Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa
File:                     3139342e35302e3233332e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          xEfuk5AWeAZfj+tZcldJdbXY5vKkWnXcUHGIm6yV4Lg=
Subject key identifier:   91:48:AD:B2:39:4C:0D:FE:77:1D:5A:DB:75:32:92:E3:E0:49:F9:2F
Certificate issuer:       /CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
Certificate serial:       0E24522916CB3629AC82CD401B13E429229B1541
Authority key identifier: 62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa
Signing time:             Wed 22 Oct 2025 07:55:09 +0000
ROA not before:           Wed 22 Oct 2025 07:50:09 +0000
ROA not after:            Wed 21 Oct 2026 07:55:09 +0000
asID:                     9009
IP address blocks:        194.50.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 08:06:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:24:52:29:16:cb:36:29:ac:82:cd:40:1b:13:e4:29:22:9b:15:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fbd2cc0012fb2f86db40b589bd1ac4e973266d
        Validity
            Not Before: Oct 22 07:50:09 2025 GMT
            Not After : Oct 21 07:55:09 2026 GMT
        Subject: CN=9148ADB2394C0DFE771D5ADB753292E3E049F92F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a3:f6:4d:29:7d:dc:e4:4d:4d:3b:22:d2:0c:
                    cc:c6:74:bf:94:8e:bb:49:87:fd:e5:48:5c:54:08:
                    32:60:7b:23:c6:60:14:79:84:c2:77:f8:ce:bf:4e:
                    20:b6:88:27:2c:e9:f6:ed:d1:4e:c7:d6:5b:9f:ac:
                    a9:64:62:a9:0a:53:2d:b0:70:07:64:da:93:b2:92:
                    fb:f9:33:ef:fe:04:53:96:7c:2c:a4:d0:ea:a5:bb:
                    61:2b:09:f4:70:2b:c2:69:4c:1d:4a:a7:cf:cb:f0:
                    6c:3b:cb:b4:b1:dd:24:fa:82:4a:4c:a5:dd:4e:6d:
                    16:fc:a1:be:dc:8a:83:eb:f9:b3:5a:54:b7:ad:c6:
                    f3:c1:17:3e:03:4c:80:da:68:8a:95:81:24:38:7c:
                    c3:b2:ba:ab:9f:79:db:30:b7:ac:10:8b:78:87:64:
                    97:f4:3e:e5:10:8f:9a:9b:18:d5:74:4f:12:ae:d9:
                    90:6a:07:a5:28:ad:32:e2:3b:2b:c8:c0:8e:1a:a0:
                    de:ea:11:d8:f8:56:59:7e:7c:f0:5e:6b:19:dc:95:
                    14:b6:c3:d6:9d:9a:62:38:70:2d:c3:60:e9:2c:ae:
                    31:77:fb:ec:7f:b5:9e:c4:ec:6c:fa:6e:8a:d8:71:
                    4b:40:27:22:f5:a3:25:a3:b1:9e:53:21:45:84:e9:
                    ba:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:48:AD:B2:39:4C:0D:FE:77:1D:5A:DB:75:32:92:E3:E0:49:F9:2F
            X509v3 Authority Key Identifier:
                keyid:62:FB:D2:CC:00:12:FB:2F:86:DB:40:B5:89:BD:1A:C4:E9:73:26:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/62FBD2CC0012FB2F86DB40B589BD1AC4E973266D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvvSzAAS-y-G20C1ib0axOlzJm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/46b93df0-ac8d-4da8-afb8-dcb7f2888362/0/3139342e35302e3233332e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:10:0d:27:62:54:85:88:bc:12:8a:3e:62:4e:fa:bd:e9:5f:
         21:29:b7:04:d4:77:3c:c6:09:cd:f3:b5:e0:3c:fd:6b:c8:43:
         aa:ff:17:bc:82:a2:1b:7b:ca:5f:1f:4c:5d:71:8e:6c:1e:c6:
         5a:bf:59:3d:5b:50:2a:96:4a:37:09:af:e5:1f:81:1d:56:84:
         10:50:fd:fb:5c:ff:38:0b:45:d3:89:90:35:8a:86:51:3c:c2:
         04:b6:a7:bd:cb:53:1a:25:82:24:2f:33:a2:08:bb:31:0f:99:
         10:ff:b0:d8:9d:aa:24:c7:ec:00:37:ee:9c:17:6a:00:7e:29:
         c5:cf:b2:44:67:7a:1b:a6:31:f2:d2:ed:a7:84:92:c0:22:8c:
         b5:c2:08:24:08:be:55:db:98:60:38:8b:67:11:91:62:e4:83:
         ef:7b:0d:d6:86:70:49:f3:92:ae:6f:18:16:8f:9d:d9:d6:60:
         44:2f:f4:ca:54:bd:bb:a4:32:f9:16:28:bd:7a:96:5f:4f:0f:
         9f:c7:85:1a:c4:94:f9:81:4d:fa:97:03:92:a0:76:64:0e:b0:
         b1:f0:8f:80:c2:2c:7d:bb:a9:f2:9f:a0:5c:ab:81:68:dd:fe:
         2e:2a:07:ac:d1:7e:a9:b2:de:43:9b:26:88:9a:06:2c:a6:e9:
         bc:70:e3:48
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUDiRSKRbLNimsgs1AGxPkKSKbFUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjJmYmQyY2MwMDEyZmIyZjg2ZGI0MGI1ODliZDFhYzRl
OTczMjY2ZDAeFw0yNTEwMjIwNzUwMDlaFw0yNjEwMjEwNzU1MDlaMDMxMTAvBgNV
BAMTKDkxNDhBREIyMzk0QzBERkU3NzFENUFEQjc1MzI5MkUzRTA0OUY5MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCao/ZNKX3c5E1NOyLSDMzGdL+U
jrtJh/3lSFxUCDJgeyPGYBR5hMJ3+M6/TiC2iCcs6fbt0U7H1lufrKlkYqkKUy2w
cAdk2pOykvv5M+/+BFOWfCyk0Oqlu2ErCfRwK8JpTB1Kp8/L8Gw7y7Sx3ST6gkpM
pd1ObRb8ob7cioPr+bNaVLetxvPBFz4DTIDaaIqVgSQ4fMOyuqufedswt6wQi3iH
ZJf0PuUQj5qbGNV0TxKu2ZBqB6UorTLiOyvIwI4aoN7qEdj4Vll+fPBeaxnclRS2
w9admmI4cC3DYOksrjF3++x/tZ7E7Gz6borYcUtAJyL1oyWjsZ5TIUWE6brdAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUkUitsjlMDf53HVrbdTKS4+BJ+S8wHwYDVR0j
BBgwFoAUYvvSzAAS+y+G20C1ib0axOlzJm0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAtYWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4
MzYyLzAvNjJGQkQyQ0MwMDEyRkIyRjg2REI0MEI1ODlCRDFBQzRFOTczMjY2RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1l2dlN6QUFTLXktRzIwQzFpYjBheE9s
ekptMC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNDZiOTNkZjAt
YWM4ZC00ZGE4LWFmYjgtZGNiN2YyODg4MzYyLzAvMzEzOTM0MmUzNTMwMmUzMjMz
MzMyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIy
6TANBgkqhkiG9w0BAQsFAAOCAQEAqRANJ2JUhYi8Eoo+Yk76velfISm3BNR3PMYJ
zfO14Dz9a8hDqv8XvIKiG3vKXx9MXXGObB7GWr9ZPVtQKpZKNwmv5R+BHVaEEFD9
+1z/OAtF04mQNYqGUTzCBLanvctTGiWCJC8zogi7MQ+ZEP+w2J2qJMfsADfunBdq
AH4pxc+yRGd6G6Yx8tLtp4SSwCKMtcIIJAi+VduYYDiLZxGRYuSD73sN1oZwSfOS
rm8YFo+d2dZgRC/0ylS9u6Qy+RYovXqWX08Pn8eFGsSU+YFN+pcDkqB2ZA6wsfCP
gMIsfbup8p+gXKuBaN3+LioHrNF+qbLeQ5smiJoGLKbpvHDjSA==
-----END CERTIFICATE-----