Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/3137302e33392e34392e302f32342d3234203d3e203630393030.roa
File:                     3137302e33392e34392e302f32342d3234203d3e203630393030.roa (raw, json)
Hash identifier:          btPRng7z0YJQktCwAe9Fv42Q21YLByWryq53NwstTa4=
Subject key identifier:   BF:56:B6:BA:86:56:99:8F:37:EA:32:55:9F:73:76:0F:F3:9D:44:16
Certificate issuer:       /CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
Certificate serial:       620D6E8E43D6ED4146BA0F2B08BAE49A68DF2CDF
Authority key identifier: 93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/3137302e33392e34392e302f32342d3234203d3e203630393030.roa
Signing time:             Thu 03 Jul 2025 20:32:22 +0000
ROA not before:           Thu 03 Jul 2025 20:27:22 +0000
ROA not after:            Thu 02 Jul 2026 20:32:22 +0000
asID:                     60900
IP address blocks:        170.39.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/a73420cb-b3cc-4b03-bda7-1be204933ae5.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/a73420cb-b3cc-4b03-bda7-1be204933ae5.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Jul 2025 16:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:0d:6e:8e:43:d6:ed:41:46:ba:0f:2b:08:ba:e4:9a:68:df:2c:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071
        Validity
            Not Before: Jul  3 20:27:22 2025 GMT
            Not After : Jul  2 20:32:22 2026 GMT
        Subject: CN=BF56B6BA8656998F37EA32559F73760FF39D4416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:b3:fd:0a:f9:f2:bb:5b:9f:94:e9:12:6b:f1:
                    07:8f:c5:51:77:09:c1:b5:8e:ed:a5:cf:e4:99:ee:
                    ef:49:ef:01:46:2f:f7:d7:7c:4e:a6:cb:7f:9c:3b:
                    43:d7:7e:d5:26:78:13:86:d2:2d:bb:3b:91:b9:b7:
                    39:cb:16:0a:23:7a:f8:86:23:ba:b3:32:d3:05:77:
                    36:7c:d3:4c:a8:44:f2:52:02:5a:61:50:93:ef:3a:
                    a4:55:a4:2d:94:81:1f:92:f1:4b:51:ba:15:21:7b:
                    4e:d5:99:71:43:6f:bf:06:97:6d:f4:bb:29:0d:90:
                    6e:f8:cb:be:26:2a:52:da:f2:e1:ed:cf:71:8b:03:
                    a0:74:81:de:2f:64:47:ac:85:39:50:61:55:80:a1:
                    d6:53:7d:54:28:b9:d1:3b:72:f7:ad:4a:a6:76:02:
                    8b:c5:6a:45:35:95:9b:3b:c1:74:2d:77:ff:bc:52:
                    71:de:85:38:4a:09:34:85:64:56:4e:30:99:75:48:
                    6e:c7:d0:af:d7:13:30:fd:01:53:b2:f7:cb:60:08:
                    9b:09:8d:9f:15:04:f0:e5:70:b8:a5:54:14:96:72:
                    ad:b3:c8:9b:11:6e:35:ac:be:2e:b9:c9:1a:5d:ac:
                    38:3b:7a:ee:84:42:58:3c:8a:fe:bc:f6:2a:f6:93:
                    3b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:56:B6:BA:86:56:99:8F:37:EA:32:55:9F:73:76:0F:F3:9D:44:16
            X509v3 Authority Key Identifier:
                keyid:93:B0:29:6C:31:78:77:80:FE:84:13:31:8F:D0:D2:70:83:83:4C:C5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/93B0296C31787780FE8413318FD0D27083834CC5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/5563e2f9-4d9b-40c3-afa2-ce7045ffd23a/1822fe9c8a1d8a021778934e378159ff8f794df32bfe9ed071.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/8/3137302e33392e34392e302f32342d3234203d3e203630393030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.39.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:24:b1:fd:bf:c8:3a:59:4f:97:9c:29:1a:2b:d3:59:f0:ea:
         81:03:88:d5:62:02:55:9e:ec:2e:13:42:30:3e:e2:6d:73:25:
         18:a8:2d:a4:fe:ea:5d:a3:21:0f:bc:91:c5:9c:89:49:29:af:
         41:b3:bd:47:0c:79:5a:56:1b:cb:a1:de:1f:c2:4d:b9:6f:ba:
         3a:da:3f:48:2e:04:de:07:5c:5e:c3:ae:f4:c1:0b:02:d1:f3:
         c0:56:d0:ce:d5:78:74:fb:7c:1d:76:d1:dc:9a:e4:9e:31:01:
         1d:05:e5:54:63:b0:b4:1d:5f:2b:2c:6c:ab:c3:d9:06:f6:e5:
         cd:eb:49:59:ca:50:68:c2:e5:d5:83:63:15:75:a9:2a:13:23:
         fe:22:7b:f4:93:b3:50:bc:fa:22:ec:9a:0c:cb:ed:75:07:7d:
         22:e8:12:a0:af:3f:75:6c:bd:d8:61:15:a0:7c:fe:73:1e:42:
         ff:93:57:12:93:b6:6f:b4:bf:8a:9d:e8:ed:60:c7:03:d8:ac:
         dd:33:b2:29:b9:ee:64:e9:be:1f:18:63:6f:4c:3d:e3:32:53:
         71:27:5d:86:dd:0c:d0:8e:e0:8d:f3:d6:db:9a:ef:1c:2c:89:
         bb:18:21:d9:3b:18:c9:91:51:7c:7c:b4:e2:a1:0d:29:74:2b:
         4c:55:45:2f
-----BEGIN CERTIFICATE-----
MIIFyzCCBLOgAwIBAgIUYg1ujkPW7UFGug8rCLrkmmjfLN8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4
Zjc5NGRmMzJiZmU5ZWQwNzEwHhcNMjUwNzAzMjAyNzIyWhcNMjYwNzAyMjAzMjIy
WjAzMTEwLwYDVQQDEyhCRjU2QjZCQTg2NTY5OThGMzdFQTMyNTU5RjczNzYwRkYz
OUQ0NDE2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rP9Cvnyu1uf
lOkSa/EHj8VRdwnBtY7tpc/kme7vSe8BRi/313xOpst/nDtD137VJngThtItuzuR
ubc5yxYKI3r4hiO6szLTBXc2fNNMqETyUgJaYVCT7zqkVaQtlIEfkvFLUboVIXtO
1ZlxQ2+/Bpdt9LspDZBu+Mu+JipS2vLh7c9xiwOgdIHeL2RHrIU5UGFVgKHWU31U
KLnRO3L3rUqmdgKLxWpFNZWbO8F0LXf/vFJx3oU4Sgk0hWRWTjCZdUhux9Cv1xMw
/QFTsvfLYAibCY2fFQTw5XC4pVQUlnKts8ibEW41rL4uuckaXaw4O3ruhEJYPIr+
vPYq9pM7PwIDAQABo4ICyzCCAscwHQYDVR0OBBYEFL9WtrqGVpmPN+oyVZ9zdg/z
nUQWMB8GA1UdIwQYMBaAFJOwKWwxeHeA/oQTMY/Q0nCDg0zFMA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC84LzkzQjAyOTZDMzE3ODc3ODBGRTg0MTMzMThGRDBEMjcw
ODM4MzRDQzUuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2Mt
NGIwMy1iZGE3LTFiZTIwNDkzM2FlNS81NTYzZTJmOS00ZDliLTQwYzMtYWZhMi1j
ZTcwNDVmZmQyM2EvMTgyMmZlOWM4YTFkOGEwMjE3Nzg5MzRlMzc4MTU5ZmY4Zjc5
NGRmMzJiZmU5ZWQwNzEuY2VyMIGrBggrBgEFBQcBCwSBnjCBmzCBmAYIKwYBBQUH
MAuGgYtyc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC84LzMxMzczMDJl
MzMzOTJlMzQzOTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzAzOTMwMzAucm9h
MBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwE
AgABMAYDBACqJzEwDQYJKoZIhvcNAQELBQADggEBAJgksf2/yDpZT5ecKRor01nw
6oEDiNViAlWe7C4TQjA+4m1zJRioLaT+6l2jIQ+8kcWciUkpr0GzvUcMeVpWG8uh
3h/CTblvujraP0guBN4HXF7DrvTBCwLR88BW0M7VeHT7fB120dya5J4xAR0F5VRj
sLQdXyssbKvD2Qb25c3rSVnKUGjC5dWDYxV1qSoTI/4ie/STs1C8+iLsmgzL7XUH
fSLoEqCvP3VsvdhhFaB8/nMeQv+TVxKTtm+0v4qd6O1gxwPYrN0zsim57mTpvh8Y
Y29MPeMyU3EnXYbdDNCO4I3z1tua7xwsibsYIdk7GMmRUXx8tOKhDSl0K0xVRS8=
-----END CERTIFICATE-----