Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa
File:                     3231332e3133392e38302e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          xh9MbcQaOVI91ITKhlmBWnlkj2aoxPKUoH1PWhneuhw=
Subject key identifier:   57:98:04:1A:E6:0A:D0:47:66:4E:84:72:9C:B3:C5:52:6C:C3:DD:8C
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       04AE3623E5DB1A0B0D4A52A1C7AA4B9C55A400F7
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa
Signing time:             Wed 24 Jun 2026 09:05:11 +0000
ROA not before:           Wed 24 Jun 2026 09:00:11 +0000
ROA not after:            Wed 23 Jun 2027 09:05:11 +0000
asID:                     834
IP address blocks:        213.139.80.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 01:43:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:ae:36:23:e5:db:1a:0b:0d:4a:52:a1:c7:aa:4b:9c:55:a4:00:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jun 24 09:00:11 2026 GMT
            Not After : Jun 23 09:05:11 2027 GMT
        Subject: CN=5798041AE60AD047664E84729CB3C5526CC3DD8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:81:ea:18:c6:a1:29:43:69:eb:fb:ee:fd:1b:
                    49:00:37:32:b4:56:98:ff:d2:ca:0f:d9:b7:97:8d:
                    fe:6a:e6:c3:4c:b7:27:ba:aa:aa:59:4b:e4:6b:9d:
                    5a:ea:3f:2d:7a:63:3f:ce:5d:fd:3b:b0:ca:f5:6d:
                    77:78:99:84:4f:77:7c:b5:f7:5d:35:dc:8c:16:71:
                    bc:ec:42:41:3f:1b:38:87:f6:55:b0:34:33:d0:b8:
                    f1:30:13:a6:21:ae:aa:aa:1c:4e:c1:0f:53:e1:d3:
                    46:8f:5a:00:ea:d7:80:0e:e0:bf:13:84:57:33:d1:
                    03:e5:01:fb:1c:d9:c0:61:d9:2d:bf:c9:9b:08:cb:
                    71:be:7b:57:fe:90:fb:84:5e:c1:b3:f3:1b:f5:fc:
                    8e:84:c4:ce:35:b2:53:e4:04:a8:1d:8f:60:28:ad:
                    39:92:71:bd:fa:70:f4:13:e4:5b:83:f8:56:55:89:
                    de:b5:98:56:d7:ce:62:de:e0:d7:0b:b2:94:e1:a4:
                    23:be:ea:80:05:44:b8:ef:fa:f6:86:17:8e:92:13:
                    0f:14:ba:99:19:df:d1:9b:8a:9c:23:a3:55:31:c5:
                    70:bd:1b:a3:b8:40:77:2c:14:d2:8a:80:ad:bc:7d:
                    89:c2:48:c6:67:90:99:d4:d3:40:83:f6:11:ff:3e:
                    52:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:98:04:1A:E6:0A:D0:47:66:4E:84:72:9C:B3:C5:52:6C:C3:DD:8C
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e38302e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:33:ec:da:3e:fe:bf:13:4c:af:59:1a:a4:de:f5:ef:32:91:
         e8:95:e3:7c:7e:c2:0e:8a:a7:ce:b3:d5:a7:43:9a:bf:c1:cf:
         10:5a:9c:26:ec:e5:22:ac:de:59:cc:7c:55:36:12:1d:16:26:
         be:34:f9:81:a0:53:01:05:72:e2:ee:e8:37:92:a4:c6:97:a8:
         59:2f:f2:80:60:7a:71:cc:d5:89:78:33:94:82:06:74:8a:f6:
         71:0c:35:13:14:dd:46:b7:72:aa:96:b3:d4:d3:df:3a:b3:5a:
         d4:1c:ad:05:21:fe:98:e7:13:ed:27:7a:99:ef:f0:76:44:a5:
         2e:8b:e0:04:82:e1:9f:6e:ae:c7:40:89:27:46:97:87:fd:5b:
         8d:3a:fc:0e:64:f4:33:c3:ce:c0:7c:ba:bd:06:31:92:e6:69:
         73:c7:74:5f:03:c7:c9:9f:9e:04:68:7f:0a:2b:bc:e5:74:0a:
         db:be:f7:09:35:c4:25:c9:16:85:9d:7f:a6:29:ed:d9:2f:87:
         d3:33:2c:21:4e:91:e2:7b:48:e7:00:45:01:49:7d:99:9a:19:
         fa:8d:46:fb:cb:37:56:8a:a3:a8:5e:6b:bf:84:19:96:dc:52:
         c5:12:fd:04:4c:32:bb:da:a2:43:ae:74:e8:1c:77:b0:48:ea:
         25:f9:d8:0f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBK42I+XbGgsNSlKhx6pLnFWkAPcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjA2MjQwOTAwMTFaFw0yNzA2MjMwOTA1MTFaMDMxMTAvBgNV
BAMTKDU3OTgwNDFBRTYwQUQwNDc2NjRFODQ3MjlDQjNDNTUyNkNDM0REOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYgeoYxqEpQ2nr++79G0kANzK0
Vpj/0soP2beXjf5q5sNMtye6qqpZS+RrnVrqPy16Yz/OXf07sMr1bXd4mYRPd3y1
91013IwWcbzsQkE/GziH9lWwNDPQuPEwE6YhrqqqHE7BD1Ph00aPWgDq14AO4L8T
hFcz0QPlAfsc2cBh2S2/yZsIy3G+e1f+kPuEXsGz8xv1/I6ExM41slPkBKgdj2Ao
rTmScb36cPQT5FuD+FZVid61mFbXzmLe4NcLspThpCO+6oAFRLjv+vaGF46SEw8U
upkZ39Gbipwjo1UxxXC9G6O4QHcsFNKKgK28fYnCSMZnkJnU00CD9hH/PlLHAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUV5gEGuYK0EdmToRynLPFUmzD3YwwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM4
MzAyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHVi1Aw
DQYJKoZIhvcNAQELBQADggEBAJcz7No+/r8TTK9ZGqTe9e8ykeiV43x+wg6Kp86z
1adDmr/BzxBanCbs5SKs3lnMfFU2Eh0WJr40+YGgUwEFcuLu6DeSpMaXqFkv8oBg
enHM1Yl4M5SCBnSK9nEMNRMU3Ua3cqqWs9TT3zqzWtQcrQUh/pjnE+0nepnv8HZE
pS6L4ASC4Z9ursdAiSdGl4f9W406/A5k9DPDzsB8ur0GMZLmaXPHdF8Dx8mfngRo
fworvOV0Ctu+9wk1xCXJFoWdf6Yp7dkvh9MzLCFOkeJ7SOcARQFJfZmaGfqNRvvL
N1aKo6hea7+EGZbcUsUS/QRMMrvaokOudOgcd7BI6iX52A8=
-----END CERTIFICATE-----