Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2037303138.roa
File:                     3139342e32362e322e302f32342d3234203d3e2037303138.roa (raw, json)
Hash identifier:          KZ2g79XWhSpy1OjdBEbA7bKBiIPr4KF5cEbdhi1cO+c=
Subject key identifier:   DF:C5:1B:D3:14:86:D4:A0:2B:88:65:48:DF:A8:FE:5E:A2:16:12:F5
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       44D52DFBE76F81947FB63860CB893E5A0D57610A
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2037303138.roa
Signing time:             Tue 25 Mar 2025 06:19:48 +0000
ROA not before:           Tue 25 Mar 2025 06:14:48 +0000
ROA not after:            Tue 24 Mar 2026 06:19:48 +0000
asID:                     7018
IP address blocks:        194.26.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:04:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:d5:2d:fb:e7:6f:81:94:7f:b6:38:60:cb:89:3e:5a:0d:57:61:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Mar 25 06:14:48 2025 GMT
            Not After : Mar 24 06:19:48 2026 GMT
        Subject: CN=DFC51BD31486D4A02B886548DFA8FE5EA21612F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2b:70:e1:f7:a4:5d:c7:c8:d6:2e:b1:6d:f4:
                    0c:9d:c7:ec:90:4a:6e:b4:1a:f4:7d:3e:b6:17:1e:
                    5c:fe:c2:c1:2c:3f:6e:29:e2:ce:80:5a:c7:5a:d4:
                    d6:75:01:a9:fa:53:9c:b0:a9:27:a9:4a:2e:8d:67:
                    7c:7a:e7:71:ca:b5:08:22:ab:4e:a8:2e:3b:b4:9a:
                    0a:14:34:2b:eb:83:f9:60:1d:1b:73:63:8a:51:c6:
                    fb:cb:d6:4f:53:7d:66:32:5a:85:07:67:f5:80:d6:
                    73:d1:0d:96:73:21:d3:fe:28:5d:f5:a7:49:fa:8a:
                    96:f6:ae:7b:ba:ac:69:b7:66:a7:09:95:08:4f:10:
                    7b:7d:ee:59:ef:22:a6:e1:78:dc:a1:06:2a:b1:dc:
                    8f:c7:0e:8d:84:dd:24:46:5b:eb:dc:3c:2a:a9:81:
                    27:cd:2d:27:5c:27:77:65:20:12:ee:a9:af:22:6c:
                    69:d1:fd:db:0d:91:7b:b6:50:04:96:31:3b:96:d9:
                    61:23:bb:2b:d4:9f:cb:4b:14:6d:61:cd:b2:60:8c:
                    69:c2:aa:6c:0f:f5:d8:da:68:c2:b2:34:a8:16:fb:
                    4b:2f:1a:58:4b:6f:76:83:4f:27:17:31:cb:de:ac:
                    15:2f:63:62:94:de:6b:a6:09:31:7b:41:64:4c:18:
                    a5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C5:1B:D3:14:86:D4:A0:2B:88:65:48:DF:A8:FE:5E:A2:16:12:F5
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e2037303138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:ba:b6:cc:29:55:e3:c6:a9:66:99:75:0f:50:29:bc:63:d8:
         37:cb:c8:4d:28:a8:c1:e5:a3:82:41:87:07:3d:98:7a:67:6b:
         a9:aa:21:58:0b:c0:d5:3e:b5:29:64:28:b0:36:b0:16:48:99:
         48:9d:56:af:0f:8d:f0:a4:1d:f8:51:48:e0:6e:60:42:9b:33:
         a3:12:2f:d1:ea:81:ee:95:3d:24:51:41:1e:56:66:6c:b8:c0:
         06:67:67:5d:95:ec:32:68:45:d8:c5:d7:53:3b:4a:10:41:e4:
         61:37:f2:17:5e:fc:2a:9e:78:60:d5:8e:f9:57:58:ee:ea:60:
         35:03:99:fe:08:46:e2:e8:a6:61:5e:01:da:6c:f3:62:c9:1d:
         6d:d8:bc:17:b0:4f:5b:8d:9b:a4:e8:0d:83:6b:d4:ef:f6:fe:
         99:1f:d3:f9:2d:15:a1:a7:39:a1:47:12:f9:fe:fd:4a:9a:a4:
         b1:54:55:b8:ee:5b:1c:96:59:48:06:6f:a0:f9:22:93:7c:5c:
         8c:f8:54:5c:57:1e:4f:6b:63:5b:e6:fd:95:ba:ce:42:da:6b:
         f9:67:7e:13:db:8c:fc:d4:be:be:85:13:cd:a8:8a:f1:32:0f:
         c5:1c:b9:b0:4c:22:07:8e:8d:77:ae:d7:4f:51:fe:21:09:02:
         31:fc:c9:e5
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIURNUt++dvgZR/tjhgy4k+Wg1XYQowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTAzMjUwNjE0NDhaFw0yNjAzMjQwNjE5NDhaMDMxMTAvBgNV
BAMTKERGQzUxQkQzMTQ4NkQ0QTAyQjg4NjU0OERGQThGRTVFQTIxNjEyRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaK3Dh96Rdx8jWLrFt9Aydx+yQ
Sm60GvR9PrYXHlz+wsEsP24p4s6AWsda1NZ1Aan6U5ywqSepSi6NZ3x653HKtQgi
q06oLju0mgoUNCvrg/lgHRtzY4pRxvvL1k9TfWYyWoUHZ/WA1nPRDZZzIdP+KF31
p0n6ipb2rnu6rGm3ZqcJlQhPEHt97lnvIqbheNyhBiqx3I/HDo2E3SRGW+vcPCqp
gSfNLSdcJ3dlIBLuqa8ibGnR/dsNkXu2UASWMTuW2WEjuyvUn8tLFG1hzbJgjGnC
qmwP9djaaMKyNKgW+0svGlhLb3aDTycXMcverBUvY2KU3mumCTF7QWRMGKWNAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQU38Ub0xSG1KAriGVI36j+XqIWEvUwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzAzMTM4LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhoCMA0G
CSqGSIb3DQEBCwUAA4IBAQB9urbMKVXjxqlmmXUPUCm8Y9g3y8hNKKjB5aOCQYcH
PZh6Z2upqiFYC8DVPrUpZCiwNrAWSJlInVavD43wpB34UUjgbmBCmzOjEi/R6oHu
lT0kUUEeVmZsuMAGZ2ddlewyaEXYxddTO0oQQeRhN/IXXvwqnnhg1Y75V1ju6mA1
A5n+CEbi6KZhXgHabPNiyR1t2LwXsE9bjZuk6A2Da9Tv9v6ZH9P5LRWhpzmhRxL5
/v1KmqSxVFW47lsclllIBm+g+SKTfFyM+FRcVx5Pa2Nb5v2Vus5C2mv5Z34T24z8
1L6+hRPNqIrxMg/FHLmwTCIHjo13rtdPUf4hCQIx/Mnl
-----END CERTIFICATE-----