Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/3139352e37342e34302e302f32322d3234203d3e203331313834.roa
File:                     3139352e37342e34302e302f32322d3234203d3e203331313834.roa (raw, json)
Hash identifier:          OWTrG12il6+R+m95Ctsd+LQNgEyVIDW3AMDlydaSO3g=
Subject key identifier:   74:6D:AF:4A:95:BC:7A:B2:85:AD:64:61:97:9D:44:A6:3E:29:4A:14
Certificate issuer:       /CN=72f3ee169f9bd71f78a42d1a72fe0f2a824822d1
Certificate serial:       5350E9AA000502EB55124B39E93221AE5BAE52E2
Authority key identifier: 72:F3:EE:16:9F:9B:D7:1F:78:A4:2D:1A:72:FE:0F:2A:82:48:22:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/3139352e37342e34302e302f32322d3234203d3e203331313834.roa
Signing time:             Wed 30 Apr 2025 09:38:22 +0000
ROA not before:           Wed 30 Apr 2025 09:33:22 +0000
ROA not after:            Wed 29 Apr 2026 09:38:22 +0000
asID:                     31184
IP address blocks:        195.74.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:50:e9:aa:00:05:02:eb:55:12:4b:39:e9:32:21:ae:5b:ae:52:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72f3ee169f9bd71f78a42d1a72fe0f2a824822d1
        Validity
            Not Before: Apr 30 09:33:22 2025 GMT
            Not After : Apr 29 09:38:22 2026 GMT
        Subject: CN=746DAF4A95BC7AB285AD6461979D44A63E294A14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:76:6d:c1:e2:90:4a:6c:4a:c7:b9:32:e3:b3:
                    0a:f8:fa:bd:5e:8e:58:0e:ef:e5:1a:c0:2e:de:65:
                    89:66:c9:40:cc:0e:8d:96:28:33:f6:70:f7:0d:f3:
                    f0:47:99:da:47:0d:59:6a:9d:83:ca:86:b6:1c:5d:
                    48:da:78:e1:a5:0f:e6:a1:6d:de:08:0c:b2:6c:e3:
                    b4:29:46:00:db:7b:78:7f:05:e1:ed:fb:38:d8:1d:
                    4c:c7:0a:02:72:25:a6:64:03:c4:ef:54:91:b9:77:
                    55:44:77:d3:4e:06:a8:cf:5a:a1:15:68:8f:6b:6f:
                    96:a8:0a:01:bd:5a:79:40:81:54:29:37:f8:35:26:
                    1a:e1:5c:08:15:d6:27:bb:2d:9b:e7:81:89:45:27:
                    1f:e5:be:f3:73:fd:c8:60:0a:e6:fb:b4:09:03:d9:
                    65:68:07:4c:4a:59:c8:f3:1c:fd:72:d4:5c:14:4f:
                    90:d9:a1:4b:ca:f4:f6:a1:ff:10:5f:dd:e6:d9:3a:
                    d8:be:22:24:55:cb:95:cc:0d:a1:cb:cf:8e:98:7a:
                    10:94:0e:47:18:47:f0:9a:c1:c2:9c:9a:5d:f4:f1:
                    6c:93:d9:55:b0:80:57:3f:c9:c0:ba:80:f2:8f:7b:
                    6f:21:90:30:46:d5:3a:6e:df:84:71:b0:5d:7c:80:
                    31:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:6D:AF:4A:95:BC:7A:B2:85:AD:64:61:97:9D:44:A6:3E:29:4A:14
            X509v3 Authority Key Identifier:
                keyid:72:F3:EE:16:9F:9B:D7:1F:78:A4:2D:1A:72:FE:0F:2A:82:48:22:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/72F3EE169F9BD71F78A42D1A72FE0F2A824822D1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cvPuFp-b1x94pC0acv4PKoJIItE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/282b5e00-2ac3-49f1-a29b-26a5fdf0fa41/0/3139352e37342e34302e302f32322d3234203d3e203331313834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.74.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c9:da:30:3c:fd:50:7f:ef:be:7d:f6:4d:68:b9:94:4d:08:b1:
         1f:a8:c0:4d:a1:c6:4d:3b:24:c5:12:b4:8d:99:3e:b4:2d:07:
         15:d4:0b:6d:a4:24:7b:eb:58:8a:0c:12:8f:75:1f:ba:86:93:
         12:01:8b:7d:07:25:47:37:40:ab:a9:70:79:69:6c:72:8c:30:
         03:8d:8b:1b:cb:14:76:c9:34:7f:d7:80:45:81:70:f5:6f:f9:
         ad:4c:8e:c3:83:3a:50:16:92:80:d3:d4:61:bb:ef:a1:97:47:
         00:2d:ac:a7:35:b1:22:a1:3a:11:bd:9c:17:13:90:fe:69:b2:
         29:ab:70:84:68:57:73:dc:d8:05:97:28:58:78:0d:e4:a3:4c:
         68:4a:a2:82:04:40:a7:60:42:eb:2c:f1:4d:2e:95:64:76:c3:
         dd:53:12:89:81:5e:3a:e9:f1:61:1a:4a:eb:e1:e2:1a:31:67:
         50:1e:f9:a6:47:d4:81:a1:55:96:aa:7f:32:dd:ab:4c:8d:37:
         34:a7:ab:c6:6d:40:e5:0e:0c:aa:0d:dc:1f:9d:ba:7b:da:0d:
         cf:28:26:e4:0c:fd:4e:4e:47:56:c7:c4:a4:c1:83:d4:78:5f:
         0e:1b:f9:7f:ec:17:b9:02:49:0b:55:6d:1e:20:0e:e4:77:41:
         50:5c:48:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUU1DpqgAFAutVEks56TIhrluuUuIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzJmM2VlMTY5ZjliZDcxZjc4YTQyZDFhNzJmZTBmMmE4
MjQ4MjJkMTAeFw0yNTA0MzAwOTMzMjJaFw0yNjA0MjkwOTM4MjJaMDMxMTAvBgNV
BAMTKDc0NkRBRjRBOTVCQzdBQjI4NUFENjQ2MTk3OUQ0NEE2M0UyOTRBMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKdm3B4pBKbErHuTLjswr4+r1e
jlgO7+UawC7eZYlmyUDMDo2WKDP2cPcN8/BHmdpHDVlqnYPKhrYcXUjaeOGlD+ah
bd4IDLJs47QpRgDbe3h/BeHt+zjYHUzHCgJyJaZkA8TvVJG5d1VEd9NOBqjPWqEV
aI9rb5aoCgG9WnlAgVQpN/g1JhrhXAgV1ie7LZvngYlFJx/lvvNz/chgCub7tAkD
2WVoB0xKWcjzHP1y1FwUT5DZoUvK9Pah/xBf3ebZOti+IiRVy5XMDaHLz46YehCU
DkcYR/CawcKcml308WyT2VWwgFc/ycC6gPKPe28hkDBG1Tpu34RxsF18gDEHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUdG2vSpW8erKFrWRhl51Epj4pShQwHwYDVR0j
BBgwFoAUcvPuFp+b1x94pC0acv4PKoJIItEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjgyYjVlMDAtMmFjMy00OWYxLWEyOWItMjZhNWZkZjBm
YTQxLzAvNzJGM0VFMTY5RjlCRDcxRjc4QTQyRDFBNzJGRTBGMkE4MjQ4MjJEMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2N2UHVGcC1iMXg5NHBDMGFjdjRQS29K
SUl0RS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjgyYjVlMDAt
MmFjMy00OWYxLWEyOWItMjZhNWZkZjBmYTQxLzAvMzEzOTM1MmUzNzM0MmUzNDMw
MmUzMDJmMzIzMjJkMzIzNDIwM2QzZTIwMzMzMTMxMzgzNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsNK
KDANBgkqhkiG9w0BAQsFAAOCAQEAydowPP1Qf+++ffZNaLmUTQixH6jATaHGTTsk
xRK0jZk+tC0HFdQLbaQke+tYigwSj3UfuoaTEgGLfQclRzdAq6lweWlscowwA42L
G8sUdsk0f9eARYFw9W/5rUyOw4M6UBaSgNPUYbvvoZdHAC2spzWxIqE6Eb2cFxOQ
/mmyKatwhGhXc9zYBZcoWHgN5KNMaEqiggRAp2BC6yzxTS6VZHbD3VMSiYFeOunx
YRpK6+HiGjFnUB75pkfUgaFVlqp/Mt2rTI03NKerxm1A5Q4Mqg3cH526e9oNzygm
5Az9Tk5HVsfEpMGD1HhfDhv5f+wXuQJJC1VtHiAO5HdBUFxIsA==
-----END CERTIFICATE-----