Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3235332e302f32342d3234203d3e2038383230.roa
File:                     3139352e382e3235332e302f32342d3234203d3e2038383230.roa (raw, json)
Hash identifier:          Zb073YeosD0tenwNP5R2q0/azoS7gCUoj76IX4Y2O84=
Subject key identifier:   3E:20:CC:C1:05:81:EF:04:34:F5:5F:45:15:24:1A:18:4C:91:45:7B
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       1D747E09763E883B7F3F1707B6CD6257DEB783AB
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3235332e302f32342d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:04 +0000
ROA not before:           Thu 04 Sep 2025 10:35:04 +0000
ROA not after:            Thu 03 Sep 2026 10:40:04 +0000
asID:                     8820
IP address blocks:        195.8.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:74:7e:09:76:3e:88:3b:7f:3f:17:07:b6:cd:62:57:de:b7:83:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:04 2025 GMT
            Not After : Sep  3 10:40:04 2026 GMT
        Subject: CN=3E20CCC10581EF0434F55F4515241A184C91457B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:52:d8:6c:af:a7:02:97:44:52:f5:bb:bf:e5:
                    2b:12:0a:1d:0f:5e:4e:93:75:02:55:bb:10:ee:b3:
                    11:7c:f5:0f:b9:10:22:94:a6:c6:5a:fa:19:44:1e:
                    ab:9d:2a:80:f6:7f:35:e2:0e:b3:0e:7d:06:00:3c:
                    cc:27:77:20:2b:f9:82:b8:00:d0:58:40:9e:fa:bd:
                    ec:6e:ec:ec:f6:1b:8b:9c:c4:31:89:e5:ec:4b:57:
                    c7:f0:b4:c5:6d:0f:bd:f7:f1:bc:b0:54:1c:6a:60:
                    86:9a:e5:42:79:16:3c:9a:ef:73:4b:8c:09:a5:39:
                    1a:fc:01:2d:5a:2e:1f:79:8f:e8:1f:4b:cb:35:75:
                    c1:47:02:34:3e:1d:fa:48:4f:c3:c1:c8:ed:88:04:
                    18:08:39:54:af:1c:23:6a:db:79:36:f8:99:db:8a:
                    65:c8:25:07:a5:ce:8f:d0:33:8d:05:7d:38:1e:b5:
                    24:38:c6:70:2f:a8:5e:4b:ee:9c:92:f3:90:b7:21:
                    c3:ff:6a:88:02:73:9c:dc:15:30:da:9a:81:5e:d6:
                    2e:8b:b5:35:2d:ee:66:7a:de:b7:a6:88:d4:5e:3b:
                    a9:44:cf:46:05:49:18:a2:9d:38:db:75:c5:7a:9e:
                    d1:16:ba:7b:de:99:10:45:41:5a:c3:ac:94:e1:8d:
                    7d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:20:CC:C1:05:81:EF:04:34:F5:5F:45:15:24:1A:18:4C:91:45:7B
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3235332e302f32342d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:49:64:1e:05:2e:8e:a7:93:fb:0b:2e:bb:3a:49:3b:f7:b7:
         77:55:8f:a7:44:e1:98:6c:84:0b:ab:30:e0:84:d5:2b:03:9b:
         86:e6:de:4e:8b:7d:8f:57:38:eb:09:35:46:89:6e:56:93:49:
         b3:87:0d:61:8c:4b:c8:bd:07:d7:7f:cf:72:90:5f:48:6a:d7:
         50:a3:77:c1:9b:62:5e:80:a2:e0:42:5d:bb:f7:c9:32:af:49:
         5d:a5:61:20:33:3a:29:93:20:18:ff:6d:c6:d0:20:26:b6:40:
         85:0e:8f:15:34:f0:57:53:56:cb:cf:1a:a1:fa:f4:d6:cb:cf:
         77:6c:79:ee:a9:f5:b3:df:e8:21:2b:16:6c:a6:17:de:66:91:
         b0:45:a8:95:a9:1e:ae:e5:83:3a:ce:b6:a1:2f:71:c7:b6:18:
         82:ae:f4:95:07:d2:40:e6:6b:36:ea:db:af:b6:61:ca:cf:ed:
         8a:8b:ba:71:6d:9e:de:42:47:6e:35:fe:9b:3f:08:55:68:02:
         50:dd:be:66:38:a8:5b:ee:e9:e2:7b:4e:d2:25:f0:d8:78:cf:
         bb:e5:a6:cc:24:26:18:f6:a5:5d:fe:cd:6c:9f:5a:e9:dd:91:
         99:a1:0d:37:54:6d:7d:ae:02:cc:2d:6f:68:e2:10:56:01:cd:
         fc:2f:83:68
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHXR+CXY+iDt/PxcHts1iV963g6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDRaFw0yNjA5MDMxMDQwMDRaMDMxMTAvBgNV
BAMTKDNFMjBDQ0MxMDU4MUVGMDQzNEY1NUY0NTE1MjQxQTE4NEM5MTQ1N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdUthsr6cCl0RS9bu/5SsSCh0P
Xk6TdQJVuxDusxF89Q+5ECKUpsZa+hlEHqudKoD2fzXiDrMOfQYAPMwndyAr+YK4
ANBYQJ76vexu7Oz2G4ucxDGJ5exLV8fwtMVtD7338bywVBxqYIaa5UJ5Fjya73NL
jAmlORr8AS1aLh95j+gfS8s1dcFHAjQ+HfpIT8PByO2IBBgIOVSvHCNq23k2+Jnb
imXIJQelzo/QM40FfTgetSQ4xnAvqF5L7pyS85C3IcP/aogCc5zcFTDamoFe1i6L
tTUt7mZ63remiNReO6lEz0YFSRiinTjbdcV6ntEWunvemRBFQVrDrJThjX1rAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUPiDMwQWB7wQ09V9FFSQaGEyRRXswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzEzOTM1MmUzODJlMzIzNTMz
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzODMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDCP0w
DQYJKoZIhvcNAQELBQADggEBAJ5JZB4FLo6nk/sLLrs6STv3t3dVj6dE4ZhshAur
MOCE1SsDm4bm3k6LfY9XOOsJNUaJblaTSbOHDWGMS8i9B9d/z3KQX0hq11Cjd8Gb
Yl6AouBCXbv3yTKvSV2lYSAzOimTIBj/bcbQICa2QIUOjxU08FdTVsvPGqH69NbL
z3dsee6p9bPf6CErFmymF95mkbBFqJWpHq7lgzrOtqEvcce2GIKu9JUH0kDmazbq
26+2YcrP7YqLunFtnt5CR241/ps/CFVoAlDdvmY4qFvu6eJ7TtIl8Nh4z7vlpswk
Jhj2pV3+zWyfWundkZmhDTdUbX2uAswtb2jiEFYBzfwvg2g=
-----END CERTIFICATE-----