Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/39312e3139362e362e302f32342d3234203d3e20323135333138.roa
File:                     39312e3139362e362e302f32342d3234203d3e20323135333138.roa (raw, json)
Hash identifier:          j1BjBA5NyrZGkTgGio3bSgpZw6QFV9sBz2jgQ+DhB30=
Subject key identifier:   83:7D:35:1E:A5:28:F6:DB:08:BF:C7:46:A4:C9:4A:D4:B0:35:B8:8A
Certificate issuer:       /CN=3134ee987e08d8b5583feef621a03150c4f35434
Certificate serial:       458E84106D7CA5180AF9595E39A87120721237E9
Authority key identifier: 31:34:EE:98:7E:08:D8:B5:58:3F:EE:F6:21:A0:31:50:C4:F3:54:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/39312e3139362e362e302f32342d3234203d3e20323135333138.roa
Signing time:             Sat 11 Oct 2025 19:47:18 +0000
ROA not before:           Sat 11 Oct 2025 19:42:18 +0000
ROA not after:            Sat 10 Oct 2026 19:47:18 +0000
asID:                     215318
IP address blocks:        91.196.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:8e:84:10:6d:7c:a5:18:0a:f9:59:5e:39:a8:71:20:72:12:37:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3134ee987e08d8b5583feef621a03150c4f35434
        Validity
            Not Before: Oct 11 19:42:18 2025 GMT
            Not After : Oct 10 19:47:18 2026 GMT
        Subject: CN=837D351EA528F6DB08BFC746A4C94AD4B035B88A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c0:89:e0:74:4b:78:be:38:fe:86:73:c2:74:
                    88:79:9c:a3:cc:c8:9e:3b:1f:fc:26:0c:cb:15:e7:
                    39:5b:21:25:7d:ea:01:6a:8d:ba:8a:72:1b:ec:6e:
                    a3:94:7e:b4:5f:39:a6:33:19:de:81:0c:dc:2d:16:
                    da:52:e2:d5:16:dd:60:63:4a:e7:1a:eb:a2:45:fd:
                    d9:66:30:0e:71:cc:f3:63:d3:96:8d:7b:ca:5f:14:
                    62:11:34:b7:d0:5e:43:ca:e6:87:72:c4:58:ab:69:
                    2d:4f:a0:93:41:22:a7:e7:9b:f7:79:8d:29:30:34:
                    2e:64:fc:6b:6a:89:97:6c:af:c9:fe:93:5f:9c:d9:
                    db:ac:e6:c9:74:01:01:de:9a:c2:12:33:fd:98:d3:
                    c9:27:72:8a:53:fd:88:4c:d4:af:44:36:65:b9:4a:
                    a2:f4:e2:a7:64:9f:72:d0:8e:4e:01:31:ed:45:7e:
                    1d:77:f8:fd:45:1b:9d:dd:64:9c:a6:f9:40:a6:27:
                    f8:37:c7:d8:7e:4d:fc:43:54:b3:52:cf:41:83:7b:
                    ff:b4:33:fa:cb:26:0f:af:82:50:90:5f:41:3f:dc:
                    fb:ff:40:ad:c2:3a:44:2d:9b:f4:a2:17:c8:07:70:
                    02:b5:54:0d:d2:22:42:bb:22:08:70:53:1c:cc:9b:
                    13:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:7D:35:1E:A5:28:F6:DB:08:BF:C7:46:A4:C9:4A:D4:B0:35:B8:8A
            X509v3 Authority Key Identifier:
                keyid:31:34:EE:98:7E:08:D8:B5:58:3F:EE:F6:21:A0:31:50:C4:F3:54:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/3134EE987E08D8B5583FEEF621A03150C4F35434.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MTTumH4I2LVYP-72IaAxUMTzVDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/1a3bb93f-98a4-4c7e-a0e1-8057a4f086c9/0/39312e3139362e362e302f32342d3234203d3e20323135333138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:8f:90:b6:e2:b8:79:bc:bc:34:e9:f1:d1:3c:71:6a:78:88:
         3b:5b:be:2b:c6:70:49:9e:5e:16:c2:48:ea:0b:ec:4b:ff:88:
         d8:d6:c0:71:d1:0f:82:88:60:d4:e0:5e:f0:74:e3:0a:12:d6:
         2f:59:61:66:90:a7:1e:1d:9a:17:ad:04:b1:e4:0e:c2:5d:bc:
         da:de:ae:5d:e1:cd:a3:d2:ef:89:0f:1b:ed:f0:8e:1f:6a:fd:
         30:ec:ae:43:f8:7b:ba:87:77:98:83:60:50:ac:79:9e:3f:e1:
         21:d9:87:82:44:61:79:49:29:2e:68:e9:0e:06:7c:24:81:b3:
         89:b7:05:4b:a1:80:26:cf:56:24:dd:29:16:cc:7b:4e:d5:e0:
         78:ab:40:2c:0a:c9:a0:1d:31:a8:d8:44:fa:90:5f:1d:70:f2:
         e9:75:14:9a:71:fe:8e:ac:d9:52:58:7a:bb:8a:46:41:72:f8:
         b5:e8:f9:01:7b:a1:c2:ed:7b:67:73:02:63:8f:67:b3:fc:21:
         36:fb:cd:cf:4f:10:f1:c9:e6:11:5d:c9:be:42:4c:2a:3d:52:
         ff:98:94:c7:a0:b2:7a:a3:de:2e:e9:4e:2a:73:37:10:10:5a:
         4e:3c:56:37:f9:78:57:29:69:49:b5:a8:8a:0e:77:4f:fe:ce:
         4d:14:fa:39
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIURY6EEG18pRgK+VleOahxIHISN+kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzEzNGVlOTg3ZTA4ZDhiNTU4M2ZlZWY2MjFhMDMxNTBj
NGYzNTQzNDAeFw0yNTEwMTExOTQyMThaFw0yNjEwMTAxOTQ3MThaMDMxMTAvBgNV
BAMTKDgzN0QzNTFFQTUyOEY2REIwOEJGQzc0NkE0Qzk0QUQ0QjAzNUI4OEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXwIngdEt4vjj+hnPCdIh5nKPM
yJ47H/wmDMsV5zlbISV96gFqjbqKchvsbqOUfrRfOaYzGd6BDNwtFtpS4tUW3WBj
Suca66JF/dlmMA5xzPNj05aNe8pfFGIRNLfQXkPK5odyxFiraS1PoJNBIqfnm/d5
jSkwNC5k/GtqiZdsr8n+k1+c2dus5sl0AQHemsISM/2Y08kncopT/YhM1K9ENmW5
SqL04qdkn3LQjk4BMe1Ffh13+P1FG53dZJym+UCmJ/g3x9h+TfxDVLNSz0GDe/+0
M/rLJg+vglCQX0E/3Pv/QK3COkQtm/SiF8gHcAK1VA3SIkK7IghwUxzMmxOjAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUg301HqUo9tsIv8dGpMlK1LA1uIowHwYDVR0j
BBgwFoAUMTTumH4I2LVYP+72IaAxUMTzVDQwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMWEzYmI5M2YtOThhNC00YzdlLWEwZTEtODA1N2E0ZjA4
NmM5LzAvMzEzNEVFOTg3RTA4RDhCNTU4M0ZFRUY2MjFBMDMxNTBDNEYzNTQzNC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL01UVHVtSDRJMkxWWVAtNzJJYUF4VU1U
elZEUS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMWEzYmI5M2Yt
OThhNC00YzdlLWEwZTEtODA1N2E0ZjA4NmM5LzAvMzkzMTJlMzEzOTM2MmUzNjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzEzNTMzMzEzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvE
BjANBgkqhkiG9w0BAQsFAAOCAQEAU4+QtuK4eby8NOnx0TxxaniIO1u+K8ZwSZ5e
FsJI6gvsS/+I2NbAcdEPgohg1OBe8HTjChLWL1lhZpCnHh2aF60EseQOwl282t6u
XeHNo9LviQ8b7fCOH2r9MOyuQ/h7uod3mINgUKx5nj/hIdmHgkRheUkpLmjpDgZ8
JIGzibcFS6GAJs9WJN0pFsx7TtXgeKtALArJoB0xqNhE+pBfHXDy6XUUmnH+jqzZ
Ulh6u4pGQXL4tej5AXuhwu17Z3MCY49ns/whNvvNz08Q8cnmEV3JvkJMKj1S/5iU
x6CyeqPeLulOKnM3EBBaTjxWN/l4VylpSbWoig53T/7OTRT6OQ==
-----END CERTIFICATE-----