Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e332e302f32342d3234203d3e203236373337.roa
File:                     3139342e32362e332e302f32342d3234203d3e203236373337.roa (raw, json)
Hash identifier:          vAloYgRmheNvh8P1qphoutsfkKJ8NLcb3vYOmiEsQYI=
Subject key identifier:   07:ED:09:44:F6:7C:87:44:72:2A:92:D4:D3:B9:66:E7:52:2C:49:CF
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       63AA6397AA3EEB2B6E5B75896BB7473F94ACFD83
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e332e302f32342d3234203d3e203236373337.roa
Signing time:             Tue 25 Mar 2025 06:19:55 +0000
ROA not before:           Tue 25 Mar 2025 06:14:55 +0000
ROA not after:            Tue 24 Mar 2026 06:19:55 +0000
asID:                     26737
IP address blocks:        194.26.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:aa:63:97:aa:3e:eb:2b:6e:5b:75:89:6b:b7:47:3f:94:ac:fd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Mar 25 06:14:55 2025 GMT
            Not After : Mar 24 06:19:55 2026 GMT
        Subject: CN=07ED0944F67C8744722A92D4D3B966E7522C49CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b1:53:99:12:13:6a:9d:9b:8c:90:62:59:2b:
                    4f:d2:72:02:82:41:25:47:ac:af:4e:e2:1b:1e:20:
                    9e:d9:b3:18:47:26:2c:f1:6f:3e:07:c2:25:23:29:
                    34:89:ae:e2:b2:0e:f6:77:5a:61:f4:1c:6d:17:82:
                    88:74:aa:e6:62:c2:20:95:c8:e5:93:c4:1c:17:cf:
                    e4:94:df:27:fe:1e:aa:31:9d:9c:81:b9:ff:a7:ef:
                    21:c6:89:89:52:88:cf:3b:d8:96:68:fe:3d:98:ae:
                    8d:6e:44:a3:bb:af:9a:b4:5e:d5:27:eb:ae:78:e7:
                    53:8c:7b:80:87:fe:ce:36:64:74:c1:8f:f8:81:8e:
                    14:04:b8:8b:2a:8d:a7:dd:95:03:84:31:98:55:2d:
                    50:1b:d5:92:90:b6:2c:36:c7:9b:48:b5:d5:19:98:
                    18:d1:a6:bb:68:42:9f:ea:41:b4:7e:3e:08:73:23:
                    93:c3:f2:25:99:88:89:f2:94:4c:87:e2:96:ed:06:
                    ce:87:75:84:dd:d6:e0:4d:37:21:fa:1f:1a:2e:06:
                    78:0f:f5:9b:29:7b:79:f8:22:8a:31:c1:e9:9d:92:
                    27:e8:73:6a:52:93:5f:ee:a0:f7:a8:d4:0d:2c:d0:
                    49:58:22:3a:4d:b1:1a:77:61:54:90:99:68:51:e2:
                    7d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:ED:09:44:F6:7C:87:44:72:2A:92:D4:D3:B9:66:E7:52:2C:49:CF
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e332e302f32342d3234203d3e203236373337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:97:e6:dd:b0:21:e0:d0:f3:a4:03:5b:83:e7:3c:bd:05:dd:
         01:76:02:3c:84:94:32:00:a5:2c:73:08:db:14:38:10:ce:46:
         d7:2e:fa:78:1e:3b:9d:a8:f9:f6:1d:c6:33:bd:f9:07:f2:a4:
         5a:2b:65:18:83:1f:30:96:66:6b:7b:26:10:04:83:87:80:01:
         c3:27:b7:41:e1:0d:74:ef:50:0d:9d:83:96:e0:2b:f5:5e:ab:
         65:f2:29:9e:d8:6a:36:d3:fc:e3:89:fe:7d:dc:5e:4f:4c:15:
         a7:d7:50:cb:7a:21:0f:ed:16:4a:f7:ef:4e:3d:09:09:94:66:
         c7:b3:0f:f1:69:e1:55:a6:4f:dd:5e:95:c2:b3:54:47:2a:02:
         15:ff:fe:ae:b4:6f:e8:60:1f:a8:7d:f7:e7:41:4a:dc:eb:37:
         a0:5f:3a:85:e1:55:93:be:6f:4e:d8:f5:91:39:d6:a2:10:8f:
         a2:d8:83:2f:62:65:a2:3e:54:3b:91:5b:77:13:f0:b8:c6:3c:
         92:ce:a4:f8:d1:30:40:62:c1:d2:dd:66:c4:d4:67:ea:c8:d2:
         47:c5:0a:fa:e0:b6:f6:cc:8e:ff:03:33:81:c2:c9:0a:ed:5c:
         4f:a3:e3:39:ce:53:b2:b4:c1:7c:8a:ee:70:5c:9c:84:57:a3:
         eb:72:98:6f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUY6pjl6o+6ytuW3WJa7dHP5Ss/YMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTAzMjUwNjE0NTVaFw0yNjAzMjQwNjE5NTVaMDMxMTAvBgNV
BAMTKDA3RUQwOTQ0RjY3Qzg3NDQ3MjJBOTJENEQzQjk2NkU3NTIyQzQ5Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCasVOZEhNqnZuMkGJZK0/ScgKC
QSVHrK9O4hseIJ7ZsxhHJizxbz4HwiUjKTSJruKyDvZ3WmH0HG0Xgoh0quZiwiCV
yOWTxBwXz+SU3yf+HqoxnZyBuf+n7yHGiYlSiM872JZo/j2Yro1uRKO7r5q0XtUn
665451OMe4CH/s42ZHTBj/iBjhQEuIsqjafdlQOEMZhVLVAb1ZKQtiw2x5tItdUZ
mBjRprtoQp/qQbR+PghzI5PD8iWZiInylEyH4pbtBs6HdYTd1uBNNyH6HxouBngP
9Zspe3n4Iooxwemdkifoc2pSk1/uoPeo1A0s0ElYIjpNsRp3YVSQmWhR4n2NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUB+0JRPZ8h0RyKpLU07lm51IsSc8wHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzYzNzMzMzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCGgMw
DQYJKoZIhvcNAQELBQADggEBAEeX5t2wIeDQ86QDW4PnPL0F3QF2AjyElDIApSxz
CNsUOBDORtcu+ngeO52o+fYdxjO9+QfypForZRiDHzCWZmt7JhAEg4eAAcMnt0Hh
DXTvUA2dg5bgK/Veq2XyKZ7YajbT/OOJ/n3cXk9MFafXUMt6IQ/tFkr37049CQmU
ZsezD/Fp4VWmT91elcKzVEcqAhX//q60b+hgH6h99+dBStzrN6BfOoXhVZO+b07Y
9ZE51qIQj6LYgy9iZaI+VDuRW3cT8LjGPJLOpPjRMEBiwdLdZsTUZ+rI0kfFCvrg
tvbMjv8DM4HCyQrtXE+j4znOU7K0wXyK7nBcnIRXo+tymG8=
-----END CERTIFICATE-----