Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31342e302f32342d3234203d3e20383334.roa
File:                     3130392e3130362e31342e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          qjqG4neqp9F0MfAcSOWCFn/E/cJZu8T11vkt1JDuBfY=
Subject key identifier:   99:CE:5A:21:F1:13:D7:FA:C7:08:F5:86:D2:D5:CE:63:84:F7:4F:6F
Certificate issuer:       /CN=088469d1a33085ff88b3e599d223ca74c2313a3a
Certificate serial:       6C3ED998353AF82B11C0DF7B7E0C147917D743AD
Authority key identifier: 08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31342e302f32342d3234203d3e20383334.roa
Signing time:             Fri 03 Apr 2026 12:07:06 +0000
ROA not before:           Fri 03 Apr 2026 12:02:06 +0000
ROA not after:            Fri 02 Apr 2027 12:07:06 +0000
asID:                     834
IP address blocks:        109.106.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:3e:d9:98:35:3a:f8:2b:11:c0:df:7b:7e:0c:14:79:17:d7:43:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088469d1a33085ff88b3e599d223ca74c2313a3a
        Validity
            Not Before: Apr  3 12:02:06 2026 GMT
            Not After : Apr  2 12:07:06 2027 GMT
        Subject: CN=99CE5A21F113D7FAC708F586D2D5CE6384F74F6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:68:aa:6d:11:68:b4:8e:4f:8c:12:0c:76:de:
                    1a:b0:ba:60:8e:a4:99:c5:7b:35:08:95:a2:aa:01:
                    1f:4e:37:71:b8:b9:6e:30:db:d1:f5:e7:13:90:ae:
                    07:b8:f2:32:3d:8b:ed:d6:ea:cb:c4:52:3c:e3:e6:
                    99:09:73:da:33:a1:2a:f4:83:ac:24:60:d5:11:d7:
                    3d:c6:ed:88:55:2d:9b:48:3b:68:a3:76:ad:ab:55:
                    cb:c7:94:c8:7b:4b:00:06:1e:c5:6c:fb:b7:d7:f1:
                    74:60:20:05:7f:1d:32:26:ee:d8:e8:8c:b0:fb:bc:
                    15:ce:73:76:5e:b0:e9:f0:48:8c:ad:27:54:b4:85:
                    22:62:bc:cf:05:cc:95:73:05:9f:99:b4:dc:fb:41:
                    37:90:b8:31:c3:08:67:aa:c2:aa:fa:46:d6:82:50:
                    2c:2a:c1:09:f5:6d:b8:2f:d3:a9:a8:f7:58:37:4d:
                    2f:7b:38:7a:1b:f8:cb:e0:52:de:d8:41:41:1c:86:
                    f6:91:3a:50:b5:1e:02:51:5f:87:a6:81:bc:a3:a2:
                    b6:32:55:e7:a8:6b:42:db:cf:58:85:b3:7a:f7:dc:
                    c3:d8:a7:02:58:33:38:b3:18:13:c8:4f:c9:32:79:
                    d6:50:12:b8:89:07:f6:33:28:81:8c:b7:42:53:aa:
                    0f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:CE:5A:21:F1:13:D7:FA:C7:08:F5:86:D2:D5:CE:63:84:F7:4F:6F
            X509v3 Authority Key Identifier:
                keyid:08:84:69:D1:A3:30:85:FF:88:B3:E5:99:D2:23:CA:74:C2:31:3A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/088469D1A33085FF88B3E599D223CA74C2313A3A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRp0aMwhf-Is-WZ0iPKdMIxOjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/fe3708a0-67d5-4ac2-abc4-a332590b99af/5/3130392e3130362e31342e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.106.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:5f:1b:9e:8b:e5:2b:6d:be:0e:fb:7b:95:59:6c:0c:d5:8d:
         f0:c3:f4:94:b2:25:97:6e:7a:cb:71:91:7e:e0:72:14:bc:b7:
         55:be:3a:a6:fb:4c:71:8a:d3:77:0a:28:e2:eb:61:80:83:d1:
         8f:e3:55:04:30:8a:03:1c:9f:aa:b1:29:86:76:27:ca:c6:c3:
         5d:1c:e8:ac:d7:1f:7e:b6:6c:f9:6d:7d:65:6e:42:4a:7c:cb:
         cc:22:27:bc:b1:d3:a5:63:06:cb:79:f6:ce:c6:bd:2a:ae:6a:
         69:da:79:e2:27:a9:ed:18:b8:1c:47:73:fc:23:60:28:1d:c7:
         78:a2:d6:9f:a0:21:4d:f1:80:17:19:8a:cc:d1:66:2f:45:0a:
         8b:74:68:3a:1e:a6:d4:f2:f7:bc:24:b7:0b:00:ad:87:cb:8a:
         11:c3:e2:b6:a4:bb:58:5f:e0:60:24:93:61:55:13:de:b6:a1:
         bd:12:23:70:d5:bb:6c:b2:f4:8d:29:4a:b4:81:e9:86:bb:1e:
         ec:e9:b1:93:f9:60:02:51:3d:28:95:e0:37:c7:48:b4:b0:be:
         fa:07:9c:3c:65:b5:ff:56:63:af:ad:0f:c6:48:5e:e9:11:73:
         eb:f1:74:f9:ea:9d:bb:88:4c:5f:b4:82:ed:7e:de:78:29:bf:
         bf:67:78:78
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUbD7ZmDU6+CsRwN97fgwUeRfXQ60wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDg4NDY5ZDFhMzMwODVmZjg4YjNlNTk5ZDIyM2NhNzRj
MjMxM2EzYTAeFw0yNjA0MDMxMjAyMDZaFw0yNzA0MDIxMjA3MDZaMDMxMTAvBgNV
BAMTKDk5Q0U1QTIxRjExM0Q3RkFDNzA4RjU4NkQyRDVDRTYzODRGNzRGNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVaKptEWi0jk+MEgx23hqwumCO
pJnFezUIlaKqAR9ON3G4uW4w29H15xOQrge48jI9i+3W6svEUjzj5pkJc9ozoSr0
g6wkYNUR1z3G7YhVLZtIO2ijdq2rVcvHlMh7SwAGHsVs+7fX8XRgIAV/HTIm7tjo
jLD7vBXOc3ZesOnwSIytJ1S0hSJivM8FzJVzBZ+ZtNz7QTeQuDHDCGeqwqr6RtaC
UCwqwQn1bbgv06mo91g3TS97OHob+MvgUt7YQUEchvaROlC1HgJRX4emgbyjorYy
Veeoa0Lbz1iFs3r33MPYpwJYMzizGBPIT8kyedZQEriJB/YzKIGMt0JTqg8VAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQUmc5aIfET1/rHCPWG0tXOY4T3T28wHwYDVR0j
BBgwFoAUCIRp0aMwhf+Is+WZ0iPKdMIxOjowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAtNjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5
OWFmLzUvMDg4NDY5RDFBMzMwODVGRjg4QjNFNTk5RDIyM0NBNzRDMjMxM0EzQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0NJUnAwYU13aGYtSXMtV1owaVBLZE1J
eE9qby5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZmUzNzA4YTAt
NjdkNS00YWMyLWFiYzQtYTMzMjU5MGI5OWFmLzUvMzEzMDM5MmUzMTMwMzYyZTMx
MzQyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABtag4w
DQYJKoZIhvcNAQELBQADggEBAFxfG56L5Sttvg77e5VZbAzVjfDD9JSyJZduestx
kX7gchS8t1W+Oqb7THGK03cKKOLrYYCD0Y/jVQQwigMcn6qxKYZ2J8rGw10c6KzX
H362bPltfWVuQkp8y8wiJ7yx06VjBst59s7GvSquamnaeeInqe0YuBxHc/wjYCgd
x3ii1p+gIU3xgBcZiszRZi9FCot0aDoeptTy97wktwsArYfLihHD4raku1hf4GAk
k2FVE962ob0SI3DVu2yy9I0pSrSB6Ya7HuzpsZP5YAJRPSiV4DfHSLSwvvoHnDxl
tf9WY6+tD8ZIXukRc+vxdPnqnbuITF+0gu1+3ngpv79neHg=
-----END CERTIFICATE-----