Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa
File:                     3130332e34392e3133302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CgTEbzNPZ3g7D1H+2mNOUftvPK4zMQIihH/dZj8+iN4=
Subject key identifier:   07:97:06:96:56:6C:6A:51:A6:9B:81:7C:9C:D8:43:25:CD:79:E1:8B
Certificate issuer:       /CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
Certificate serial:       3BB1DA99643F2A50F31A3792BA4DC5E4BC0805FD
Authority key identifier: C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa
Signing time:             Tue 03 Mar 2026 13:29:13 +0000
ROA not before:           Tue 03 Mar 2026 13:24:13 +0000
ROA not after:            Tue 02 Mar 2027 13:29:13 +0000
asID:                     834
IP address blocks:        103.49.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 21:44:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b1:da:99:64:3f:2a:50:f3:1a:37:92:ba:4d:c5:e4:bc:08:05:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c770f43358b97ba0aa9bdc62bbd511e90aeab29d
        Validity
            Not Before: Mar  3 13:24:13 2026 GMT
            Not After : Mar  2 13:29:13 2027 GMT
        Subject: CN=07970696566C6A51A69B817C9CD84325CD79E18B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6b:fc:a5:4d:1a:02:35:41:45:5f:96:02:a0:
                    e0:4e:0f:07:dc:4a:01:d9:be:5b:4b:9e:49:fd:16:
                    c0:91:f3:01:77:c8:e4:cc:49:50:a0:01:54:be:05:
                    d5:e7:a8:c4:14:8b:2a:fb:03:cf:99:8e:fe:64:49:
                    cb:b7:a6:41:34:20:b9:6c:57:30:57:51:bc:8f:67:
                    f2:55:0e:f7:de:98:40:0f:c1:d0:cc:31:53:65:3f:
                    fe:cf:6a:de:f7:2a:73:32:17:d8:4b:74:e6:66:d4:
                    fb:08:dd:3a:e1:93:e6:20:5b:da:85:5b:8f:f5:1b:
                    e5:31:20:d5:63:d4:52:bc:81:c3:20:7d:fa:59:83:
                    97:b8:cb:76:72:05:c6:7c:e7:c0:d0:12:c5:4d:ae:
                    4b:eb:7a:1e:de:38:60:78:94:5b:7f:af:4e:7f:92:
                    8a:f9:46:4d:7e:18:24:b4:30:c1:cc:6e:72:7f:94:
                    e6:aa:f2:57:36:90:77:c2:b5:19:cc:02:c2:24:90:
                    29:97:ad:88:cf:81:9c:0a:47:ef:e4:04:ff:df:c2:
                    31:51:f7:b1:cf:5b:3e:e0:7d:34:cb:d9:5d:69:eb:
                    91:1b:bf:2e:eb:84:e5:85:d4:dd:3c:4a:e9:72:cd:
                    79:ce:0c:b5:87:e3:56:56:ce:5e:73:43:d9:e3:40:
                    ef:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:97:06:96:56:6C:6A:51:A6:9B:81:7C:9C:D8:43:25:CD:79:E1:8B
            X509v3 Authority Key Identifier:
                keyid:C7:70:F4:33:58:B9:7B:A0:AA:9B:DC:62:BB:D5:11:E9:0A:EA:B2:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/C770F43358B97BA0AA9BDC62BBD511E90AEAB29D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x3D0M1i5e6Cqm9xiu9UR6Qrqsp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/eafebdb4-6f0b-404b-98e2-a26be94a6620/0/3130332e34392e3133302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.49.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:98:61:9c:a5:28:72:a5:09:39:74:f0:8e:94:01:81:11:6d:
         2b:30:de:63:84:a1:58:ec:9b:3d:db:a0:e1:d3:75:b9:c7:4b:
         4d:37:f3:64:75:97:54:54:08:32:4a:8f:37:10:cb:a4:f2:5c:
         45:93:b6:cb:37:89:23:b1:f9:f3:88:7c:1e:5f:c4:f3:c4:86:
         86:36:6a:82:5d:fc:c1:c6:da:34:d0:ea:13:a9:d0:21:7a:51:
         64:40:c7:06:b3:8c:79:e7:01:90:d6:dd:2b:9c:50:26:d8:40:
         7c:3e:5f:c2:e7:43:89:54:7f:fa:d3:2e:dd:40:a7:74:7a:df:
         6e:b4:69:dd:60:92:dc:65:26:54:fe:a9:19:28:fd:1f:81:d2:
         0c:f3:9f:d5:b9:93:79:80:4f:15:4f:d6:7f:67:50:87:da:23:
         b5:47:9f:1c:5b:c8:5a:09:3d:d7:d5:7f:6f:64:3e:33:a1:6f:
         80:8d:bf:f3:d3:c6:68:e4:47:23:bb:4a:37:a6:45:0f:e0:6a:
         71:21:cc:d1:d7:fb:53:8a:ab:41:06:79:cc:6e:5e:1f:9d:85:
         51:48:79:eb:57:78:6a:a0:4c:56:c3:58:85:55:3e:1d:12:83:
         58:58:41:65:10:a6:ca:6a:4b:0b:5e:8b:57:1b:bb:17:e0:aa:
         85:8c:7a:09
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUO7HamWQ/KlDzGjeSuk3F5LwIBf0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzc3MGY0MzM1OGI5N2JhMGFhOWJkYzYyYmJkNTExZTkw
YWVhYjI5ZDAeFw0yNjAzMDMxMzI0MTNaFw0yNzAzMDIxMzI5MTNaMDMxMTAvBgNV
BAMTKDA3OTcwNjk2NTY2QzZBNTFBNjlCODE3QzlDRDg0MzI1Q0Q3OUUxOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5a/ylTRoCNUFFX5YCoOBODwfc
SgHZvltLnkn9FsCR8wF3yOTMSVCgAVS+BdXnqMQUiyr7A8+Zjv5kScu3pkE0ILls
VzBXUbyPZ/JVDvfemEAPwdDMMVNlP/7Pat73KnMyF9hLdOZm1PsI3Trhk+YgW9qF
W4/1G+UxINVj1FK8gcMgffpZg5e4y3ZyBcZ858DQEsVNrkvreh7eOGB4lFt/r05/
kor5Rk1+GCS0MMHMbnJ/lOaq8lc2kHfCtRnMAsIkkCmXrYjPgZwKR+/kBP/fwjFR
97HPWz7gfTTL2V1p65Ebvy7rhOWF1N08SulyzXnODLWH41ZWzl5zQ9njQO9NAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUB5cGllZsalGmm4F8nNhDJc154YswHwYDVR0j
BBgwFoAUx3D0M1i5e6Cqm9xiu9UR6Qrqsp0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQtNmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2
NjIwLzAvQzc3MEY0MzM1OEI5N0JBMEFBOUJEQzYyQkJENTExRTkwQUVBQjI5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3gzRDBNMWk1ZTZDcW05eGl1OVVSNlFy
cXNwMC5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZWFmZWJkYjQt
NmYwYi00MDRiLTk4ZTItYTI2YmU5NGE2NjIwLzAvMzEzMDMzMmUzNDM5MmUzMTMz
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABnMYIw
DQYJKoZIhvcNAQELBQADggEBAC+YYZylKHKlCTl08I6UAYERbSsw3mOEoVjsmz3b
oOHTdbnHS00382R1l1RUCDJKjzcQy6TyXEWTtss3iSOx+fOIfB5fxPPEhoY2aoJd
/MHG2jTQ6hOp0CF6UWRAxwazjHnnAZDW3SucUCbYQHw+X8LnQ4lUf/rTLt1Ap3R6
3260ad1gktxlJlT+qRko/R+B0gzzn9W5k3mATxVP1n9nUIfaI7VHnxxbyFoJPdfV
f29kPjOhb4CNv/PTxmjkRyO7SjemRQ/ganEhzNHX+1OKq0EGecxuXh+dhVFIeetX
eGqgTFbDWIVVPh0Sg1hYQWUQpspqSwtei1cbuxfgqoWMegk=
-----END CERTIFICATE-----