Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31342e302f32332d3233203d3e20383334.roa
File:                     3130392e3130362e31342e302f32332d3233203d3e20383334.roa (raw, json)
Hash identifier:          HpGt+M0S+8rpIWuqmM/aTip014ZELecmOYUyprsl1tE=
Subject key identifier:   64:FE:5B:B9:0B:64:7B:E2:CF:89:05:D3:8E:95:DB:98:FD:5E:02:FF
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       065116ACF55836F4EE8D62AD529FDA43F4FF1D7F
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31342e302f32332d3233203d3e20383334.roa
Signing time:             Thu 23 Oct 2025 09:09:57 +0000
ROA not before:           Thu 23 Oct 2025 09:04:57 +0000
ROA not after:            Thu 22 Oct 2026 09:09:57 +0000
asID:                     834
IP address blocks:        109.106.14.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:51:16:ac:f5:58:36:f4:ee:8d:62:ad:52:9f:da:43:f4:ff:1d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Oct 23 09:04:57 2025 GMT
            Not After : Oct 22 09:09:57 2026 GMT
        Subject: CN=64FE5BB90B647BE2CF8905D38E95DB98FD5E02FF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:96:71:d8:14:90:f1:8f:c0:1f:d2:a2:fc:c2:
                    90:db:7e:fa:9b:26:fb:0b:72:c1:4f:d6:02:86:67:
                    a9:7c:a2:2c:50:d1:5f:0e:a8:44:a6:06:d2:ef:34:
                    4e:eb:e7:f7:83:6c:3d:6d:0b:3c:93:a7:dd:46:9f:
                    9b:7b:85:f0:91:ee:75:cb:08:7e:1d:90:27:bc:5d:
                    c6:9c:45:14:07:74:fe:5a:4e:e4:a7:4a:1c:18:aa:
                    fb:32:20:72:57:c2:2a:3a:d0:04:b0:63:50:26:0c:
                    cc:76:f6:a3:d4:84:27:b2:7d:8c:05:a5:40:01:63:
                    fd:34:bc:f2:7b:91:fa:de:9e:45:6a:88:0d:43:f5:
                    f0:14:1e:68:20:e4:2b:a9:da:e7:dc:6b:a1:2f:c0:
                    ef:0c:f0:51:33:5b:74:a0:6b:b3:1e:79:21:48:b6:
                    40:a2:e1:1f:0c:d5:15:3d:a8:ad:b3:1d:17:5e:bf:
                    f8:54:c5:b8:ae:42:67:c3:bc:7e:19:4b:ff:1e:78:
                    7b:ec:28:83:a3:c4:4f:f6:33:c2:91:a2:7c:72:0a:
                    1e:9b:b1:a2:a7:6b:54:ee:15:9b:fe:7f:1b:0c:f3:
                    aa:52:9e:cc:89:7e:51:db:84:60:15:60:86:7e:a5:
                    89:7d:38:85:47:28:06:63:63:86:ad:36:b4:b9:9f:
                    2e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:FE:5B:B9:0B:64:7B:E2:CF:89:05:D3:8E:95:DB:98:FD:5E:02:FF
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31342e302f32332d3233203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:37:29:f1:c7:70:ff:9b:1a:40:d3:42:38:df:37:7e:ab:83:
         1b:fb:b3:dc:a5:28:08:1f:64:d9:dc:79:d2:09:b8:25:78:cf:
         47:1e:5e:cd:51:47:44:64:61:30:21:7c:15:91:5d:f3:46:47:
         58:8f:ba:e5:45:1b:0d:50:db:32:52:36:8e:d8:69:c0:af:68:
         d8:70:41:eb:21:bb:ca:d3:eb:62:dd:8c:8d:b7:46:c2:ed:27:
         16:08:cb:7b:78:ed:e9:4c:bc:91:44:c1:18:21:92:b3:27:59:
         2a:55:8b:e2:37:35:e5:97:87:95:99:50:03:fc:b1:2f:1e:75:
         f6:27:5b:f5:5b:27:66:37:83:97:f5:4a:4f:20:de:f0:90:04:
         27:cb:43:94:f6:cd:7e:d0:de:85:d6:e3:01:4e:20:13:e4:5f:
         e0:39:b5:36:84:4f:33:1d:a2:df:8c:a5:18:39:3d:e6:f6:3c:
         5b:80:cd:7e:c4:63:65:ee:0a:d9:6c:cd:c5:e4:1b:60:55:83:
         f5:b2:28:89:40:e2:75:63:59:17:ea:88:a9:68:20:a0:d8:ba:
         cd:a3:74:2f:8b:19:02:3c:58:2d:d1:5b:bd:ea:2a:f3:b4:40:
         60:7e:fd:66:a4:93:43:fb:c8:f2:68:8d:a6:aa:9b:68:9d:8e:
         43:fe:b4:15
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUBlEWrPVYNvTujWKtUp/aQ/T/HX8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNTEwMjMwOTA0NTdaFw0yNjEwMjIwOTA5NTdaMDMxMTAvBgNV
BAMTKDY0RkU1QkI5MEI2NDdCRTJDRjg5MDVEMzhFOTVEQjk4RkQ1RTAyRkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4lnHYFJDxj8Af0qL8wpDbfvqb
JvsLcsFP1gKGZ6l8oixQ0V8OqESmBtLvNE7r5/eDbD1tCzyTp91Gn5t7hfCR7nXL
CH4dkCe8XcacRRQHdP5aTuSnShwYqvsyIHJXwio60ASwY1AmDMx29qPUhCeyfYwF
pUABY/00vPJ7kfrenkVqiA1D9fAUHmgg5Cup2ufca6EvwO8M8FEzW3Sga7MeeSFI
tkCi4R8M1RU9qK2zHRdev/hUxbiuQmfDvH4ZS/8eeHvsKIOjxE/2M8KRonxyCh6b
saKna1TuFZv+fxsM86pSnsyJflHbhGAVYIZ+pYl9OIVHKAZjY4atNrS5ny7nAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUZP5buQtke+LPiQXTjpXbmP1eAv8wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzMDM5MmUzMTMwMzYyZTMx
MzQyZTMwMmYzMjMzMmQzMjMzMjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFtag4w
DQYJKoZIhvcNAQELBQADggEBACk3KfHHcP+bGkDTQjjfN36rgxv7s9ylKAgfZNnc
edIJuCV4z0ceXs1RR0RkYTAhfBWRXfNGR1iPuuVFGw1Q2zJSNo7YacCvaNhwQesh
u8rT62LdjI23RsLtJxYIy3t47elMvJFEwRghkrMnWSpVi+I3NeWXh5WZUAP8sS8e
dfYnW/VbJ2Y3g5f1Sk8g3vCQBCfLQ5T2zX7Q3oXW4wFOIBPkX+A5tTaETzMdot+M
pRg5Peb2PFuAzX7EY2XuCtlszcXkG2BVg/WyKIlA4nVjWRfqiKloIKDYus2jdC+L
GQI8WC3RW73qKvO0QGB+/Wakk0P7yPJojaaqm2idjkP+tBU=
-----END CERTIFICATE-----