Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37352e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e37352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          qufxABzYtPVqJhKbvB3PBmop5jMgkyRVa/W0Bx1F4s4=
Subject key identifier:   91:FC:60:2F:0E:C9:43:F5:95:D1:E3:AF:EE:DE:EC:71:CD:8E:D4:E0
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       545B751A1CC523E2467FBCF617162F2F0A20A7F4
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37352e302f32342d3234203d3e20383334.roa
Signing time:             Wed 24 Jun 2026 08:46:51 +0000
ROA not before:           Wed 24 Jun 2026 08:41:51 +0000
ROA not after:            Wed 23 Jun 2027 08:46:51 +0000
asID:                     834
IP address blocks:        213.139.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 01:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:5b:75:1a:1c:c5:23:e2:46:7f:bc:f6:17:16:2f:2f:0a:20:a7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jun 24 08:41:51 2026 GMT
            Not After : Jun 23 08:46:51 2027 GMT
        Subject: CN=91FC602F0EC943F595D1E3AFEEDEEC71CD8ED4E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a2:a7:69:ca:0c:cf:8c:b2:4b:0d:29:60:03:
                    37:79:2f:e4:b2:74:64:f7:82:b2:4a:78:22:af:96:
                    38:12:16:c4:be:57:1f:56:a1:35:99:0c:f3:79:c9:
                    e9:fd:d0:a2:ee:49:f6:c7:68:5a:bc:95:8a:30:62:
                    f5:3d:59:63:1c:0f:25:8e:4c:a0:d2:f1:e2:cf:79:
                    36:36:b8:8a:63:14:ea:f3:5f:dc:38:0b:31:8d:30:
                    96:54:55:a9:8b:f0:bf:4f:5c:39:84:25:8a:29:d3:
                    8e:9f:c9:5e:a1:47:8c:ba:10:34:59:28:1a:64:ce:
                    f1:70:94:d8:f0:61:0d:fe:ae:e2:da:05:8d:06:c1:
                    65:13:bc:e9:8d:16:69:7b:1c:1c:d9:98:da:ca:85:
                    fb:58:da:54:73:e4:68:37:d0:b9:dd:d8:a5:80:e3:
                    ed:e2:ad:59:10:60:02:ed:b1:1e:a0:dc:a5:9c:9a:
                    2f:b8:57:e9:bc:75:9f:af:a2:41:d3:13:d9:20:6e:
                    81:37:33:05:7d:42:7f:4b:33:ef:c7:9a:13:fe:ad:
                    d7:af:54:c8:76:20:32:e2:3e:c5:1a:3f:ef:9f:95:
                    13:42:b0:37:15:a9:14:9c:af:64:1b:da:97:4c:7e:
                    99:49:8e:c9:6e:75:e7:15:a6:02:07:38:4e:52:44:
                    ba:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:FC:60:2F:0E:C9:43:F5:95:D1:E3:AF:EE:DE:EC:71:CD:8E:D4:E0
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e37352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:6e:b9:9c:35:3f:36:ee:1b:33:1e:1f:22:a3:30:97:98:c7:
         f6:59:6e:45:1c:e7:a7:2d:93:bc:df:3c:9b:30:3d:40:03:b4:
         e3:31:b8:19:f0:4d:77:e3:c5:71:4a:00:c3:06:16:46:72:bb:
         82:f3:04:9a:3a:c7:69:6e:f9:ea:f6:e3:f9:4c:33:0a:71:68:
         4f:8d:14:81:68:2b:55:f6:8e:ad:5d:90:25:5d:4c:1c:9f:11:
         ad:ac:60:85:ad:a3:d5:b2:54:bb:e5:0c:9f:60:41:71:4b:34:
         6b:1d:27:3d:36:94:c9:c0:68:f5:3f:5c:d1:71:77:c4:ed:b3:
         3b:5d:95:b9:a1:46:b8:19:41:8a:df:56:82:f3:c0:50:c0:71:
         13:89:20:30:0c:47:2b:59:15:57:03:fe:35:cc:2e:a9:89:16:
         5d:5d:8d:09:e3:62:0c:ea:a8:83:3b:bc:9f:c3:52:f3:9e:aa:
         df:ce:0a:3e:bf:f6:2d:e0:58:f4:a7:1c:78:19:ed:75:7e:53:
         d5:5c:3e:8a:4f:5c:02:dd:db:d7:2a:85:43:5f:8e:3d:a6:dc:
         51:b4:62:4b:e8:5e:6d:08:14:dc:41:a9:1d:9a:60:d0:96:f3:
         34:d6:77:c7:e3:93:9f:2d:a0:c7:43:77:d2:02:7d:0e:1e:81:
         d4:4a:2c:5f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUVFt1GhzFI+JGf7z2FxYvLwogp/QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjA2MjQwODQxNTFaFw0yNzA2MjMwODQ2NTFaMDMxMTAvBgNV
BAMTKDkxRkM2MDJGMEVDOTQzRjU5NUQxRTNBRkVFREVFQzcxQ0Q4RUQ0RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLoqdpygzPjLJLDSlgAzd5L+Sy
dGT3grJKeCKvljgSFsS+Vx9WoTWZDPN5yen90KLuSfbHaFq8lYowYvU9WWMcDyWO
TKDS8eLPeTY2uIpjFOrzX9w4CzGNMJZUVamL8L9PXDmEJYop046fyV6hR4y6EDRZ
KBpkzvFwlNjwYQ3+ruLaBY0GwWUTvOmNFml7HBzZmNrKhftY2lRz5Gg30Lnd2KWA
4+3irVkQYALtsR6g3KWcmi+4V+m8dZ+vokHTE9kgboE3MwV9Qn9LM+/HmhP+rdev
VMh2IDLiPsUaP++flRNCsDcVqRScr2Qb2pdMfplJjsludecVpgIHOE5SRLo7AgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUkfxgLw7JQ/WV0eOv7t7scc2O1OAwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM3
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi0sw
DQYJKoZIhvcNAQELBQADggEBAERuuZw1PzbuGzMeHyKjMJeYx/ZZbkUc56ctk7zf
PJswPUADtOMxuBnwTXfjxXFKAMMGFkZyu4LzBJo6x2lu+er24/lMMwpxaE+NFIFo
K1X2jq1dkCVdTByfEa2sYIWto9WyVLvlDJ9gQXFLNGsdJz02lMnAaPU/XNFxd8Tt
sztdlbmhRrgZQYrfVoLzwFDAcROJIDAMRytZFVcD/jXMLqmJFl1djQnjYgzqqIM7
vJ/DUvOeqt/OCj6/9i3gWPSnHHgZ7XV+U9VcPopPXALd29cqhUNfjj2m3FG0Ykvo
Xm0IFNxBqR2aYNCW8zTWd8fjk58toMdDd9ICfQ4egdRKLF8=
-----END CERTIFICATE-----