Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33352e302f32342d3234203d3e20323132323338.roa
File:                     3139332e392e33352e302f32342d3234203d3e20323132323338.roa (raw, json)
Hash identifier:          QSuGEYYfxvBxoCxn2KJ+pTSBe6N6Nvyuu2AAojcUs+c=
Subject key identifier:   4A:A9:FD:4D:7B:7F:D3:A7:96:2E:2C:F9:CE:C5:11:82:3C:5C:C5:1A
Certificate issuer:       /CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
Certificate serial:       452076C7B5DA801B009368D5F3498F397844A710
Authority key identifier: AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33352e302f32342d3234203d3e20323132323338.roa
Signing time:             Thu 09 Oct 2025 09:07:23 +0000
ROA not before:           Thu 09 Oct 2025 09:02:23 +0000
ROA not after:            Thu 08 Oct 2026 09:07:23 +0000
asID:                     212238
IP address blocks:        193.9.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 00:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:20:76:c7:b5:da:80:1b:00:93:68:d5:f3:49:8f:39:78:44:a7:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab2dcc169c95f2b14df31dd24a1f67034ea7779c
        Validity
            Not Before: Oct  9 09:02:23 2025 GMT
            Not After : Oct  8 09:07:23 2026 GMT
        Subject: CN=4AA9FD4D7B7FD3A7962E2CF9CEC511823C5CC51A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:26:d0:8d:fb:c6:f2:15:a3:d3:27:9b:24:39:
                    e6:7b:8c:62:28:9e:17:60:95:aa:7a:54:8f:09:39:
                    42:29:de:05:e0:5f:76:d7:c0:31:5d:7e:a7:65:72:
                    e0:11:61:72:97:69:42:31:dc:3c:29:ad:f1:e7:f7:
                    66:9a:a3:d8:14:34:ce:33:8e:8e:6f:42:5c:c8:0d:
                    f9:4b:9a:e3:9b:b3:54:36:cf:a0:f0:27:d4:71:2c:
                    77:6b:0b:75:6f:af:09:1c:58:9c:cc:65:95:4e:e5:
                    d5:61:d0:98:bc:31:99:79:50:17:c3:bc:c7:4a:78:
                    a5:e5:6a:4e:00:67:88:3c:1b:c5:d2:3c:b8:f9:ef:
                    bf:12:88:09:8d:a0:97:38:40:60:1b:af:8d:4d:5b:
                    72:47:44:d1:54:22:97:db:d2:71:74:e7:2f:84:57:
                    7c:c7:48:70:a4:35:4b:f7:8f:82:31:f1:56:6b:3b:
                    6f:62:ad:29:41:53:f9:9b:2e:dc:0d:2e:b0:05:76:
                    52:01:5c:26:4e:22:a4:d6:50:8b:b4:e3:b1:36:bc:
                    2e:16:44:58:20:b7:ac:1a:91:79:94:5b:c9:d0:11:
                    d9:b8:8a:d7:51:b4:50:6a:16:f6:95:3e:67:6b:cf:
                    88:b9:27:d7:a3:fe:f6:fa:53:0e:2a:41:d5:68:9d:
                    c1:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A9:FD:4D:7B:7F:D3:A7:96:2E:2C:F9:CE:C5:11:82:3C:5C:C5:1A
            X509v3 Authority Key Identifier:
                keyid:AB:2D:CC:16:9C:95:F2:B1:4D:F3:1D:D2:4A:1F:67:03:4E:A7:77:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/AB2DCC169C95F2B14DF31DD24A1F67034EA7779C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qy3MFpyV8rFN8x3SSh9nA06nd5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/4/3139332e392e33352e302f32342d3234203d3e20323132323338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:66:05:92:18:e6:f3:ae:88:1a:28:fe:69:fb:24:40:b1:97:
         6f:12:60:06:ca:56:53:68:89:17:34:7b:90:93:55:74:2d:a4:
         c2:b8:d5:1a:c2:ad:0c:e4:9d:4e:2c:ae:c4:06:46:52:3a:f6:
         7e:8d:b9:90:10:fc:8b:ae:ff:48:79:0e:cc:79:53:c2:e5:ca:
         89:38:12:9c:a1:64:32:c7:e6:2c:2e:17:79:6e:02:91:d1:16:
         cb:80:ee:8e:fa:a4:ba:33:ae:bb:1c:2b:1d:4d:58:6a:29:87:
         ae:48:0e:b8:80:a9:cf:db:4f:8d:1e:47:77:b0:51:ae:5d:ed:
         a2:d1:38:1b:fd:b2:e6:c4:66:e3:dd:15:43:89:a7:93:a3:6a:
         3e:64:fb:eb:a3:d5:4c:e3:62:f0:ef:1f:44:61:48:af:18:73:
         ce:50:c2:3c:21:0c:57:e7:76:12:13:7f:5c:78:37:ca:4a:d0:
         7b:b6:d9:4c:9c:5b:20:f6:b5:a0:d5:66:05:69:24:fd:5b:0f:
         12:00:eb:1d:f4:39:71:e5:df:20:90:70:68:8f:46:3a:85:c0:
         f3:de:e2:55:2f:9d:d2:fc:0f:0b:7c:63:4a:c4:cc:e6:c2:c7:
         50:32:eb:11:10:4a:b5:43:d8:48:85:e6:e4:e3:ec:2d:9e:2d:
         b7:98:35:cd
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURSB2x7XagBsAk2jV80mPOXhEpxAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYWIyZGNjMTY5Yzk1ZjJiMTRkZjMxZGQyNGExZjY3MDM0
ZWE3Nzc5YzAeFw0yNTEwMDkwOTAyMjNaFw0yNjEwMDgwOTA3MjNaMDMxMTAvBgNV
BAMTKDRBQTlGRDREN0I3RkQzQTc5NjJFMkNGOUNFQzUxMTgyM0M1Q0M1MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVJtCN+8byFaPTJ5skOeZ7jGIo
nhdglap6VI8JOUIp3gXgX3bXwDFdfqdlcuARYXKXaUIx3DwprfHn92aao9gUNM4z
jo5vQlzIDflLmuObs1Q2z6DwJ9RxLHdrC3VvrwkcWJzMZZVO5dVh0Ji8MZl5UBfD
vMdKeKXlak4AZ4g8G8XSPLj5778SiAmNoJc4QGAbr41NW3JHRNFUIpfb0nF05y+E
V3zHSHCkNUv3j4Ix8VZrO29irSlBU/mbLtwNLrAFdlIBXCZOIqTWUIu047E2vC4W
RFggt6wakXmUW8nQEdm4itdRtFBqFvaVPmdrz4i5J9ej/vb6Uw4qQdVoncHNAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUSqn9TXt/06eWLiz5zsURgjxcxRowHwYDVR0j
BBgwFoAUqy3MFpyV8rFN8x3SSh9nA06nd5wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzQvQUIyRENDMTY5Qzk1RjJCMTRERjMxREQyNEExRjY3MDM0RUE3Nzc5Qy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3F5M01GcHlWOHJGTjh4M1NTaDluQTA2
bmQ1dy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzQvMzEzOTMzMmUzOTJlMzMzNTJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzMjMyMzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEJ
IzANBgkqhkiG9w0BAQsFAAOCAQEAdWYFkhjm866IGij+afskQLGXbxJgBspWU2iJ
FzR7kJNVdC2kwrjVGsKtDOSdTiyuxAZGUjr2fo25kBD8i67/SHkOzHlTwuXKiTgS
nKFkMsfmLC4XeW4CkdEWy4DujvqkujOuuxwrHU1YaimHrkgOuICpz9tPjR5Hd7BR
rl3totE4G/2y5sRm490VQ4mnk6NqPmT766PVTONi8O8fRGFIrxhzzlDCPCEMV+d2
EhN/XHg3ykrQe7bZTJxbIPa1oNVmBWkk/VsPEgDrHfQ5ceXfIJBwaI9GOoXA897i
VS+d0vwPC3xjSsTM5sLHUDLrERBKtUPYSIXm5OPsLZ4tt5g1zQ==
-----END CERTIFICATE-----