Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3235342e322f33312d3332203d3e2038383230.roa
File:                     3139352e382e3235342e322f33312d3332203d3e2038383230.roa (raw, json)
Hash identifier:          Ws7GtSKTSVguHYGu3iQaSO+DNzfd0D+o1GeC4ZsBtyo=
Subject key identifier:   EE:43:71:CA:1C:78:D2:4A:E2:CC:08:F6:7D:C6:B4:84:42:D2:82:E9
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       0E5DD8C1220D31E463E61A593C5EB187C7EF9B6E
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3235342e322f33312d3332203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     8820
IP address blocks:        195.8.254.2/31 maxlen: 32
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:5d:d8:c1:22:0d:31:e4:63:e6:1a:59:3c:5e:b1:87:c7:ef:9b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=EE4371CA1C78D24AE2CC08F67DC6B48442D282E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2c:d8:8b:7a:6a:14:0d:57:4c:77:e8:d0:10:
                    44:cf:6b:2f:4c:88:3c:65:0e:0b:7e:6e:3c:be:4a:
                    30:89:5c:37:64:63:e1:61:c0:7b:b1:95:30:91:83:
                    bc:b5:21:45:18:a6:c3:22:e0:2d:a2:63:2d:4d:b4:
                    be:5a:db:cf:1c:32:ce:45:d0:1a:ae:07:8f:3a:fe:
                    35:36:25:bf:4f:e4:05:02:1c:88:12:78:ca:53:85:
                    3f:53:4b:6e:ff:36:39:d5:ee:f0:9a:da:c5:b4:37:
                    18:2b:d1:f4:9e:40:61:ba:00:50:4e:e3:10:d6:f0:
                    d8:92:0d:f3:f0:52:77:20:8c:a1:25:73:22:a4:81:
                    dd:71:05:ea:c2:2b:94:32:be:b3:b8:60:90:86:d9:
                    4c:c7:a8:43:95:d0:f0:3d:7d:31:4e:83:22:f5:9f:
                    c3:86:6f:2b:d5:e2:6c:5a:51:33:1a:ae:6a:66:4d:
                    30:82:7d:41:95:d5:e9:11:b2:01:93:91:12:ca:2e:
                    a3:c6:31:7c:ef:34:1b:73:ff:25:4b:10:d6:a2:97:
                    e7:a0:f1:cc:39:65:97:fd:45:ae:df:6a:b6:25:02:
                    a7:b3:b3:65:44:0a:3d:90:c8:20:0e:12:d0:51:c8:
                    f8:37:63:5b:e2:93:b9:b7:1e:ae:65:e3:38:c0:05:
                    4f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:43:71:CA:1C:78:D2:4A:E2:CC:08:F6:7D:C6:B4:84:42:D2:82:E9
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3139352e382e3235342e322f33312d3332203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.254.2/31

    Signature Algorithm: sha256WithRSAEncryption
         88:22:f8:5e:12:8d:c2:e7:24:84:2d:17:05:27:2a:d9:43:8f:
         cd:cb:62:7a:76:73:ed:c0:48:a0:7a:25:3b:18:b4:3c:a8:4f:
         f7:42:37:72:9a:04:62:6d:69:16:69:d0:d0:a4:2d:58:7b:96:
         00:e5:8d:47:ff:d2:5b:4b:41:c3:30:05:34:18:51:d0:6c:53:
         30:33:80:cd:3d:73:da:98:aa:90:6d:2c:cf:26:2d:c4:e1:9a:
         e6:c2:47:ac:70:dd:2e:46:ea:38:cd:19:e0:65:f0:f5:9c:05:
         75:f1:17:2d:9d:04:e2:4a:91:17:16:31:9a:dd:be:69:ef:a4:
         41:62:a4:45:02:33:9a:9e:4d:4c:30:96:20:04:bb:12:08:70:
         9e:2f:b4:c7:b7:0b:9b:9e:f0:64:b3:97:aa:82:b8:f8:97:b0:
         88:f9:05:d5:3e:f0:58:96:bf:d4:6c:75:9a:53:12:21:7a:63:
         34:9a:ac:a8:79:9d:01:f8:2c:e1:b5:db:d7:4e:7b:b1:1e:fa:
         35:2f:42:05:ec:fb:77:cd:64:38:97:02:6d:54:79:49:8a:7a:
         83:a7:08:93:b9:b1:0a:ed:4c:3a:da:95:49:fd:69:8a:c3:79:
         fa:e6:52:74:66:ed:f9:20:ba:3b:e7:aa:df:88:fa:e8:e3:c9:
         5b:7f:dd:ed
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIUDl3YwSINMeRj5hpZPF6xh8fvm24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKEVFNDM3MUNBMUM3OEQyNEFFMkNDMDhGNjdEQzZCNDg0NDJEMjgyRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/LNiLemoUDVdMd+jQEETPay9M
iDxlDgt+bjy+SjCJXDdkY+FhwHuxlTCRg7y1IUUYpsMi4C2iYy1NtL5a288cMs5F
0BquB486/jU2Jb9P5AUCHIgSeMpThT9TS27/NjnV7vCa2sW0Nxgr0fSeQGG6AFBO
4xDW8NiSDfPwUncgjKElcyKkgd1xBerCK5QyvrO4YJCG2UzHqEOV0PA9fTFOgyL1
n8OGbyvV4mxaUTMarmpmTTCCfUGV1ekRsgGTkRLKLqPGMXzvNBtz/yVLENail+eg
8cw5ZZf9Ra7farYlAqezs2VECj2QyCAOEtBRyPg3Y1vik7m3Hq5l4zjABU/xAgMB
AAGjggI6MIICNjAdBgNVHQ4EFgQU7kNxyhx40krizAj2fca0hELSgukwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzEzOTM1MmUzODJlMzIzNTM0
MmUzMjJmMzMzMTJkMzMzMjIwM2QzZTIwMzgzODMyMzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgABMAcDBQHDCP4C
MA0GCSqGSIb3DQEBCwUAA4IBAQCIIvheEo3C5ySELRcFJyrZQ4/Ny2J6dnPtwEig
eiU7GLQ8qE/3QjdymgRibWkWadDQpC1Ye5YA5Y1H/9JbS0HDMAU0GFHQbFMwM4DN
PXPamKqQbSzPJi3E4ZrmwkescN0uRuo4zRngZfD1nAV18RctnQTiSpEXFjGa3b5p
76RBYqRFAjOank1MMJYgBLsSCHCeL7THtwubnvBks5eqgrj4l7CI+QXVPvBYlr/U
bHWaUxIhemM0mqyoeZ0B+CzhtdvXTnuxHvo1L0IF7Pt3zWQ4lwJtVHlJinqDpwiT
ubEK7Uw62pVJ/WmKw3n65lJ0Zu35ILo756rfiPro48lbf93t
-----END CERTIFICATE-----