Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3139332e32342e3233342e302f32332d3234203d3e20383334.roa
File:                     3139332e32342e3233342e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          3tE9vwLlFDIuslyefoYRrNlvD1gbmu6ntzeczb8Bts0=
Subject key identifier:   04:40:78:13:29:0B:1C:F9:2E:BA:D3:BB:7C:C3:DF:2F:73:84:63:3E
Certificate issuer:       /CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
Certificate serial:       39446F36C58FA3BF6F9C71CA50043A622E9789F8
Authority key identifier: 8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3139332e32342e3233342e302f32332d3234203d3e20383334.roa
Signing time:             Mon 15 Sep 2025 00:10:01 +0000
ROA not before:           Mon 15 Sep 2025 00:05:01 +0000
ROA not after:            Mon 14 Sep 2026 00:10:01 +0000
asID:                     834
IP address blocks:        193.24.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:38:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:44:6f:36:c5:8f:a3:bf:6f:9c:71:ca:50:04:3a:62:2e:97:89:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c12b4273832b4156fe0092f6ae7e5b3ce23ad8b
        Validity
            Not Before: Sep 15 00:05:01 2025 GMT
            Not After : Sep 14 00:10:01 2026 GMT
        Subject: CN=04407813290B1CF92EBAD3BB7CC3DF2F7384633E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bb:f9:a3:56:8c:f3:a1:05:17:3a:0f:f2:c8:
                    35:65:85:78:d1:2b:1f:30:66:6e:e1:8a:29:f7:99:
                    cd:8d:2d:ae:fa:5b:7f:5b:fd:fa:7c:51:5a:66:c3:
                    95:0e:19:cb:9b:5c:00:e8:86:ab:1c:1c:35:1f:e0:
                    77:17:13:3b:d0:b8:9a:b9:b6:fc:58:3d:b2:82:d0:
                    ca:45:4d:89:d4:e5:fd:c8:f7:bb:e0:2a:9e:22:33:
                    c4:da:1b:0f:b5:29:0e:d4:18:aa:e5:d3:9a:3b:38:
                    6d:fb:f1:f1:ab:a6:03:4c:0d:0a:50:fb:64:8a:30:
                    fd:d8:11:46:2e:7f:f6:ec:ed:e6:93:de:cb:f2:0e:
                    c6:75:87:fb:f5:9c:6c:88:59:5e:0e:be:88:2b:4b:
                    e5:d2:a8:95:b7:2a:e7:50:e4:3d:38:9f:61:2e:e3:
                    de:11:b6:55:bc:63:9f:bf:35:99:4f:18:2b:77:31:
                    fc:ed:27:1d:78:cd:c3:1e:64:a9:72:23:94:27:be:
                    24:dd:81:ba:34:e9:9d:14:ba:fc:8c:07:5b:74:76:
                    b2:db:f2:f5:2a:79:ca:a0:ea:7a:6b:b1:77:ba:44:
                    44:1b:11:d3:06:f3:74:78:ca:bb:32:9b:a4:90:9f:
                    b5:af:b2:e8:7f:31:82:aa:51:4d:72:31:ab:e4:89:
                    7b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:40:78:13:29:0B:1C:F9:2E:BA:D3:BB:7C:C3:DF:2F:73:84:63:3E
            X509v3 Authority Key Identifier:
                keyid:8C:12:B4:27:38:32:B4:15:6F:E0:09:2F:6A:E7:E5:B3:CE:23:AD:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/8C12B4273832B4156FE0092F6AE7E5B3CE23AD8B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jBK0JzgytBVv4Akvaufls84jrYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8bfd6882-d6b3-4aa8-bc0a-711d68bd198b/0/3139332e32342e3233342e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:94:92:52:df:7e:21:e5:fa:0e:23:6a:f8:40:2b:35:6c:14:
         ae:99:fb:26:dd:53:78:5b:27:47:9f:d3:f9:02:3a:37:c6:1e:
         16:25:a3:0a:5d:c7:53:70:0d:20:b8:b6:8b:8c:62:a4:26:9e:
         91:ba:77:c9:f4:43:ca:8b:9d:02:4d:db:9c:53:a3:bb:88:f7:
         55:d8:12:00:7b:6f:76:47:1a:b7:de:d1:52:1b:41:a5:43:f0:
         46:4b:f6:8a:70:12:f8:84:00:ff:38:40:11:66:71:fb:b1:81:
         80:80:ae:09:c5:15:7f:10:88:26:4a:bc:df:88:d5:b2:73:d6:
         18:9b:6c:46:ee:63:56:aa:ef:42:c1:3d:3a:49:7a:1d:cc:9a:
         5c:d6:a5:33:24:f2:63:9a:04:fe:e5:97:90:d3:eb:d6:34:e1:
         82:c3:c6:5b:e4:30:c7:a6:92:77:de:18:0e:8e:52:4e:d1:9a:
         85:76:af:d0:2c:62:a8:04:9c:3e:f5:f1:04:16:6c:1f:cb:4d:
         ea:58:68:a0:97:e3:fe:1e:12:9a:cf:70:8b:f0:09:1d:18:fa:
         10:11:a4:2d:f6:8a:85:3e:01:7e:a1:24:66:68:26:ed:7e:31:
         ef:b1:98:40:39:bf:3b:59:f5:42:37:c2:f7:fe:35:58:1f:d1:
         20:99:1c:7c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUOURvNsWPo79vnHHKUAQ6Yi6XifgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGMxMmI0MjczODMyYjQxNTZmZTAwOTJmNmFlN2U1YjNj
ZTIzYWQ4YjAeFw0yNTA5MTUwMDA1MDFaFw0yNjA5MTQwMDEwMDFaMDMxMTAvBgNV
BAMTKDA0NDA3ODEzMjkwQjFDRjkyRUJBRDNCQjdDQzNERjJGNzM4NDYzM0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDju/mjVozzoQUXOg/yyDVlhXjR
Kx8wZm7hiin3mc2NLa76W39b/fp8UVpmw5UOGcubXADohqscHDUf4HcXEzvQuJq5
tvxYPbKC0MpFTYnU5f3I97vgKp4iM8TaGw+1KQ7UGKrl05o7OG378fGrpgNMDQpQ
+2SKMP3YEUYuf/bs7eaT3svyDsZ1h/v1nGyIWV4OvogrS+XSqJW3KudQ5D04n2Eu
494RtlW8Y5+/NZlPGCt3MfztJx14zcMeZKlyI5QnviTdgbo06Z0UuvyMB1t0drLb
8vUqecqg6nprsXe6REQbEdMG83R4yrsym6SQn7Wvsuh/MYKqUU1yMavkiXt/AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUBEB4EykLHPkuutO7fMPfL3OEYz4wHwYDVR0j
BBgwFoAUjBK0JzgytBVv4Akvaufls84jrYswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGJmZDY4ODItZDZiMy00YWE4LWJjMGEtNzExZDY4YmQx
OThiLzAvOEMxMkI0MjczODMyQjQxNTZGRTAwOTJGNkFFN0U1QjNDRTIzQUQ4Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2pCSzBKemd5dEJWdjRBa3ZhdWZsczg0
anJZcy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOGJmZDY4ODIt
ZDZiMy00YWE4LWJjMGEtNzExZDY4YmQxOThiLzAvMzEzOTMzMmUzMjM0MmUzMjMz
MzQyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHBGOow
DQYJKoZIhvcNAQELBQADggEBAGSUklLffiHl+g4javhAKzVsFK6Z+ybdU3hbJ0ef
0/kCOjfGHhYlowpdx1NwDSC4touMYqQmnpG6d8n0Q8qLnQJN25xTo7uI91XYEgB7
b3ZHGrfe0VIbQaVD8EZL9opwEviEAP84QBFmcfuxgYCArgnFFX8QiCZKvN+I1bJz
1hibbEbuY1aq70LBPTpJeh3MmlzWpTMk8mOaBP7ll5DT69Y04YLDxlvkMMemknfe
GA6OUk7RmoV2r9AsYqgEnD718QQWbB/LTepYaKCX4/4eEprPcIvwCR0Y+hARpC32
ioU+AX6hJGZoJu1+Me+xmEA5vztZ9UI3wvf+NVgf0SCZHHw=
-----END CERTIFICATE-----