Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          wKv0OUYBeiloCVCUfgvP0ckIf0NWLykky81ggq4WJCE=
Subject key identifier:   F8:44:4B:C5:41:A3:1F:1F:81:70:65:11:B6:61:91:94:2B:25:6A:7C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1BEBADEAC9D3152C5B4B71C37698AE1A230A1AB3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa
Signing time:             Wed 24 Sep 2025 12:35:55 +0000
ROA not before:           Wed 24 Sep 2025 12:30:55 +0000
ROA not after:            Wed 23 Sep 2026 12:35:55 +0000
asID:                     25369
IP address blocks:        167.148.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:eb:ad:ea:c9:d3:15:2c:5b:4b:71:c3:76:98:ae:1a:23:0a:1a:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 24 12:30:55 2025 GMT
            Not After : Sep 23 12:35:55 2026 GMT
        Subject: CN=F8444BC541A31F1F81706511B66191942B256A7C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d0:ba:05:ab:72:9a:bc:be:8d:80:7e:47:29:
                    ed:54:4c:66:3a:b4:9f:c3:93:5b:51:45:03:0d:58:
                    86:10:19:73:9c:33:da:5d:02:3d:1e:03:3f:c3:90:
                    a2:2f:0a:b6:24:5a:bb:49:ef:a3:83:01:ea:74:a8:
                    1c:b9:31:35:d1:0f:4d:65:ff:6d:be:77:2d:a7:64:
                    11:4c:38:9a:58:04:8f:a6:c8:64:3c:94:cb:17:0c:
                    fe:f2:ff:44:ed:53:cd:91:21:96:80:a2:96:a8:74:
                    bc:6f:65:c2:f9:f7:1c:79:cf:78:18:ce:55:32:89:
                    39:4a:cc:77:8d:33:68:7c:d7:ee:77:a6:16:2d:ed:
                    9b:2f:a3:1c:67:b2:ae:59:94:1a:74:51:aa:4c:51:
                    8f:25:68:a4:f4:f6:aa:90:51:d5:ae:93:c9:35:ea:
                    e4:ae:01:e3:34:d2:ae:ce:53:a2:dc:8b:14:6f:77:
                    05:3f:99:ba:cd:84:64:55:2b:38:38:6d:15:e1:36:
                    36:6e:dc:0a:8c:7f:e1:fe:54:ba:73:02:e8:f1:c3:
                    84:5c:77:4f:92:38:c9:6f:8d:2e:6b:94:38:01:22:
                    32:0c:a1:8f:fa:16:0a:21:f5:ed:ba:de:18:27:7c:
                    87:a9:95:d1:53:02:e6:70:39:45:19:99:d9:38:9d:
                    48:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:44:4B:C5:41:A3:1F:1F:81:70:65:11:B6:61:91:94:2B:25:6A:7C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:2e:88:cc:0f:aa:19:5e:4e:94:25:3e:38:c9:d1:09:1e:64:
         50:9c:01:81:e9:36:3c:bb:5b:ef:0c:c1:1e:b5:5c:2d:15:6a:
         6e:b9:f2:84:d9:04:09:fa:9c:df:7b:80:af:98:e1:4e:c4:81:
         96:5f:d2:b8:b9:d3:68:fe:98:d5:66:ee:ec:f3:e7:b3:c6:3c:
         e4:50:23:ee:6b:74:23:07:81:19:59:8b:b5:cc:7d:82:83:57:
         a3:c4:18:b7:24:0a:e3:4a:91:1c:c6:69:17:38:2e:c7:27:4b:
         a6:77:40:75:67:45:29:e7:76:2a:2f:38:5b:e8:76:6e:e5:20:
         65:a6:8d:c9:80:6f:ba:76:25:ad:17:cc:79:97:8b:e9:18:8e:
         6b:02:61:0d:b1:92:d0:48:55:96:ee:53:c6:f7:da:14:d2:bd:
         65:1c:bb:3d:fe:39:21:0e:c4:1a:9f:40:92:17:d6:78:c6:1b:
         d0:11:9d:d7:fc:74:8c:ad:e5:ca:8b:8a:b4:4b:1e:f4:5c:17:
         ed:eb:24:7f:da:b1:24:b6:18:82:bb:ae:6d:6f:a5:94:44:ba:
         b1:01:bd:bc:4f:8a:da:0f:04:42:ad:80:8a:45:90:e2:3e:fd:
         5a:d4:1d:58:16:c7:79:bd:64:09:cc:dd:42:e4:71:53:67:bb:
         2e:ac:21:3b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUG+ut6snTFSxbS3HDdpiuGiMKGrMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MjQxMjMwNTVaFw0yNjA5MjMxMjM1NTVaMDMxMTAvBgNV
BAMTKEY4NDQ0QkM1NDFBMzFGMUY4MTcwNjUxMUI2NjE5MTk0MkIyNTZBN0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN0LoFq3KavL6NgH5HKe1UTGY6
tJ/Dk1tRRQMNWIYQGXOcM9pdAj0eAz/DkKIvCrYkWrtJ76ODAep0qBy5MTXRD01l
/22+dy2nZBFMOJpYBI+myGQ8lMsXDP7y/0TtU82RIZaAopaodLxvZcL59xx5z3gY
zlUyiTlKzHeNM2h81+53phYt7Zsvoxxnsq5ZlBp0UapMUY8laKT09qqQUdWuk8k1
6uSuAeM00q7OU6LcixRvdwU/mbrNhGRVKzg4bRXhNjZu3AqMf+H+VLpzAujxw4Rc
d0+SOMlvjS5rlDgBIjIMoY/6Fgoh9e263hgnfIepldFTAuZwOUUZmdk4nUj/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+ERLxUGjHx+BcGURtmGRlCslanwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACnlKww
DQYJKoZIhvcNAQELBQADggEBAHouiMwPqhleTpQlPjjJ0QkeZFCcAYHpNjy7W+8M
wR61XC0Vam658oTZBAn6nN97gK+Y4U7EgZZf0ri502j+mNVm7uzz57PGPORQI+5r
dCMHgRlZi7XMfYKDV6PEGLckCuNKkRzGaRc4LscnS6Z3QHVnRSnndiovOFvodm7l
IGWmjcmAb7p2Ja0XzHmXi+kYjmsCYQ2xktBIVZbuU8b32hTSvWUcuz3+OSEOxBqf
QJIX1njGG9ARndf8dIyt5cqLirRLHvRcF+3rJH/asSS2GIK7rm1vpZREurEBvbxP
itoPBEKtgIpFkOI+/VrUHVgWx3m9ZAnM3ULkcVNnuy6sITs=
-----END CERTIFICATE-----