Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31322e302f32332d3234203d3e20383334.roa
File:                     3130392e3130362e31322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier:          o7HmtBobSjiy6M9VZ6d1dVc0Czooij70HWGaz+z6P1A=
Subject key identifier:   EC:35:CD:F0:CF:78:2A:F4:1D:4C:73:B0:30:85:2B:3F:86:17:6F:81
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       75D56E5623FE67D28FAE44DFCCE4D0BA3D984D79
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31322e302f32332d3234203d3e20383334.roa
Signing time:             Thu 23 Oct 2025 09:09:34 +0000
ROA not before:           Thu 23 Oct 2025 09:04:34 +0000
ROA not after:            Thu 22 Oct 2026 09:09:34 +0000
asID:                     834
IP address blocks:        109.106.12.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:d5:6e:56:23:fe:67:d2:8f:ae:44:df:cc:e4:d0:ba:3d:98:4d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 23 09:04:34 2025 GMT
            Not After : Oct 22 09:09:34 2026 GMT
        Subject: CN=EC35CDF0CF782AF41D4C73B030852B3F86176F81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e9:69:cc:bd:31:13:51:57:69:1c:a0:39:45:
                    54:f3:f8:8c:b2:b4:10:55:e0:e1:86:b2:28:21:9b:
                    05:95:cc:8b:5f:d6:79:bc:58:54:34:60:ec:e9:fd:
                    6a:d4:8b:46:94:c0:11:aa:e6:42:a2:1c:88:c7:7f:
                    d8:2c:19:3e:1e:64:e3:62:55:00:a1:9b:88:3c:1d:
                    ba:34:0e:81:67:81:c2:71:21:13:cf:18:90:b5:5c:
                    b9:b3:e1:ad:cb:11:e9:00:84:f4:70:83:59:19:a6:
                    e7:40:35:8e:94:6e:27:18:0e:55:a3:dd:c9:3d:4e:
                    04:34:98:fe:06:1a:c9:f6:6f:77:a6:99:3d:3b:d5:
                    fd:8d:9f:89:3e:07:fd:ef:46:0b:da:47:70:60:00:
                    dd:ee:b6:e4:6f:79:24:1e:d3:73:43:d6:c9:81:fe:
                    f2:f7:b1:d6:3f:83:88:24:8f:37:0c:ab:51:f9:bc:
                    a6:fd:fc:5b:6b:6b:b1:0b:5c:ea:7b:87:db:ee:43:
                    63:70:bf:e8:3c:34:dc:2e:0f:21:e0:a0:99:8c:ea:
                    8e:8f:3c:fd:7a:f7:40:20:93:03:9c:7d:0e:86:b7:
                    73:fc:ff:6f:59:04:cc:93:7a:a5:35:4a:8f:11:a9:
                    b5:2e:39:2a:1a:7f:82:51:87:ac:86:b4:e4:b2:69:
                    4a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:35:CD:F0:CF:78:2A:F4:1D:4C:73:B0:30:85:2B:3F:86:17:6F:81
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31322e302f32332d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:e9:2b:f1:80:8d:b3:d0:a0:f7:85:d4:30:96:fc:35:0a:ba:
         e8:7b:0f:2a:74:65:50:3f:43:1d:54:c4:3a:f4:c9:00:68:e0:
         8c:43:6e:e7:65:f4:2e:b8:cd:40:3e:e0:ca:83:a3:7d:af:9f:
         a3:23:0e:b4:30:e5:b3:46:99:d6:70:89:08:e6:6a:af:ab:a2:
         20:20:62:f4:7b:df:2b:3a:6e:00:d6:aa:f5:8e:4d:d2:ae:54:
         72:74:b9:d1:98:b4:e8:00:0b:b3:17:b2:b5:46:f0:39:46:a9:
         c7:9e:ad:00:f5:2b:66:7c:5f:37:01:e9:4e:fd:ed:d3:5e:7a:
         24:81:b1:e0:9f:77:79:8b:99:68:fd:15:2b:a8:8c:ea:f1:d5:
         99:79:93:ab:dc:92:1c:bd:ad:08:29:5c:2c:7e:73:11:49:2a:
         6d:c6:3c:ae:bb:42:47:1e:3d:37:85:ea:09:92:9d:7e:7a:4f:
         e9:08:35:1c:60:2f:a3:aa:6f:07:91:2c:cb:aa:89:34:66:e1:
         54:75:ed:a3:3c:34:7c:96:6d:7c:16:04:17:02:da:40:a1:d7:
         53:50:56:d5:75:ce:76:7e:f2:55:ed:d1:8d:62:90:1f:52:70:
         1d:f4:52:ef:6c:36:af:e5:6e:1e:bc:ff:05:64:d9:c9:5e:5f:
         d2:0f:dc:ef
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUddVuViP+Z9KPrkTfzOTQuj2YTXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMjMwOTA0MzRaFw0yNjEwMjIwOTA5MzRaMDMxMTAvBgNV
BAMTKEVDMzVDREYwQ0Y3ODJBRjQxRDRDNzNCMDMwODUyQjNGODYxNzZGODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi6WnMvTETUVdpHKA5RVTz+Iyy
tBBV4OGGsighmwWVzItf1nm8WFQ0YOzp/WrUi0aUwBGq5kKiHIjHf9gsGT4eZONi
VQChm4g8Hbo0DoFngcJxIRPPGJC1XLmz4a3LEekAhPRwg1kZpudANY6UbicYDlWj
3ck9TgQ0mP4GGsn2b3emmT071f2Nn4k+B/3vRgvaR3BgAN3utuRveSQe03ND1smB
/vL3sdY/g4gkjzcMq1H5vKb9/Ftra7ELXOp7h9vuQ2Nwv+g8NNwuDyHgoJmM6o6P
PP1690AgkwOcfQ6Gt3P8/29ZBMyTeqU1So8RqbUuOSoaf4JRh6yGtOSyaUpPAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU7DXN8M94KvQdTHOwMIUrP4YXb4EwHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzMDM5MmUzMTMwMzYyZTMx
MzIyZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFtagww
DQYJKoZIhvcNAQELBQADggEBAJbpK/GAjbPQoPeF1DCW/DUKuuh7Dyp0ZVA/Qx1U
xDr0yQBo4IxDbudl9C64zUA+4MqDo32vn6MjDrQw5bNGmdZwiQjmaq+roiAgYvR7
3ys6bgDWqvWOTdKuVHJ0udGYtOgAC7MXsrVG8DlGqceerQD1K2Z8XzcB6U797dNe
eiSBseCfd3mLmWj9FSuojOrx1Zl5k6vckhy9rQgpXCx+cxFJKm3GPK67QkcePTeF
6gmSnX56T+kINRxgL6OqbweRLMuqiTRm4VR17aM8NHyWbXwWBBcC2kCh11NQVtV1
znZ+8lXt0Y1ikB9ScB30Uu9sNq/lbh68/wVk2cleX9IP3O8=
-----END CERTIFICATE-----