Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3137352e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          eBGlghw39XxG6VkwWAHmrWny0iEZJhhfqxzrME3K1V4=
Subject key identifier:   C1:BF:04:F5:6F:D8:D1:FA:E3:A3:3D:5C:10:CA:44:F8:13:F7:80:0A
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       27430D1CCB2157D2470F66A52C89F487E906CB97
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa
Signing time:             Fri 22 May 2026 13:09:14 +0000
ROA not before:           Fri 22 May 2026 13:04:14 +0000
ROA not after:            Fri 21 May 2027 13:09:14 +0000
asID:                     834
IP address blocks:        109.110.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:43:0d:1c:cb:21:57:d2:47:0f:66:a5:2c:89:f4:87:e9:06:cb:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: May 22 13:04:14 2026 GMT
            Not After : May 21 13:09:14 2027 GMT
        Subject: CN=C1BF04F56FD8D1FAE3A33D5C10CA44F813F7800A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0f:64:e3:a3:65:23:00:4d:e0:55:65:d1:05:
                    45:56:0a:b4:37:92:86:8e:ad:9b:22:b9:b8:18:ae:
                    fe:94:5b:05:da:fb:a2:25:27:1a:d5:9e:a9:f2:88:
                    a5:e6:29:d8:bb:37:1f:8d:a8:a4:d0:84:12:0b:f8:
                    b8:ec:92:8d:a8:fe:0a:ff:d0:87:d4:70:1e:13:5f:
                    f6:48:52:0f:b5:3b:c2:89:82:6f:8f:6c:01:c0:0f:
                    0d:ae:53:fa:f3:bc:38:5f:a6:05:b9:ab:f3:19:56:
                    6c:e2:9a:65:1a:a4:74:d1:20:cc:26:4b:a2:10:91:
                    9e:8c:c4:79:b1:32:e0:b1:5b:1f:5a:e4:54:e1:3d:
                    ad:48:f9:93:d7:30:bf:8f:b5:c9:03:c3:78:b7:eb:
                    5e:17:19:87:c8:21:c9:b9:cc:1f:b9:7a:c0:aa:fb:
                    1e:dc:ee:58:1f:e9:e9:b9:7e:4f:29:54:49:e4:37:
                    56:7a:da:4b:bb:2c:3c:f2:ef:44:92:05:61:e3:d5:
                    06:76:ab:37:1a:7a:35:84:64:03:04:1a:d9:5b:a7:
                    6a:4e:cb:79:6a:7b:bc:46:6f:c8:b3:f9:a8:09:e6:
                    46:f5:5f:fb:09:b0:43:94:0d:d7:5a:06:79:2a:70:
                    bd:30:b2:2b:07:39:9b:01:3b:f3:36:e6:c4:45:17:
                    0c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:BF:04:F5:6F:D8:D1:FA:E3:A3:3D:5C:10:CA:44:F8:13:F7:80:0A
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3137352e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:85:8b:57:77:2a:be:67:b4:70:19:28:6c:1d:30:0c:74:f9:
         a8:51:10:30:f5:19:57:ed:f7:3b:48:2f:cb:0f:38:80:10:e9:
         0f:59:50:dd:1d:0f:b0:fd:b5:1b:de:a9:21:af:d6:9f:6b:7b:
         6c:d4:b9:f3:55:a9:c0:93:e7:4c:71:cf:5d:12:6e:33:29:79:
         ad:e9:48:21:b1:65:90:2d:18:82:12:94:4d:62:d9:60:82:b5:
         c1:7d:e5:f5:f1:52:94:a6:34:b9:27:1f:4f:2c:d8:ba:fc:fb:
         19:72:b5:56:96:ee:75:dc:f5:b9:87:74:b9:b7:f7:7b:5d:c2:
         eb:74:cf:59:9a:13:e5:25:29:21:9a:4b:17:73:83:93:c6:59:
         fe:51:32:bd:45:0e:b1:8e:c7:8b:4f:d2:28:09:b7:9b:de:f7:
         47:60:6d:a8:d0:b8:f1:32:eb:f2:6b:ff:21:1a:8a:c6:08:3a:
         46:cf:ff:90:4b:d3:54:03:9f:41:9f:f0:07:9b:16:b3:d3:af:
         fd:c7:e5:e9:78:8a:f9:7a:99:9b:9a:0c:ba:20:69:5a:b9:f2:
         bd:f7:ac:48:ea:12:59:6e:60:86:5d:4d:6a:de:46:97:73:6c:
         f9:05:c0:89:16:ba:b1:1b:45:43:3c:21:5f:69:67:05:c8:98:
         a6:30:64:e3
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUJ0MNHMshV9JHD2alLIn0h+kGy5cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjA1MjIxMzA0MTRaFw0yNzA1MjExMzA5MTRaMDMxMTAvBgNV
BAMTKEMxQkYwNEY1NkZEOEQxRkFFM0EzM0Q1QzEwQ0E0NEY4MTNGNzgwMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDID2Tjo2UjAE3gVWXRBUVWCrQ3
koaOrZsiubgYrv6UWwXa+6IlJxrVnqnyiKXmKdi7Nx+NqKTQhBIL+Ljsko2o/gr/
0IfUcB4TX/ZIUg+1O8KJgm+PbAHADw2uU/rzvDhfpgW5q/MZVmzimmUapHTRIMwm
S6IQkZ6MxHmxMuCxWx9a5FThPa1I+ZPXML+PtckDw3i3614XGYfIIcm5zB+5esCq
+x7c7lgf6em5fk8pVEnkN1Z62ku7LDzy70SSBWHj1QZ2qzcaejWEZAMEGtlbp2pO
y3lqe7xGb8iz+agJ5kb1X/sJsEOUDddaBnkqcL0wsisHOZsBO/M25sRFFwy7AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUwb8E9W/Y0frjoz1cEMpE+BP3gAowHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzczNTJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
rzANBgkqhkiG9w0BAQsFAAOCAQEAd4WLV3cqvme0cBkobB0wDHT5qFEQMPUZV+33
O0gvyw84gBDpD1lQ3R0PsP21G96pIa/Wn2t7bNS581WpwJPnTHHPXRJuMyl5relI
IbFlkC0YghKUTWLZYIK1wX3l9fFSlKY0uScfTyzYuvz7GXK1Vpbuddz1uYd0ubf3
e13C63TPWZoT5SUpIZpLF3ODk8ZZ/lEyvUUOsY7Hi0/SKAm3m973R2BtqNC48TLr
8mv/IRqKxgg6Rs//kEvTVAOfQZ/wB5sWs9Ov/cfl6XiK+XqZm5oMuiBpWrnyvfes
SOoSWW5ghl1Nat5Gl3Ns+QXAiRa6sRtFQzwhX2lnBciYpjBk4w==
-----END CERTIFICATE-----