Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e36352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          aBJ7OoaXb6rDbnpVY6odGndz/aaVwq/3W9uHVst1MOE=
Subject key identifier:   21:F3:86:C0:55:C1:A8:64:91:27:90:60:B2:9A:92:BE:B4:39:2D:C7
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       273BD3DA3075A2F908FA4F03D42CA0D1B287578A
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa
Signing time:             Wed 24 Jun 2026 08:46:51 +0000
ROA not before:           Wed 24 Jun 2026 08:41:51 +0000
ROA not after:            Wed 23 Jun 2027 08:46:51 +0000
asID:                     834
IP address blocks:        213.139.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 01:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:3b:d3:da:30:75:a2:f9:08:fa:4f:03:d4:2c:a0:d1:b2:87:57:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jun 24 08:41:51 2026 GMT
            Not After : Jun 23 08:46:51 2027 GMT
        Subject: CN=21F386C055C1A86491279060B29A92BEB4392DC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f4:6c:58:7f:2f:eb:ec:be:76:22:23:cf:f6:
                    75:5a:6a:4f:f8:13:b5:18:11:e6:12:cf:91:ab:9f:
                    61:9d:f7:a3:5d:7f:fd:48:11:be:a2:93:05:12:10:
                    d6:4b:1f:67:4e:d4:53:5b:c7:f2:79:1f:54:7b:92:
                    b5:41:95:b5:3e:27:5a:f9:85:88:77:7f:ca:36:5f:
                    6c:aa:de:f4:09:18:1f:94:1a:9c:0f:75:62:83:70:
                    ea:c4:95:38:fb:5c:a6:1d:d0:2a:34:38:f6:54:0f:
                    41:28:e4:57:96:c7:b5:6a:ff:59:a4:c0:ac:38:d3:
                    bc:c7:a7:af:07:c5:16:b9:58:45:79:21:d0:cb:4a:
                    3b:b8:d3:5e:2a:6b:20:f0:8b:5b:c1:12:37:e0:a5:
                    a9:42:0b:b7:31:8c:2d:33:99:6b:51:68:ec:81:b5:
                    62:55:f9:3f:ab:d1:16:6c:a9:c8:4a:ae:0b:1b:84:
                    87:be:7e:f8:d7:53:a1:47:ef:20:84:01:fa:5e:06:
                    9f:95:95:e3:61:e7:bd:25:b9:33:56:84:1f:c0:d6:
                    3d:88:33:3f:93:2c:7f:76:f0:12:43:cb:5b:bb:b4:
                    15:c4:99:b6:b4:a4:69:cf:cc:a9:a2:59:8b:15:e7:
                    9f:a7:7f:21:6b:34:2f:31:64:e4:47:46:c5:74:fa:
                    0f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F3:86:C0:55:C1:A8:64:91:27:90:60:B2:9A:92:BE:B4:39:2D:C7
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:12:bd:27:fa:20:c3:10:23:55:04:76:c8:39:e1:6b:c6:d9:
         1c:c8:25:85:34:d9:7f:f0:0c:f5:9f:c6:e2:20:ae:c8:5a:89:
         aa:09:f2:93:9f:ea:26:d1:c3:51:34:c7:b5:1b:4c:f3:76:9a:
         4c:0f:42:b4:a6:4c:9e:a0:30:29:39:98:23:90:34:9c:13:56:
         8b:9a:d6:5f:01:6e:1c:5a:22:41:c0:45:1f:88:20:0e:81:5a:
         4d:03:62:82:47:ff:72:13:96:30:71:3a:2c:36:9f:5b:15:76:
         e0:3a:f2:43:3b:af:fe:e1:0b:76:0e:4a:74:6f:6d:3f:a9:56:
         11:24:07:8d:fd:c0:d4:7d:86:55:3a:9e:0c:54:13:cf:0f:b1:
         ce:4e:6d:a4:2a:c4:08:62:07:75:e3:a4:f3:45:44:2b:77:83:
         75:00:b6:88:42:39:4f:25:8c:02:12:fb:29:50:16:82:dc:ae:
         2a:b3:15:d1:e8:75:fd:c0:9b:06:b4:8c:e8:e3:3d:fc:a5:a0:
         66:2e:75:92:c8:47:27:7f:7d:36:2e:2a:38:69:8f:2d:49:d4:
         de:d5:d4:83:38:93:25:02:f5:d5:f7:2e:e3:24:81:97:02:37:
         23:2a:7c:0d:71:ab:ef:52:79:79:f8:1c:42:d1:76:ba:fb:87:
         cd:6c:3c:7e
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUJzvT2jB1ovkI+k8D1Cyg0bKHV4owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjA2MjQwODQxNTFaFw0yNzA2MjMwODQ2NTFaMDMxMTAvBgNV
BAMTKDIxRjM4NkMwNTVDMUE4NjQ5MTI3OTA2MEIyOUE5MkJFQjQzOTJEQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm9GxYfy/r7L52IiPP9nVaak/4
E7UYEeYSz5Grn2Gd96Ndf/1IEb6ikwUSENZLH2dO1FNbx/J5H1R7krVBlbU+J1r5
hYh3f8o2X2yq3vQJGB+UGpwPdWKDcOrElTj7XKYd0Co0OPZUD0Eo5FeWx7Vq/1mk
wKw407zHp68HxRa5WEV5IdDLSju4014qayDwi1vBEjfgpalCC7cxjC0zmWtRaOyB
tWJV+T+r0RZsqchKrgsbhIe+fvjXU6FH7yCEAfpeBp+VleNh570luTNWhB/A1j2I
Mz+TLH928BJDy1u7tBXEmba0pGnPzKmiWYsV55+nfyFrNC8xZORHRsV0+g/xAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUIfOGwFXBqGSRJ5BgspqSvrQ5LccwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi0Ew
DQYJKoZIhvcNAQELBQADggEBAHsSvSf6IMMQI1UEdsg54WvG2RzIJYU02X/wDPWf
xuIgrshaiaoJ8pOf6ibRw1E0x7UbTPN2mkwPQrSmTJ6gMCk5mCOQNJwTVoua1l8B
bhxaIkHARR+IIA6BWk0DYoJH/3ITljBxOiw2n1sVduA68kM7r/7hC3YOSnRvbT+p
VhEkB439wNR9hlU6ngxUE88Psc5ObaQqxAhiB3XjpPNFRCt3g3UAtohCOU8ljAIS
+ylQFoLcriqzFdHodf3Amwa0jOjjPfyloGYudZLIRyd/fTYuKjhpjy1J1N7V1IM4
kyUC9dX3LuMkgZcCNyMqfA1xq+9SeXn4HELRdrr7h81sPH4=
-----END CERTIFICATE-----