Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e36352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          yiUWywuAePvSWKx/Dh0v780qdOPcjeajPeWQA6yzZeY=
Subject key identifier:   25:E3:09:DF:37:F8:BA:83:4F:51:3E:AE:60:93:25:BA:9B:F4:9D:EA
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       585A4902EDB47289DE18492F457C73CF626F5D00
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa
Signing time:             Thu 30 Oct 2025 15:21:40 +0000
ROA not before:           Thu 30 Oct 2025 15:16:40 +0000
ROA not after:            Thu 29 Oct 2026 15:21:40 +0000
asID:                     834
IP address blocks:        213.139.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 17:39:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:5a:49:02:ed:b4:72:89:de:18:49:2f:45:7c:73:cf:62:6f:5d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Oct 30 15:16:40 2025 GMT
            Not After : Oct 29 15:21:40 2026 GMT
        Subject: CN=25E309DF37F8BA834F513EAE609325BA9BF49DEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ee:3e:f3:21:e5:bb:75:15:16:1b:10:e9:e6:
                    51:92:c8:b3:e0:52:57:cd:f1:55:28:be:d5:0a:b8:
                    be:f8:bf:65:1c:ef:12:f0:46:02:d2:d4:3a:d4:ce:
                    ef:38:9d:9a:88:45:f0:94:2b:9f:42:00:69:3f:7c:
                    4f:49:9e:fb:62:a7:91:8c:52:67:94:c9:54:e5:3d:
                    5a:0b:81:8d:42:4a:5e:47:eb:f2:1d:ee:7c:6e:fa:
                    00:b8:d2:8c:b1:9e:19:71:19:02:3d:99:81:3d:ac:
                    fc:66:54:f3:60:59:4f:11:61:69:ff:e9:6b:6a:d8:
                    bf:16:fa:ae:03:fe:c8:fb:03:ca:fc:c0:23:1a:4b:
                    a7:af:a3:28:3e:6b:c4:58:b7:dd:18:88:5d:db:c6:
                    17:28:e3:e5:c9:76:a1:d1:02:68:a6:8d:5a:b2:06:
                    06:9f:dd:d7:b4:09:76:ec:e5:73:b9:7a:83:d3:55:
                    fa:4e:2b:05:c0:26:3a:15:38:6d:82:46:d8:04:c7:
                    b2:bf:9a:c9:7a:68:c9:43:b2:fe:41:c6:b0:f8:b1:
                    51:73:89:13:eb:d6:8f:aa:d9:33:93:40:ef:7e:94:
                    f3:02:2b:f9:80:a4:e6:84:e0:ed:d7:6a:2c:e9:7a:
                    26:f4:7c:2b:ef:70:05:16:52:a9:d5:70:c8:5a:e5:
                    7f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E3:09:DF:37:F8:BA:83:4F:51:3E:AE:60:93:25:BA:9B:F4:9D:EA
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:08:3b:c6:f3:da:fb:8c:b8:ce:16:7a:7b:30:c3:11:fa:a3:
         2b:db:a4:3a:ad:3b:19:05:59:de:61:e8:2c:68:f5:2b:9d:00:
         24:d8:53:08:15:5e:1f:7b:2d:2d:59:5c:1f:01:36:b5:cf:22:
         f6:c7:c1:6f:b1:c9:47:50:ca:aa:32:84:b4:ff:2b:23:a9:f5:
         86:a5:de:33:38:b4:d3:60:39:d6:32:09:3e:e2:c4:a8:0b:e1:
         df:e0:68:d5:46:de:f1:9d:29:d6:66:f2:d3:9b:8e:25:9b:e6:
         26:de:0d:10:23:cd:fc:72:16:c0:2e:87:07:25:e2:ad:10:8c:
         bf:87:22:46:38:ab:04:b4:9c:56:58:b6:83:d1:44:19:51:27:
         c9:fa:9f:4d:7e:a3:f9:d3:0e:cf:53:89:11:de:f7:f8:34:19:
         83:31:72:4e:f6:fb:85:35:68:63:be:d8:60:52:1a:30:4e:60:
         28:20:ce:0c:69:de:a3:f2:41:9f:fb:d7:37:66:e5:ab:62:64:
         53:f2:0d:ce:80:b0:fc:b3:1a:8a:6a:16:10:4a:6c:20:10:6d:
         65:c0:c4:26:9a:2f:c1:53:01:d7:5b:ec:7e:c2:8a:92:d8:db:
         fa:47:00:da:3d:59:c5:75:4e:e0:8d:e0:95:de:e6:e9:1f:bb:
         54:a4:f2:e1
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUWFpJAu20coneGEkvRXxzz2JvXQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTEwMzAxNTE2NDBaFw0yNjEwMjkxNTIxNDBaMDMxMTAvBgNV
BAMTKDI1RTMwOURGMzdGOEJBODM0RjUxM0VBRTYwOTMyNUJBOUJGNDlERUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCh7j7zIeW7dRUWGxDp5lGSyLPg
UlfN8VUovtUKuL74v2Uc7xLwRgLS1DrUzu84nZqIRfCUK59CAGk/fE9Jnvtip5GM
UmeUyVTlPVoLgY1CSl5H6/Id7nxu+gC40oyxnhlxGQI9mYE9rPxmVPNgWU8RYWn/
6Wtq2L8W+q4D/sj7A8r8wCMaS6evoyg+a8RYt90YiF3bxhco4+XJdqHRAmimjVqy
Bgaf3de0CXbs5XO5eoPTVfpOKwXAJjoVOG2CRtgEx7K/msl6aMlDsv5BxrD4sVFz
iRPr1o+q2TOTQO9+lPMCK/mApOaE4O3Xaizpeib0fCvvcAUWUqnVcMha5X+PAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUJeMJ3zf4uoNPUT6uYJMlupv0neowHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi0Ew
DQYJKoZIhvcNAQELBQADggEBABUIO8bz2vuMuM4WenswwxH6oyvbpDqtOxkFWd5h
6Cxo9SudACTYUwgVXh97LS1ZXB8BNrXPIvbHwW+xyUdQyqoyhLT/KyOp9Yal3jM4
tNNgOdYyCT7ixKgL4d/gaNVG3vGdKdZm8tObjiWb5ibeDRAjzfxyFsAuhwcl4q0Q
jL+HIkY4qwS0nFZYtoPRRBlRJ8n6n01+o/nTDs9TiRHe9/g0GYMxck72+4U1aGO+
2GBSGjBOYCggzgxp3qPyQZ/71zdm5atiZFPyDc6AsPyzGopqFhBKbCAQbWXAxCaa
L8FTAddb7H7CipLY2/pHANo9WcV1TuCN4JXe5ukfu1Sk8uE=
-----END CERTIFICATE-----