Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3231322e36302e3132382e302f31392d3234203d3e2038383230.roa
File:                     3231322e36302e3132382e302f31392d3234203d3e2038383230.roa (raw, json)
Hash identifier:          tkRquf6T+Omkt0B7TYYwzHsd7r8gNj0lgekA7Qb4jj0=
Subject key identifier:   0D:1F:53:63:D9:C8:6C:5D:CC:1E:E6:37:E0:44:6C:9A:AE:7B:70:F5
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       0BA41B67199666619C2C34DD7D0E398E0E2281E1
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3231322e36302e3132382e302f31392d3234203d3e2038383230.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     8820
IP address blocks:        212.60.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a4:1b:67:19:96:66:61:9c:2c:34:dd:7d:0e:39:8e:0e:22:81:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=0D1F5363D9C86C5DCC1EE637E0446C9AAE7B70F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0d:a9:40:60:16:34:26:fc:b7:fd:97:1a:9d:
                    f0:a4:30:e0:a5:3d:e8:1e:9a:34:05:41:36:e3:87:
                    c4:b1:56:55:de:59:8a:8b:37:5e:2f:b1:76:19:33:
                    dc:f0:12:f4:89:13:35:b5:f4:cd:61:79:68:68:82:
                    c5:11:0c:00:0e:2b:2f:ae:6a:8c:2a:d6:9d:bf:d1:
                    43:18:14:b7:82:bc:0c:aa:1f:91:73:d2:9b:2c:f9:
                    bd:01:b9:d8:8a:2f:10:99:1a:69:9f:ec:2d:e0:30:
                    82:a8:f6:5f:b9:4e:b1:eb:3c:ef:cc:ad:59:96:8a:
                    c1:81:18:83:06:44:91:9c:24:bc:08:62:75:c6:10:
                    c6:81:d0:b2:e0:d5:ea:bd:67:9f:ae:ad:82:e3:ef:
                    7f:4d:4f:45:c2:5d:75:0a:0c:9e:aa:82:cb:e1:f8:
                    ee:8a:6b:e7:1d:c1:d6:35:1c:44:35:10:ea:b0:91:
                    a0:83:a1:cd:35:bb:fb:49:93:c9:92:30:5a:39:af:
                    f1:fa:49:68:ea:20:2c:9e:b7:96:d0:f6:36:89:23:
                    d0:66:d7:3f:32:ba:05:4d:ec:13:e9:34:97:9d:40:
                    b3:12:c2:25:11:78:9f:f9:43:b9:d3:ce:35:99:0c:
                    0e:37:6b:7a:14:08:04:f5:9b:e3:4e:a5:26:bd:74:
                    3b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1F:53:63:D9:C8:6C:5D:CC:1E:E6:37:E0:44:6C:9A:AE:7B:70:F5
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3231322e36302e3132382e302f31392d3234203d3e2038383230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         37:8c:0e:a2:2f:c2:3a:e9:07:71:b9:72:e1:53:ea:90:34:6a:
         d3:61:f7:72:63:e9:d7:61:8f:17:d4:a6:38:3c:c9:00:af:33:
         35:37:85:21:09:79:af:84:33:54:a0:de:03:c0:dd:df:18:70:
         db:bf:f0:86:2f:c8:65:d1:77:9a:f5:33:d9:d0:f1:22:3f:52:
         9f:3d:65:18:19:4b:91:0b:64:16:de:f8:f5:bd:a5:21:41:83:
         9b:bf:19:ef:1a:10:9f:93:3b:5e:0e:0c:4c:b2:8f:6f:2b:9d:
         25:86:52:28:64:33:9e:e9:1f:4d:24:39:ce:49:bb:8a:4c:50:
         00:76:75:fa:d2:c4:ec:90:58:fa:7d:b0:cc:1c:5e:a9:17:02:
         61:b4:a8:56:01:bd:c6:1e:9c:4a:3c:07:db:ee:34:41:97:7a:
         85:10:2c:1a:ee:d5:cd:38:2b:13:6c:2a:4d:56:c7:55:d0:4b:
         57:4b:0c:36:5e:51:75:57:e8:8e:36:3c:52:e6:c0:f7:dd:34:
         2c:fc:1e:e5:b5:a9:27:41:e8:59:a2:a5:97:bf:c2:9a:f8:29:
         31:7d:8f:cb:47:fb:81:2c:31:40:97:30:31:a7:f8:ae:4c:d2:
         62:d4:d3:8e:66:2d:d2:8a:e8:22:22:55:6a:36:8d:3b:84:e3:
         fa:7d:e7:95
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUC6QbZxmWZmGcLDTdfQ45jg4igeEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKDBEMUY1MzYzRDlDODZDNURDQzFFRTYzN0UwNDQ2QzlBQUU3QjcwRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DalAYBY0Jvy3/ZcanfCkMOCl
PegemjQFQTbjh8SxVlXeWYqLN14vsXYZM9zwEvSJEzW19M1heWhogsURDAAOKy+u
aowq1p2/0UMYFLeCvAyqH5Fz0pss+b0BudiKLxCZGmmf7C3gMIKo9l+5TrHrPO/M
rVmWisGBGIMGRJGcJLwIYnXGEMaB0LLg1eq9Z5+urYLj739NT0XCXXUKDJ6qgsvh
+O6Ka+cdwdY1HEQ1EOqwkaCDoc01u/tJk8mSMFo5r/H6SWjqICyet5bQ9jaJI9Bm
1z8yugVN7BPpNJedQLMSwiUReJ/5Q7nTzjWZDA43a3oUCAT1m+NOpSa9dDspAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUDR9TY9nIbF3MHuY34ERsmq57cPUwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzIzMTMyMmUzNjMwMmUzMTMy
MzgyZTMwMmYzMTM5MmQzMjM0MjAzZDNlMjAzODM4MzIzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBdQ8
gDANBgkqhkiG9w0BAQsFAAOCAQEAN4wOoi/COukHcbly4VPqkDRq02H3cmPp12GP
F9SmODzJAK8zNTeFIQl5r4QzVKDeA8Dd3xhw27/whi/IZdF3mvUz2dDxIj9Snz1l
GBlLkQtkFt749b2lIUGDm78Z7xoQn5M7Xg4MTLKPbyudJYZSKGQznukfTSQ5zkm7
ikxQAHZ1+tLE7JBY+n2wzBxeqRcCYbSoVgG9xh6cSjwH2+40QZd6hRAsGu7VzTgr
E2wqTVbHVdBLV0sMNl5RdVfojjY8UubA9900LPwe5bWpJ0HoWaKll7/CmvgpMX2P
y0f7gSwxQJcwMaf4rkzSYtTTjmYt0oroIiJVajaNO4Tj+n3nlQ==
-----END CERTIFICATE-----