Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e203432383331.roa
File:                     3134312e39382e34322e302f32342d3234203d3e203432383331.roa (raw, json)
Hash identifier:          6ZVZSqjoq8egcUsUMz7rnJfuPRuV1YHJP8qC/sHWbVE=
Subject key identifier:   C6:F6:AE:12:D9:E2:B4:43:63:28:3D:7C:04:D8:02:F0:6D:8F:A7:18
Certificate issuer:       /CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
Certificate serial:       615798452D4AB82C5C52502F740A14AAEFE1A952
Authority key identifier: 7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e203432383331.roa
Signing time:             Wed 24 Sep 2025 13:37:42 +0000
ROA not before:           Wed 24 Sep 2025 13:32:42 +0000
ROA not after:            Wed 23 Sep 2026 13:37:42 +0000
asID:                     42831
IP address blocks:        141.98.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:39:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:57:98:45:2d:4a:b8:2c:5c:52:50:2f:74:0a:14:aa:ef:e1:a9:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
        Validity
            Not Before: Sep 24 13:32:42 2025 GMT
            Not After : Sep 23 13:37:42 2026 GMT
        Subject: CN=C6F6AE12D9E2B44363283D7C04D802F06D8FA718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:16:5b:b4:92:7c:21:c3:40:54:d6:d4:92:e8:
                    e3:cd:3a:3a:26:fe:09:f3:47:bd:85:f6:08:39:46:
                    61:e5:0f:39:90:c5:0e:24:4b:e8:11:42:40:9b:cf:
                    50:65:64:3a:f2:2c:e1:dc:1a:e1:68:98:37:48:47:
                    50:da:fe:fb:7f:20:d7:20:99:7a:60:5a:fd:6a:fd:
                    6f:08:bc:79:99:ba:34:99:a0:c1:09:ae:58:83:5b:
                    c0:3c:5e:a9:1d:4c:55:e4:59:08:5b:43:64:ca:7f:
                    0e:49:4b:12:be:56:22:f3:c2:e0:25:cb:64:8d:49:
                    f3:26:27:99:09:c6:ce:d5:b6:d9:5c:68:3c:fb:17:
                    c6:28:01:b9:58:4f:ae:a9:be:5a:c6:b3:73:2a:94:
                    36:1b:88:e9:42:6a:9d:28:a5:b1:f3:42:4a:e2:5a:
                    ec:b9:2b:af:0f:87:0e:2b:b7:bb:e0:d6:38:bf:d2:
                    a7:d5:38:88:30:d5:7e:18:8b:1a:42:33:fa:6a:82:
                    c4:64:8c:fc:13:d5:d3:b3:56:de:7c:cc:20:76:c8:
                    61:9d:58:41:22:97:25:3a:04:7b:3b:e7:5f:bc:42:
                    5a:00:7c:95:f6:d6:de:1e:50:7b:09:48:3e:8b:6e:
                    18:66:d2:22:df:f2:f2:e9:74:b9:af:bb:fa:3f:80:
                    06:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F6:AE:12:D9:E2:B4:43:63:28:3D:7C:04:D8:02:F0:6D:8F:A7:18
            X509v3 Authority Key Identifier:
                keyid:7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e203432383331.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:9f:2e:31:3b:ef:ae:3a:bb:7d:3f:fa:01:aa:d8:64:91:79:
         d4:f5:fc:3d:f8:d4:21:be:57:bd:6d:ba:7c:0c:e2:9e:cf:fd:
         03:b2:ce:55:1d:ca:47:0b:bc:0b:95:6b:cb:e9:82:ee:e1:49:
         3b:ea:f8:5b:79:60:1b:1b:5d:46:f5:df:e1:d4:e1:1a:38:79:
         a3:14:77:d4:8d:7c:2c:c2:fb:89:f4:23:1d:d5:76:0b:ae:0e:
         4c:37:b4:22:af:02:dc:db:44:90:9e:2c:4c:45:59:df:80:e4:
         90:f5:50:5e:32:63:43:6f:4f:96:ae:04:8e:5b:14:94:80:4a:
         b1:10:05:30:40:47:18:65:e2:eb:fd:ec:1c:72:fb:ae:97:e7:
         e2:37:37:d9:6e:9c:0c:50:99:70:f2:77:81:14:1a:45:5a:15:
         97:96:bf:e6:cc:6e:47:85:a8:76:30:a7:3d:4b:ea:49:15:e0:
         53:f4:8d:99:40:79:ed:b7:c8:5f:17:95:81:97:8c:5a:70:6d:
         0b:38:ba:87:61:4f:f9:3d:46:b7:8f:d8:dc:f8:ff:74:e8:af:
         3d:af:00:a3:a9:2f:a6:24:b7:ae:fc:3d:3c:32:ff:a2:df:25:
         c4:00:90:44:fe:15:1b:50:91:db:ff:6a:d0:31:c2:1a:de:30:
         e7:24:df:5d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUYVeYRS1KuCxcUlAvdAoUqu/hqVIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2U1MWNhYzFjZTJhZmUxOTU4YjFmYjZhNjIzNzcxN2Iw
YjVkNDgxMDAeFw0yNTA5MjQxMzMyNDJaFw0yNjA5MjMxMzM3NDJaMDMxMTAvBgNV
BAMTKEM2RjZBRTEyRDlFMkI0NDM2MzI4M0Q3QzA0RDgwMkYwNkQ4RkE3MTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMFlu0knwhw0BU1tSS6OPNOjom
/gnzR72F9gg5RmHlDzmQxQ4kS+gRQkCbz1BlZDryLOHcGuFomDdIR1Da/vt/INcg
mXpgWv1q/W8IvHmZujSZoMEJrliDW8A8XqkdTFXkWQhbQ2TKfw5JSxK+ViLzwuAl
y2SNSfMmJ5kJxs7VttlcaDz7F8YoAblYT66pvlrGs3MqlDYbiOlCap0opbHzQkri
Wuy5K68Phw4rt7vg1ji/0qfVOIgw1X4YixpCM/pqgsRkjPwT1dOzVt58zCB2yGGd
WEEilyU6BHs751+8QloAfJX21t4eUHsJSD6Lbhhm0iLf8vLpdLmvu/o/gAYHAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUxvauEtnitENjKD18BNgC8G2PpxgwHwYDVR0j
BBgwFoAUflHKwc4q/hlYsftqYjdxewtdSBAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODgxYjdmMDgtZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJi
ZDMyLzAvN0U1MUNBQzFDRTJBRkUxOTU4QjFGQjZBNjIzNzcxN0IwQjVENDgxMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZsSEt3YzRxX2hsWXNmdHFZamR4ZXd0
ZFNCQS5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODgxYjdmMDgt
ZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJiZDMyLzAvMzEzNDMxMmUzOTM4MmUzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzQzMjM4MzMzMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI1i
KjANBgkqhkiG9w0BAQsFAAOCAQEAWp8uMTvvrjq7fT/6AarYZJF51PX8PfjUIb5X
vW26fAzins/9A7LOVR3KRwu8C5Vry+mC7uFJO+r4W3lgGxtdRvXf4dThGjh5oxR3
1I18LML7ifQjHdV2C64OTDe0Iq8C3NtEkJ4sTEVZ34DkkPVQXjJjQ29Plq4EjlsU
lIBKsRAFMEBHGGXi6/3sHHL7rpfn4jc32W6cDFCZcPJ3gRQaRVoVl5a/5sxuR4Wo
djCnPUvqSRXgU/SNmUB57bfIXxeVgZeMWnBtCzi6h2FP+T1Gt4/Y3Pj/dOivPa8A
o6kvpiS3rvw9PDL/ot8lxACQRP4VG1CR2/9q0DHCGt4w5yTfXQ==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:22:47 2025 by rpki-client