Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e2039333034.roa
File:                     3231332e3133392e36352e302f32342d3234203d3e2039333034.roa (raw, json)
Hash identifier:          IuHaapDzUgLoDmpk8BPvs+AnS5FkKTocszixLRbQ9pk=
Subject key identifier:   5F:49:12:E0:E3:92:E6:B1:42:D9:26:D1:5D:E2:00:DA:EE:E9:FA:E8
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       7DD73FFB839AF19AA9012564CE0087882CBCB744
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e2039333034.roa
Signing time:             Sat 30 Aug 2025 15:28:46 +0000
ROA not before:           Sat 30 Aug 2025 15:23:46 +0000
ROA not after:            Sat 29 Aug 2026 15:28:46 +0000
asID:                     9304
IP address blocks:        213.139.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:d7:3f:fb:83:9a:f1:9a:a9:01:25:64:ce:00:87:88:2c:bc:b7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Aug 30 15:23:46 2025 GMT
            Not After : Aug 29 15:28:46 2026 GMT
        Subject: CN=5F4912E0E392E6B142D926D15DE200DAEEE9FAE8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:47:3b:87:9b:0a:15:7b:70:59:98:55:bc:46:
                    66:93:c3:63:73:2c:38:84:58:35:d1:dd:3d:dd:62:
                    a4:74:2b:e1:3c:ed:8f:74:5c:18:5c:50:68:41:db:
                    9c:ca:4c:36:3b:ba:fc:bb:17:18:c9:11:c8:cf:56:
                    89:5e:3b:a2:e3:40:2c:c2:e4:64:5b:87:46:e8:9d:
                    5d:0b:d8:cd:06:de:25:18:21:7f:20:68:12:86:19:
                    49:1c:ff:3e:7a:fd:be:29:7e:2c:71:86:61:c0:c0:
                    af:e5:2f:9f:13:2e:79:52:9a:41:36:21:35:d2:42:
                    1e:1c:a7:c9:fe:49:b2:d7:fd:73:59:b8:c3:85:b2:
                    04:2d:b2:99:b5:ad:82:1b:ee:4f:f2:7f:7f:9e:de:
                    8a:fe:2e:0f:d7:5e:06:92:3d:10:bd:51:e6:2f:82:
                    4f:82:a7:b5:bf:b1:75:93:2e:30:ce:35:2f:39:79:
                    2f:56:07:60:fc:a3:9e:07:8d:3f:e6:64:4c:73:e1:
                    b4:df:74:ea:b9:fe:61:84:49:b5:28:06:df:7a:29:
                    45:35:c9:29:3c:2f:f8:b5:63:5c:f9:68:30:04:62:
                    16:e3:11:03:ad:76:4c:a1:95:b1:97:c4:60:d4:93:
                    17:bc:e9:d5:7d:0c:05:49:99:47:2a:f0:60:7a:f8:
                    83:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:49:12:E0:E3:92:E6:B1:42:D9:26:D1:5D:E2:00:DA:EE:E9:FA:E8
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e36352e302f32342d3234203d3e2039333034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:00:04:f9:81:98:6c:50:c9:7c:23:d9:8e:9f:85:db:c9:4f:
         2b:a6:8a:4b:01:00:25:32:3a:f4:41:47:86:cc:db:71:20:01:
         29:fb:71:7e:16:54:9f:4f:df:1f:70:1e:24:88:f8:4b:95:96:
         d5:34:35:78:6b:29:be:33:80:e8:9c:4d:26:69:b6:9b:a1:56:
         da:5d:62:29:0a:8d:01:34:c7:5c:20:44:30:49:e0:20:9f:ba:
         51:bc:70:64:aa:11:a9:4f:20:f7:91:67:aa:3c:b0:86:ff:7b:
         7c:9f:a3:fe:e5:ca:d3:24:2c:32:8d:e7:bd:d5:7a:18:0c:cf:
         8e:f7:25:13:6d:c2:df:a3:20:14:79:cf:d4:25:82:14:76:95:
         06:84:50:e9:8b:4e:b5:2e:64:08:bc:27:d9:10:44:5f:4e:2f:
         f5:0f:97:b6:c5:9e:cf:2f:7e:67:a4:12:b9:98:08:af:54:a5:
         cb:a8:a9:df:98:7e:24:56:13:2c:07:26:cb:93:b5:ad:ca:60:
         ad:53:a0:8c:49:55:90:79:43:bc:3f:b6:8e:e9:87:f8:4b:ed:
         e6:fe:a0:77:44:41:21:d7:03:c2:0e:59:e0:3f:09:16:e1:0e:
         8a:11:29:99:21:f3:3d:29:15:02:be:8c:24:1d:0a:5a:b9:86:
         79:c1:82:f9
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUfdc/+4Oa8ZqpASVkzgCHiCy8t0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNTA4MzAxNTIzNDZaFw0yNjA4MjkxNTI4NDZaMDMxMTAvBgNV
BAMTKDVGNDkxMkUwRTM5MkU2QjE0MkQ5MjZEMTVERTIwMERBRUVFOUZBRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxRzuHmwoVe3BZmFW8RmaTw2Nz
LDiEWDXR3T3dYqR0K+E87Y90XBhcUGhB25zKTDY7uvy7FxjJEcjPVoleO6LjQCzC
5GRbh0bonV0L2M0G3iUYIX8gaBKGGUkc/z56/b4pfixxhmHAwK/lL58TLnlSmkE2
ITXSQh4cp8n+SbLX/XNZuMOFsgQtspm1rYIb7k/yf3+e3or+Lg/XXgaSPRC9UeYv
gk+Cp7W/sXWTLjDONS85eS9WB2D8o54HjT/mZExz4bTfdOq5/mGESbUoBt96KUU1
ySk8L/i1Y1z5aDAEYhbjEQOtdkyhlbGXxGDUkxe86dV9DAVJmUcq8GB6+IN7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUX0kS4OOS5rFC2SbRXeIA2u7p+ugwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM2
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMzMzAzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEANWL
QTANBgkqhkiG9w0BAQsFAAOCAQEAUgAE+YGYbFDJfCPZjp+F28lPK6aKSwEAJTI6
9EFHhszbcSABKftxfhZUn0/fH3AeJIj4S5WW1TQ1eGspvjOA6JxNJmm2m6FW2l1i
KQqNATTHXCBEMEngIJ+6UbxwZKoRqU8g95Fnqjywhv97fJ+j/uXK0yQsMo3nvdV6
GAzPjvclE23C36MgFHnP1CWCFHaVBoRQ6YtOtS5kCLwn2RBEX04v9Q+XtsWezy9+
Z6QSuZgIr1Sly6ip35h+JFYTLAcmy5O1rcpgrVOgjElVkHlDvD+2jumH+Evt5v6g
d0RBIdcDwg5Z4D8JFuEOihEpmSHzPSkVAr6MJB0KWrmGecGC+Q==
-----END CERTIFICATE-----