURZlUED5beab6TELDk/9/38RySSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTk5Y2RkMTRjMjdmYmY2YjAwNWEwYWRhMDA0ZDUzY2Jj
Yjk2NjdmZjAeFw0yNjAzMzEwNzM0MTlaFw0yNzAzMzAwNzM5MTlaMDMxMTAvBgNV
BAMTKEI5REJGNjM1MDBGNUFFMUMwNEU4QzUzRDgxMUY4NjlEOEQ4MkZBMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVJOnuRP2WIGTi+ufb/8/yaySy
BDXO1lr1GCA3C6hT19N6PTypGqlOs/ikcndvjnrWeNmwCiSBM7bEhIMDYLQodFrY
7s7TMdnJISgxeKt6/rNR3t9Sh3t7TYrmf7QL7b9RxsWp+7kpDnqG2x/ehTkCyuhj
rGQinKoNmaRxnXbNmMbLpnAFsBTJR/Cm+2M27Ji7dH2RI/VaAvAZIURKQQvSHCvU
GV0Qr7u8x4+SCCcQiMiPjtl68ecLNTF+7blE4nzXvEaF+Ox1acBuTe1C83d9c9Cn
vb0LxsQsTdy3iLvuU+dw1eKwgKQpmtnYVj8wAvHGhupp+jXacMgyZAvBjHYRAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUudv2NQD1rhwE6MU9gR+GnY2C+iQwHwYDVR0j
BBgwFoAUGZzdFMJ/v2sAWgraAE1Ty8uWZ/8wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzIwMjNjNTMtMTg0Yi00ODRiLWI2NzYtNTk4ZjY0ZDg4
ZjIyLzAvMTk5Q0REMTRDMjdGQkY2QjAwNUEwQURBMDA0RDUzQ0JDQjk2NjdGRi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0daemRGTUpfdjJzQVdncmFBRTFUeTh1
V1pfOC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzIwMjNjNTMt
MTg0Yi00ODRiLWI2NzYtNTk4ZjY0ZDg4ZjIyLzAvMzEzOTMzMmUzMjM1MmUzMTM3
MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM5MzEzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEZ
qzANBgkqhkiG9w0BAQsFAAOCAQEAdE72FTk4mYQe0DoWTwOha/QuGDSgczPRQKwW
uQg6M+xmYtnCRuLZBPZXL4l5kJE0W6F1zGTpUW+zYWLo0sKXaxLiqdGqoDA4t+tC
xB+vFrF5RmM7P2O1YftXuCI7Eq0Mbe+zqSnbqkZb8qnTpNyUDFMHowWQ7GJ3FAki
HXHvjlxhBSg4adbGl4bO1NlzPLZRHIUBq17PS4FHYWX01GfegY5sIi73LxVrikM+
qnFQvVkObA5Y3q7G6Ul2pqjPyZonV3L3ouSQUBfzUWX579qYVrmNUmchxet95ROc
EuDe9rDBpAkS6+2x/OWwYOZ6p68+EBaPORNUqbxGQQ7qIxKGtw==
-----END CERTIFICATE-----