Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e203236303432.roa
File:                     3134312e39382e34322e302f32342d3234203d3e203236303432.roa (raw, json)
Hash identifier:          +GT6tipOpP7a/jmS2jvS0OmHJ5lSewd2owWcI6P6Cp8=
Subject key identifier:   69:61:1E:2F:CD:AA:EC:E5:02:E8:1D:D1:78:07:6D:2F:FE:9C:A1:CD
Certificate issuer:       /CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
Certificate serial:       3CEE073706DFC977B507708AA2A609A890E836B7
Authority key identifier: 7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e203236303432.roa
Signing time:             Tue 27 May 2025 17:11:22 +0000
ROA not before:           Tue 27 May 2025 17:06:22 +0000
ROA not after:            Tue 26 May 2026 17:11:22 +0000
asID:                     26042
IP address blocks:        141.98.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 19:31:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:ee:07:37:06:df:c9:77:b5:07:70:8a:a2:a6:09:a8:90:e8:36:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
        Validity
            Not Before: May 27 17:06:22 2025 GMT
            Not After : May 26 17:11:22 2026 GMT
        Subject: CN=69611E2FCDAAECE502E81DD178076D2FFE9CA1CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d2:98:9c:92:37:dd:b7:b1:ad:2c:f6:c2:55:
                    43:bd:47:f0:b0:6e:af:57:ae:02:40:38:4a:a1:92:
                    21:d3:99:dc:02:4b:4d:db:a9:3b:57:69:bc:c3:a1:
                    59:b8:5a:09:41:09:59:13:c5:86:0e:e6:5a:a4:0a:
                    74:cb:63:de:d4:1c:b1:2a:c1:0e:97:20:b4:88:a5:
                    fd:58:ab:15:56:6b:54:d5:7c:06:4d:bb:3b:31:c2:
                    52:62:2b:75:5c:99:cc:18:ff:65:e7:ab:ea:a1:36:
                    12:fd:9b:1a:ae:8e:25:e1:61:cf:ae:57:b6:30:50:
                    22:09:9a:c6:4f:07:09:e8:fc:57:ed:2d:80:9c:cc:
                    5c:c0:e7:41:8c:3e:41:8a:b8:8d:76:c8:bc:60:11:
                    06:06:69:51:a8:82:04:35:54:20:a4:bb:cf:57:8f:
                    ff:c7:50:ac:52:3a:25:55:e3:e7:a5:c1:60:57:6b:
                    94:3e:36:e5:ab:3c:c3:f5:80:df:00:47:4d:a8:19:
                    8b:ea:00:55:05:0d:96:a7:2c:85:69:0f:88:17:07:
                    75:55:14:16:50:15:bb:e9:ef:e1:10:de:55:0f:f6:
                    af:8d:c7:2d:53:31:d8:cf:2d:1e:13:b6:f8:0f:19:
                    46:1f:44:f6:a8:26:30:6a:27:4e:78:4e:9c:0c:63:
                    9e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:61:1E:2F:CD:AA:EC:E5:02:E8:1D:D1:78:07:6D:2F:FE:9C:A1:CD
            X509v3 Authority Key Identifier:
                keyid:7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e203236303432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:9a:ff:db:15:cc:99:6e:94:0b:ef:4b:78:22:71:14:a7:09:
         13:9f:21:14:43:3d:1e:b1:6b:66:aa:13:a9:1e:8b:42:da:ec:
         92:bd:e6:20:71:91:b0:6a:c5:a5:cb:31:58:5f:32:93:e5:54:
         91:50:bf:c4:ea:5e:8b:2c:14:46:13:c3:82:a5:06:2b:7a:79:
         57:61:37:28:dd:37:31:56:b6:10:62:8f:9b:14:13:05:7e:b4:
         a0:aa:80:7c:b2:e3:9c:18:eb:63:10:fc:f4:3c:58:05:be:15:
         a1:dc:71:9f:3c:25:02:03:3f:45:5c:2b:99:8d:de:6c:67:7d:
         4f:ce:b6:4d:df:35:17:2d:52:d7:b5:44:61:40:ab:3a:84:b4:
         b2:a0:90:66:5f:c1:b6:d1:cb:1a:c6:e5:74:d2:70:de:39:26:
         2b:22:20:56:9b:a1:3d:70:9e:c2:7d:08:f0:fa:f5:85:ab:b4:
         fa:88:30:df:f0:14:7b:01:f6:f3:62:08:c7:a7:d4:cd:03:78:
         5a:a8:a6:40:c2:0e:db:de:55:11:e9:98:89:c4:23:3c:bc:7f:
         bd:82:d2:38:0d:52:1b:87:c0:d8:6a:8e:3a:57:06:52:eb:33:
         79:e7:0a:36:fb:30:59:a9:ad:2a:ba:2d:50:c0:73:e5:c5:f4:
         04:66:b1:e8
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUPO4HNwbfyXe1B3CKoqYJqJDoNrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2U1MWNhYzFjZTJhZmUxOTU4YjFmYjZhNjIzNzcxN2Iw
YjVkNDgxMDAeFw0yNTA1MjcxNzA2MjJaFw0yNjA1MjYxNzExMjJaMDMxMTAvBgNV
BAMTKDY5NjExRTJGQ0RBQUVDRTUwMkU4MUREMTc4MDc2RDJGRkU5Q0ExQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj0pickjfdt7GtLPbCVUO9R/Cw
bq9XrgJAOEqhkiHTmdwCS03bqTtXabzDoVm4WglBCVkTxYYO5lqkCnTLY97UHLEq
wQ6XILSIpf1YqxVWa1TVfAZNuzsxwlJiK3VcmcwY/2Xnq+qhNhL9mxqujiXhYc+u
V7YwUCIJmsZPBwno/FftLYCczFzA50GMPkGKuI12yLxgEQYGaVGoggQ1VCCku89X
j//HUKxSOiVV4+elwWBXa5Q+NuWrPMP1gN8AR02oGYvqAFUFDZanLIVpD4gXB3VV
FBZQFbvp7+EQ3lUP9q+Nxy1TMdjPLR4TtvgPGUYfRPaoJjBqJ054TpwMY54VAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUaWEeL82q7OUC6B3ReAdtL/6coc0wHwYDVR0j
BBgwFoAUflHKwc4q/hlYsftqYjdxewtdSBAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODgxYjdmMDgtZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJi
ZDMyLzAvN0U1MUNBQzFDRTJBRkUxOTU4QjFGQjZBNjIzNzcxN0IwQjVENDgxMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZsSEt3YzRxX2hsWXNmdHFZamR4ZXd0
ZFNCQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODgxYjdmMDgt
ZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJiZDMyLzAvMzEzNDMxMmUzOTM4MmUzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjMwMzQzMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1i
KjANBgkqhkiG9w0BAQsFAAOCAQEATZr/2xXMmW6UC+9LeCJxFKcJE58hFEM9HrFr
ZqoTqR6LQtrskr3mIHGRsGrFpcsxWF8yk+VUkVC/xOpeiywURhPDgqUGK3p5V2E3
KN03MVa2EGKPmxQTBX60oKqAfLLjnBjrYxD89DxYBb4VodxxnzwlAgM/RVwrmY3e
bGd9T862Td81Fy1S17VEYUCrOoS0sqCQZl/BttHLGsbldNJw3jkmKyIgVpuhPXCe
wn0I8Pr1hau0+ogw3/AUewH282IIx6fUzQN4WqimQMIO295VEemYicQjPLx/vYLS
OA1SG4fA2GqOOlcGUuszeecKNvswWamtKrotUMBz5cX0BGax6A==
-----END CERTIFICATE-----