Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39322e302f32342d3234203d3e20383334.roa
File:                     3231332e3133392e39322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          iBZrpirngtNdiGfgs1e/5egkTxly/jS9DyH9F0hqP68=
Subject key identifier:   A8:B5:E8:E3:56:2F:87:B9:60:4F:5A:B5:7D:DA:EB:9B:A0:7F:81:63
Certificate issuer:       /CN=b683f2eb50c5999a77456e8826831609d48c7d3e
Certificate serial:       1EA40DF0C4EFC0EFEF5358B96633F98A6D8A9A0E
Authority key identifier: B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39322e302f32342d3234203d3e20383334.roa
Signing time:             Wed 03 Jun 2026 02:09:51 +0000
ROA not before:           Wed 03 Jun 2026 02:04:51 +0000
ROA not after:            Wed 02 Jun 2027 02:09:51 +0000
asID:                     834
IP address blocks:        213.139.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a4:0d:f0:c4:ef:c0:ef:ef:53:58:b9:66:33:f9:8a:6d:8a:9a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b683f2eb50c5999a77456e8826831609d48c7d3e
        Validity
            Not Before: Jun  3 02:04:51 2026 GMT
            Not After : Jun  2 02:09:51 2027 GMT
        Subject: CN=A8B5E8E3562F87B9604F5AB57DDAEB9BA07F8163
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:94:2f:da:81:00:d6:7a:a0:af:0c:1a:e2:92:
                    c9:f0:2b:95:61:d2:02:74:22:c4:13:14:27:c4:89:
                    13:e0:7c:d2:41:2f:62:38:bc:c9:bf:dc:51:01:55:
                    98:c8:dd:8c:4d:de:7d:d2:66:45:95:d0:85:a7:15:
                    ed:8d:50:b0:50:b4:12:e0:dd:02:fd:bc:6e:6f:ee:
                    2a:b1:57:e6:b0:40:fb:d4:1c:16:d7:f0:13:56:09:
                    3c:c7:91:37:68:fc:37:62:c4:cb:ab:5b:d8:9a:8e:
                    1f:9e:9c:d4:59:1a:84:a2:e0:92:27:55:99:8f:75:
                    41:8d:f4:9d:b0:8c:17:c7:b0:23:af:62:ad:e6:20:
                    29:fa:f0:15:35:68:d6:3c:62:e1:ff:f8:c9:0c:34:
                    14:49:dd:38:31:b0:00:6c:3b:bf:e3:80:ca:7c:16:
                    5e:2f:6d:f8:5f:54:37:9d:4b:c8:ba:47:33:fa:12:
                    ee:1f:0a:5e:9b:0a:c5:cc:c5:33:2d:cf:50:34:9e:
                    92:7b:29:71:f7:6c:05:b4:4c:d2:c1:7c:25:35:e3:
                    19:cf:11:32:d1:c7:f1:90:4f:0c:34:9b:5e:cb:29:
                    eb:0a:28:75:b0:9e:ee:e3:b5:f9:02:59:18:f8:28:
                    a5:15:ae:3a:bd:ab:20:a4:55:63:d1:77:00:66:b9:
                    a5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:B5:E8:E3:56:2F:87:B9:60:4F:5A:B5:7D:DA:EB:9B:A0:7F:81:63
            X509v3 Authority Key Identifier:
                keyid:B6:83:F2:EB:50:C5:99:9A:77:45:6E:88:26:83:16:09:D4:8C:7D:3E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/B683F2EB50C5999A77456E8826831609D48C7D3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/toPy61DFmZp3RW6IJoMWCdSMfT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a01c14fb-b660-489d-9e9f-9402e9e2c2e2/0/3231332e3133392e39322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:5d:58:27:0d:f9:6f:18:95:38:6c:0d:16:a8:8d:ee:43:8b:
         29:fa:eb:ab:51:01:92:5a:e0:88:1e:58:90:93:90:24:a3:8c:
         a2:fd:04:cc:6b:47:3f:f3:f7:d5:df:2d:59:38:ca:0f:4c:c7:
         73:71:c0:69:0e:c6:13:48:77:c1:13:de:ee:1c:90:13:07:61:
         03:18:fc:37:a4:b3:1a:82:50:17:50:9f:a3:d3:13:40:aa:99:
         83:d9:91:55:bc:2c:72:bd:55:a8:47:b6:37:3f:1a:a2:ff:b4:
         fc:74:e2:60:5f:ea:83:d0:5b:28:1a:40:6c:7a:6f:bd:4e:ee:
         eb:b3:4e:aa:ac:5e:00:c4:e2:37:94:8c:d4:30:ff:d7:85:17:
         42:f0:95:0e:98:96:62:84:00:c4:a2:d6:a9:ab:10:66:73:4f:
         9c:c1:ff:61:db:98:c2:eb:46:d5:02:20:1d:8e:23:17:ef:47:
         d0:5a:94:5e:32:66:e8:ab:83:73:f9:bb:57:31:f8:a2:9e:8f:
         12:1d:ba:e1:72:64:d9:f8:63:1f:b3:8a:b9:91:dc:5a:5b:0c:
         54:c5:76:0b:40:00:c0:0f:ad:ce:0e:84:db:eb:fd:cc:c7:c3:
         42:ec:a9:a0:ae:0d:84:8e:44:49:df:f4:d9:63:1b:d5:ef:da:
         45:64:58:19
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUHqQN8MTvwO/vU1i5ZjP5im2Kmg4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjY4M2YyZWI1MGM1OTk5YTc3NDU2ZTg4MjY4MzE2MDlk
NDhjN2QzZTAeFw0yNjA2MDMwMjA0NTFaFw0yNzA2MDIwMjA5NTFaMDMxMTAvBgNV
BAMTKEE4QjVFOEUzNTYyRjg3Qjk2MDRGNUFCNTdEREFFQjlCQTA3RjgxNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD0lC/agQDWeqCvDBriksnwK5Vh
0gJ0IsQTFCfEiRPgfNJBL2I4vMm/3FEBVZjI3YxN3n3SZkWV0IWnFe2NULBQtBLg
3QL9vG5v7iqxV+awQPvUHBbX8BNWCTzHkTdo/DdixMurW9iajh+enNRZGoSi4JIn
VZmPdUGN9J2wjBfHsCOvYq3mICn68BU1aNY8YuH/+MkMNBRJ3TgxsABsO7/jgMp8
Fl4vbfhfVDedS8i6RzP6Eu4fCl6bCsXMxTMtz1A0npJ7KXH3bAW0TNLBfCU14xnP
ETLRx/GQTww0m17LKesKKHWwnu7jtfkCWRj4KKUVrjq9qyCkVWPRdwBmuaWVAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUqLXo41Yvh7lgT1q1fdrrm6B/gWMwHwYDVR0j
BBgwFoAUtoPy61DFmZp3RW6IJoMWCdSMfT4wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmItYjY2MC00ODlkLTllOWYtOTQwMmU5ZTJj
MmUyLzAvQjY4M0YyRUI1MEM1OTk5QTc3NDU2RTg4MjY4MzE2MDlENDhDN0QzRS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3RvUHk2MURGbVpwM1JXNklKb01XQ2RT
TWZUNC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYTAxYzE0ZmIt
YjY2MC00ODlkLTllOWYtOTQwMmU5ZTJjMmUyLzAvMzIzMTMzMmUzMTMzMzkyZTM5
MzIyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADVi1ww
DQYJKoZIhvcNAQELBQADggEBAHldWCcN+W8YlThsDRaoje5Diyn666tRAZJa4Ige
WJCTkCSjjKL9BMxrRz/z99XfLVk4yg9Mx3NxwGkOxhNId8ET3u4ckBMHYQMY/Dek
sxqCUBdQn6PTE0CqmYPZkVW8LHK9VahHtjc/GqL/tPx04mBf6oPQWygaQGx6b71O
7uuzTqqsXgDE4jeUjNQw/9eFF0LwlQ6YlmKEAMSi1qmrEGZzT5zB/2HbmMLrRtUC
IB2OIxfvR9BalF4yZuirg3P5u1cx+KKejxIduuFyZNn4Yx+zirmR3FpbDFTFdgtA
AMAPrc4OhNvr/czHw0LsqaCuDYSOREnf9NljG9Xv2kVkWBk=
-----END CERTIFICATE-----