Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138332e302f32342d3234203d3e20383334.roa
File:                     3130392e3131302e3138332e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          FaA419x5je9quGLYz3tbznHPwR768zBh67Pkee8pXU0=
Subject key identifier:   88:84:7E:F0:84:73:2B:4C:2C:96:CB:08:EC:C1:4B:7D:72:59:63:28
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       56868046456AC2512188ED6D0B4990AE430ADEA0
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138332e302f32342d3234203d3e20383334.roa
Signing time:             Thu 25 Jun 2026 12:03:17 +0000
ROA not before:           Thu 25 Jun 2026 11:58:17 +0000
ROA not after:            Thu 24 Jun 2027 12:03:17 +0000
asID:                     834
IP address blocks:        109.110.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:86:80:46:45:6a:c2:51:21:88:ed:6d:0b:49:90:ae:43:0a:de:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: Jun 25 11:58:17 2026 GMT
            Not After : Jun 24 12:03:17 2027 GMT
        Subject: CN=88847EF084732B4C2C96CB08ECC14B7D72596328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:55:f7:f6:20:33:6c:8d:ca:a0:b5:5d:71:07:
                    3a:49:e3:97:2b:83:d6:33:ec:31:e8:fe:4b:c4:dc:
                    77:17:b9:e7:5d:cd:a5:79:d8:9a:a8:8b:cc:3f:22:
                    97:59:a2:4b:e0:f2:ef:57:0e:49:60:e5:54:4f:62:
                    ab:90:f0:9e:c4:9d:96:49:00:3e:8d:0f:85:93:3e:
                    de:6d:09:b7:7a:62:0e:d4:9f:c9:c4:81:dc:d7:72:
                    bd:06:d9:54:f9:cb:49:51:26:65:0a:7e:53:fd:0f:
                    8f:5a:4f:de:a5:77:bd:a3:ee:4e:b0:a7:9b:eb:27:
                    0e:71:c9:90:1a:3f:5e:47:c8:87:c8:44:82:91:4e:
                    19:c6:cd:66:b4:fe:63:7c:60:a1:d0:1b:65:0f:06:
                    58:21:02:b9:d4:09:71:15:6d:f9:16:b0:c7:58:05:
                    7c:34:0a:12:b0:f8:a0:03:9c:93:1a:27:39:67:c0:
                    a4:79:73:c4:7b:14:e7:4a:a3:68:1c:d8:63:e3:c2:
                    51:7d:f4:82:d5:b5:ee:81:a7:5d:eb:b3:2a:6b:96:
                    44:1d:d7:7f:93:eb:5a:8c:45:59:85:89:ad:ec:b3:
                    93:b5:39:63:d9:e8:bf:a9:13:08:f5:bb:75:7c:92:
                    ac:b1:e9:ed:56:2c:34:7c:02:9a:e5:37:6b:f3:d2:
                    22:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:84:7E:F0:84:73:2B:4C:2C:96:CB:08:EC:C1:4B:7D:72:59:63:28
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3138332e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:c6:13:37:88:b5:64:b0:6b:55:85:aa:a9:d4:09:c9:ce:b8:
         84:1b:65:77:d3:6d:e1:23:8d:e4:1a:73:4d:d1:c1:5b:eb:c4:
         d6:f9:41:c3:2c:4b:2e:d3:5a:f9:58:12:f8:a0:68:e9:d8:95:
         95:80:92:00:88:3d:88:66:16:4f:22:bb:bf:80:52:35:8e:35:
         3b:73:5a:44:a6:5a:97:6a:d2:7f:1d:91:41:3c:ab:14:26:bf:
         ef:0a:4a:c3:52:62:77:aa:75:2a:d2:7d:4a:07:30:de:56:37:
         ca:4b:8f:cc:eb:75:f3:d9:21:fb:fe:4c:8e:24:b2:c1:42:5d:
         ed:64:90:a8:b7:99:ff:46:fa:3d:35:83:fb:d9:d5:75:de:59:
         71:4b:f6:17:fb:f6:da:ba:83:b4:0d:28:1f:5c:e6:0a:37:99:
         d2:91:0c:c4:29:84:6c:54:68:0f:4e:d3:dd:79:cc:5f:b8:99:
         73:fe:e7:b0:33:bd:aa:d9:18:52:87:32:4f:2c:c5:51:4e:43:
         25:7c:b8:9e:62:45:52:a3:2d:64:10:76:75:50:21:b7:dd:5a:
         e7:86:40:eb:11:63:af:53:35:a0:55:5c:6b:18:9d:97:d8:85:
         e9:a7:6d:d6:4b:d6:34:da:85:c9:da:8b:5d:ed:79:5a:d8:bb:
         0e:6a:3c:fd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUVoaARkVqwlEhiO1tC0mQrkMK3qAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNjA2MjUxMTU4MTdaFw0yNzA2MjQxMjAzMTdaMDMxMTAvBgNV
BAMTKDg4ODQ3RUYwODQ3MzJCNEMyQzk2Q0IwOEVDQzE0QjdENzI1OTYzMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWVff2IDNsjcqgtV1xBzpJ45cr
g9Yz7DHo/kvE3HcXueddzaV52Jqoi8w/IpdZokvg8u9XDklg5VRPYquQ8J7EnZZJ
AD6ND4WTPt5tCbd6Yg7Un8nEgdzXcr0G2VT5y0lRJmUKflP9D49aT96ld72j7k6w
p5vrJw5xyZAaP15HyIfIRIKRThnGzWa0/mN8YKHQG2UPBlghArnUCXEVbfkWsMdY
BXw0ChKw+KADnJMaJzlnwKR5c8R7FOdKo2gc2GPjwlF99ILVte6Bp13rsyprlkQd
13+T61qMRVmFia3ss5O1OWPZ6L+pEwj1u3V8kqyx6e1WLDR8AprlN2vz0iI5AgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUiIR+8IRzK0wslssI7MFLfXJZYygwHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzgzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM4MzMzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAG1u
tzANBgkqhkiG9w0BAQsFAAOCAQEAjsYTN4i1ZLBrVYWqqdQJyc64hBtld9Nt4SON
5BpzTdHBW+vE1vlBwyxLLtNa+VgS+KBo6diVlYCSAIg9iGYWTyK7v4BSNY41O3Na
RKZal2rSfx2RQTyrFCa/7wpKw1Jid6p1KtJ9Sgcw3lY3ykuPzOt189kh+/5MjiSy
wUJd7WSQqLeZ/0b6PTWD+9nVdd5ZcUv2F/v22rqDtA0oH1zmCjeZ0pEMxCmEbFRo
D07T3XnMX7iZc/7nsDO9qtkYUocyTyzFUU5DJXy4nmJFUqMtZBB2dVAht91a54ZA
6xFjr1M1oFVcaxidl9iF6adt1kvWNNqFydqLXe15Wti7Dmo8/Q==
-----END CERTIFICATE-----