Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3232342e302f31392d3234203d3e2038383230.roa
File:                     3139352e382e3232342e302f31392d3234203d3e2038383230.roa (raw, json)
Hash identifier:          r0LLOR2BwjUMCo0aiucpR2dASa34Jzmxb8PJYyC5tKg=
Subject key identifier:   2C:3B:6F:3E:B7:FC:80:A4:65:1D:01:82:40:50:2B:AE:0A:AD:E5:26
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       2BB285BE3D36AAC4FB7D256412EF9E04779E0C8E
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3232342e302f31392d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:03 +0000
ROA not before:           Thu 04 Sep 2025 10:35:03 +0000
ROA not after:            Thu 03 Sep 2026 10:40:03 +0000
asID:                     8820
IP address blocks:        195.8.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:b2:85:be:3d:36:aa:c4:fb:7d:25:64:12:ef:9e:04:77:9e:0c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:03 2025 GMT
            Not After : Sep  3 10:40:03 2026 GMT
        Subject: CN=2C3B6F3EB7FC80A4651D018240502BAE0AADE526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c6:0e:1d:ca:eb:90:b7:0b:70:6b:41:33:69:
                    0a:b7:bb:72:92:c8:d1:7d:51:c4:87:ca:71:06:e7:
                    e9:95:e3:28:f4:be:9e:71:26:0f:10:b8:ab:7c:97:
                    24:20:c1:5a:42:56:61:5e:ca:ec:04:93:05:0d:ae:
                    4f:db:98:15:30:89:f5:a2:0a:19:83:8e:97:4f:d2:
                    11:90:78:fd:ce:af:f0:af:ed:c2:ed:87:98:09:12:
                    e6:34:13:47:9a:37:25:84:84:fa:cd:84:bc:df:b4:
                    19:85:47:46:d0:ae:93:8c:03:87:7b:a9:95:98:91:
                    41:ed:2f:fd:67:ab:69:c3:ca:ab:e4:9f:ff:55:b4:
                    c4:55:2c:51:1f:d7:cf:e6:a3:63:48:d7:e1:49:96:
                    c8:26:fb:13:81:6b:36:9c:d7:e6:b8:6c:ce:3d:15:
                    f5:37:a1:0d:01:fa:44:2a:69:5c:40:c7:74:33:ba:
                    19:90:d7:6d:60:d0:d6:42:65:ca:57:45:a6:07:31:
                    0a:b2:c5:1e:01:d2:4b:26:08:57:21:e1:78:9a:50:
                    81:9c:19:66:d6:c7:ff:10:57:8f:7d:b0:60:05:d9:
                    ce:1f:be:72:a3:fe:dc:2d:a2:ae:e2:8c:0e:4f:e7:
                    45:80:4a:57:59:75:72:74:91:23:7c:c0:61:18:63:
                    0c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:3B:6F:3E:B7:FC:80:A4:65:1D:01:82:40:50:2B:AE:0A:AD:E5:26
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3232342e302f31392d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         24:81:be:9a:3b:1b:b2:83:46:42:7f:c6:07:e3:2e:c2:f9:a4:
         d3:ba:63:a8:a0:57:6f:7e:5e:af:3f:d8:bb:e3:a0:f4:7b:92:
         9e:f9:95:7d:5a:d4:0a:14:a6:b2:ce:e4:ae:a8:a1:d0:44:7d:
         dc:65:a8:66:cc:e2:74:73:a9:a4:53:0c:53:04:49:fc:ae:7c:
         a0:d0:72:86:11:94:f4:b7:7b:9b:69:91:50:40:37:d5:3f:bd:
         1d:43:8f:82:47:31:1e:6a:4e:33:bb:69:1c:cc:c6:11:0b:1c:
         87:1c:7e:7b:8e:0f:f5:17:8f:59:80:e6:37:20:fb:7f:4e:5a:
         85:f1:22:21:4e:0d:e7:33:5a:e4:8e:91:b7:e8:90:0c:3a:ab:
         b1:9d:00:6c:e1:dd:a6:95:7e:a5:8a:e2:40:e6:36:1c:d0:34:
         cf:81:32:10:55:87:57:91:c2:2d:d8:d9:d7:b3:42:9d:6f:d5:
         ef:a6:d3:a9:fd:d2:74:56:df:56:81:95:06:10:42:e7:9f:02:
         78:83:cd:42:19:06:18:dd:61:5a:55:81:0a:31:48:6c:df:7c:
         e1:3f:1e:96:bb:fb:87:fe:4c:86:ca:79:46:54:fb:8b:e5:e3:
         e7:16:80:49:12:50:79:9a:d2:76:bf:c4:c7:22:86:37:26:2a:
         97:42:dc:bf
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUK7KFvj02qsT7fSVkEu+eBHeeDI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDNaFw0yNjA5MDMxMDQwMDNaMDMxMTAvBgNV
BAMTKDJDM0I2RjNFQjdGQzgwQTQ2NTFEMDE4MjQwNTAyQkFFMEFBREU1MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfxg4dyuuQtwtwa0EzaQq3u3KS
yNF9UcSHynEG5+mV4yj0vp5xJg8QuKt8lyQgwVpCVmFeyuwEkwUNrk/bmBUwifWi
ChmDjpdP0hGQeP3Or/Cv7cLth5gJEuY0E0eaNyWEhPrNhLzftBmFR0bQrpOMA4d7
qZWYkUHtL/1nq2nDyqvkn/9VtMRVLFEf18/mo2NI1+FJlsgm+xOBazac1+a4bM49
FfU3oQ0B+kQqaVxAx3QzuhmQ121g0NZCZcpXRaYHMQqyxR4B0ksmCFch4XiaUIGc
GWbWx/8QV499sGAF2c4fvnKj/twtoq7ijA5P50WASldZdXJ0kSN8wGEYYwy1AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQULDtvPrf8gKRlHQGCQFArrgqt5SYwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzEzOTM1MmUzODJlMzIzMjM0
MmUzMDJmMzEzOTJkMzIzNDIwM2QzZTIwMzgzODMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAXDCOAw
DQYJKoZIhvcNAQELBQADggEBACSBvpo7G7KDRkJ/xgfjLsL5pNO6Y6igV29+Xq8/
2LvjoPR7kp75lX1a1AoUprLO5K6oodBEfdxlqGbM4nRzqaRTDFMESfyufKDQcoYR
lPS3e5tpkVBAN9U/vR1Dj4JHMR5qTjO7aRzMxhELHIccfnuOD/UXj1mA5jcg+39O
WoXxIiFODeczWuSOkbfokAw6q7GdAGzh3aaVfqWK4kDmNhzQNM+BMhBVh1eRwi3Y
2dezQp1v1e+m06n90nRW31aBlQYQQuefAniDzUIZBhjdYVpVgQoxSGzffOE/Hpa7
+4f+TIbKeUZU+4vl4+cWgEkSUHma0na/xMcihjcmKpdC3L8=
-----END CERTIFICATE-----