Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235352e302f32342d3234203d3e20383334.roa
File:                     3139342e33342e3235352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          9Nay8jCVOB7MKBbd6t/oX++dJQIYhzLuqo54ZgkMc3E=
Subject key identifier:   F7:B8:33:9B:6E:C8:36:4A:BE:A2:BC:D9:64:FC:E6:9A:04:D8:6C:21
Certificate issuer:       /CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
Certificate serial:       6AF651BB35CAA7CB9CB4AA358E86777764EF1FCB
Authority key identifier: 0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235352e302f32342d3234203d3e20383334.roa
Signing time:             Sun 29 Jun 2025 17:18:16 +0000
ROA not before:           Sun 29 Jun 2025 17:13:16 +0000
ROA not after:            Sun 28 Jun 2026 17:18:16 +0000
asID:                     834
IP address blocks:        194.34.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f6:51:bb:35:ca:a7:cb:9c:b4:aa:35:8e:86:77:77:64:ef:1f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d7ffae300def0876bf84890fb6ea17be841a4d3
        Validity
            Not Before: Jun 29 17:13:16 2025 GMT
            Not After : Jun 28 17:18:16 2026 GMT
        Subject: CN=F7B8339B6EC8364ABEA2BCD964FCE69A04D86C21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:94:82:fa:67:9b:31:87:f1:da:f9:73:63:fd:
                    89:17:00:ac:71:44:d8:4b:86:18:cb:c5:5b:35:09:
                    eb:51:04:0e:31:59:23:32:1b:8a:0f:50:16:1f:24:
                    66:25:b1:9d:53:d8:fc:73:c5:d1:26:8c:77:62:c5:
                    3d:a0:4f:73:5e:bf:65:dd:6a:79:e3:39:77:12:75:
                    ae:6f:d3:20:01:9a:41:d8:d3:d8:5d:9d:38:a9:1a:
                    b2:dd:eb:f4:e6:15:74:2b:d6:e9:1e:6e:5f:c4:d4:
                    00:b2:d2:5d:a6:56:5c:87:1f:6d:3a:97:57:7a:b2:
                    98:13:b9:1c:b6:36:5f:81:0c:a7:61:fa:b0:df:c0:
                    a3:a6:2a:af:61:fe:c6:cc:3e:9b:22:40:e0:9a:91:
                    ba:d4:11:68:9b:e4:e1:9c:57:41:f2:76:15:61:7e:
                    94:92:59:b2:d8:2b:72:9e:14:83:7e:ad:c4:4a:e7:
                    b4:18:76:1d:e8:88:f1:f0:ba:8b:a9:cd:ca:9e:1f:
                    68:fe:a2:18:e3:83:ca:44:bb:d8:13:ef:f2:15:6a:
                    fa:35:33:d7:c4:5d:59:58:48:e9:3a:b4:2d:2f:89:
                    06:ce:a1:dc:b4:90:87:62:e5:b7:04:54:da:fc:d7:
                    ff:35:d0:bd:7d:b2:4a:af:8c:25:18:2a:76:89:ef:
                    de:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B8:33:9B:6E:C8:36:4A:BE:A2:BC:D9:64:FC:E6:9A:04:D8:6C:21
            X509v3 Authority Key Identifier:
                keyid:0D:7F:FA:E3:00:DE:F0:87:6B:F8:48:90:FB:6E:A1:7B:E8:41:A4:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/0D7FFAE300DEF0876BF84890FB6EA17BE841A4D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DX_64wDe8Idr-EiQ-26he-hBpNM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8113dda6-7ade-445d-8c6e-448a78e48ca1/1/3139342e33342e3235352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:e3:9f:f3:96:7b:dc:a8:fa:a3:43:56:79:52:d5:d7:dc:bd:
         d8:c2:11:0e:60:5d:06:4e:a8:bd:00:bc:86:33:77:57:f9:2d:
         85:36:e0:f0:b6:88:0a:6b:3d:d1:e5:20:3f:bd:19:ce:85:64:
         e4:90:04:27:37:af:5c:12:b0:31:5b:a0:c9:ce:de:a1:fc:82:
         79:aa:d1:fa:76:f6:61:0f:e2:a5:84:2a:e2:20:a5:15:d1:d4:
         1f:98:bc:43:19:30:b3:71:d0:60:5e:d5:4b:2b:7b:8d:a5:ec:
         2f:da:a5:bd:3c:95:7d:97:cc:49:24:79:6c:6d:06:f2:f0:1c:
         69:31:41:f2:62:c6:12:5d:44:fd:dd:16:3e:d6:9e:d7:64:79:
         b8:a0:64:d0:a0:db:80:ea:65:78:95:0d:d7:89:00:ca:14:c6:
         dd:17:4b:4f:34:4d:ad:27:d5:80:84:80:df:ba:b5:da:61:c8:
         ae:13:13:70:5c:a6:6e:70:36:d7:66:ff:ea:24:4d:0d:a2:d4:
         9a:2d:21:2e:7e:48:29:e0:17:90:af:02:cc:32:95:ac:68:3f:
         dd:94:d5:dd:a7:65:7c:9f:f7:96:0c:a3:be:42:e9:ce:86:25:
         95:9d:4e:5b:33:12:77:5d:a0:20:7d:66:eb:2c:f8:dc:c9:82:
         12:90:05:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUavZRuzXKp8uctKo1joZ3d2TvH8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGQ3ZmZhZTMwMGRlZjA4NzZiZjg0ODkwZmI2ZWExN2Jl
ODQxYTRkMzAeFw0yNTA2MjkxNzEzMTZaFw0yNjA2MjgxNzE4MTZaMDMxMTAvBgNV
BAMTKEY3QjgzMzlCNkVDODM2NEFCRUEyQkNEOTY0RkNFNjlBMDREODZDMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1lIL6Z5sxh/Ha+XNj/YkXAKxx
RNhLhhjLxVs1CetRBA4xWSMyG4oPUBYfJGYlsZ1T2PxzxdEmjHdixT2gT3Nev2Xd
annjOXcSda5v0yABmkHY09hdnTipGrLd6/TmFXQr1ukebl/E1ACy0l2mVlyHH206
l1d6spgTuRy2Nl+BDKdh+rDfwKOmKq9h/sbMPpsiQOCakbrUEWib5OGcV0HydhVh
fpSSWbLYK3KeFIN+rcRK57QYdh3oiPHwuoupzcqeH2j+ohjjg8pEu9gT7/IVavo1
M9fEXVlYSOk6tC0viQbOody0kIdi5bcEVNr81/810L19skqvjCUYKnaJ7961AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU97gzm27INkq+orzZZPzmmgTYbCEwHwYDVR0j
BBgwFoAUDX/64wDe8Idr+EiQ+26he+hBpNMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODExM2RkYTYtN2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4
Y2ExLzEvMEQ3RkZBRTMwMERFRjA4NzZCRjg0ODkwRkI2RUExN0JFODQxQTREMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RYXzY0d0RlOElkci1FaVEtMjZoZS1o
QnBOTS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODExM2RkYTYt
N2FkZS00NDVkLThjNmUtNDQ4YTc4ZTQ4Y2ExLzEvMzEzOTM0MmUzMzM0MmUzMjM1
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCIv8w
DQYJKoZIhvcNAQELBQADggEBAJHjn/OWe9yo+qNDVnlS1dfcvdjCEQ5gXQZOqL0A
vIYzd1f5LYU24PC2iAprPdHlID+9Gc6FZOSQBCc3r1wSsDFboMnO3qH8gnmq0fp2
9mEP4qWEKuIgpRXR1B+YvEMZMLNx0GBe1Usre42l7C/apb08lX2XzEkkeWxtBvLw
HGkxQfJixhJdRP3dFj7WntdkebigZNCg24DqZXiVDdeJAMoUxt0XS080Ta0n1YCE
gN+6tdphyK4TE3Bcpm5wNtdm/+okTQ2i1JotIS5+SCngF5CvAswylaxoP92U1d2n
ZXyf95YMo75C6c6GJZWdTlszEnddoCB9Zuss+NzJghKQBR0=
-----END CERTIFICATE-----