Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e20383334.roa
File:                     3134312e39382e34322e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          yJmSpxSNqWan3RXwFkV2bGZAYEgltseTkzLsMmPV8Gg=
Subject key identifier:   2F:D8:D6:90:28:5C:E1:A8:C0:E8:F8:1D:1F:6A:E2:7E:D3:9A:51:76
Certificate issuer:       /CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
Certificate serial:       4073818F88D8CAF2F0243FBD0ACD522E5296AFB2
Authority key identifier: 7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e20383334.roa
Signing time:             Wed 20 Aug 2025 00:02:01 +0000
ROA not before:           Tue 19 Aug 2025 23:57:01 +0000
ROA not after:            Wed 19 Aug 2026 00:02:01 +0000
asID:                     834
IP address blocks:        141.98.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:73:81:8f:88:d8:ca:f2:f0:24:3f:bd:0a:cd:52:2e:52:96:af:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e51cac1ce2afe1958b1fb6a6237717b0b5d4810
        Validity
            Not Before: Aug 19 23:57:01 2025 GMT
            Not After : Aug 19 00:02:01 2026 GMT
        Subject: CN=2FD8D690285CE1A8C0E8F81D1F6AE27ED39A5176
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:05:3d:e5:41:30:2c:1e:80:37:e2:19:97:16:
                    e0:09:35:5d:de:66:f4:8d:8f:25:1e:ad:7d:8f:aa:
                    53:b6:8f:4d:f3:aa:9a:4c:c4:aa:f3:04:16:60:82:
                    91:97:82:2b:a6:d6:7d:5f:ce:ce:8c:2d:22:3d:7f:
                    6a:a0:41:f8:53:b5:4c:b2:17:19:d0:a9:0a:49:b8:
                    7a:e2:6c:2e:bc:f1:53:b2:1a:6c:ef:7e:d2:2c:d9:
                    3e:e3:f7:8b:ef:b4:63:09:57:e2:47:bd:27:ae:d8:
                    b4:e3:ac:aa:c7:1d:77:3f:09:66:73:73:4a:24:de:
                    86:49:2e:bd:fc:12:72:41:cf:14:27:85:eb:12:fb:
                    60:e4:9e:17:39:8e:a9:13:13:6a:c3:01:e7:a7:97:
                    5b:50:4a:84:56:e2:1f:72:df:26:e8:68:d6:8b:22:
                    4c:57:55:4b:07:42:88:08:b6:9c:a8:12:62:75:c5:
                    e5:29:f4:e1:cc:09:94:72:7a:b9:cc:03:40:fc:a2:
                    26:05:44:94:fd:c7:72:d8:b5:fc:db:ac:b0:45:e1:
                    5b:20:7f:dd:a1:fe:74:50:52:16:13:df:69:9e:99:
                    53:21:c6:9b:1d:e2:57:38:09:a5:12:b6:24:ca:f1:
                    3b:2a:17:b3:38:7d:9e:09:19:20:4f:3c:f6:ed:18:
                    ba:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:D8:D6:90:28:5C:E1:A8:C0:E8:F8:1D:1F:6A:E2:7E:D3:9A:51:76
            X509v3 Authority Key Identifier:
                keyid:7E:51:CA:C1:CE:2A:FE:19:58:B1:FB:6A:62:37:71:7B:0B:5D:48:10

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/7E51CAC1CE2AFE1958B1FB6A6237717B0B5D4810.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flHKwc4q_hlYsftqYjdxewtdSBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/881b7f08-dd94-4cd0-aa38-8512f152bd32/0/3134312e39382e34322e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:a7:b4:86:7f:fa:f1:7b:9c:bc:32:79:d9:91:a7:25:50:24:
         7f:f1:16:87:99:de:e1:d6:a4:30:57:a2:8c:ff:5b:72:fe:38:
         58:f0:c8:5c:99:14:7f:9a:2d:f2:fe:2f:39:ed:ff:5b:7a:fe:
         3d:b4:a7:b1:59:5c:d3:9b:b1:c3:71:24:ad:69:45:5b:9f:0d:
         3c:2a:a8:42:90:7a:23:b2:00:da:39:f3:a9:c5:7f:52:b9:62:
         f8:d6:00:03:1f:73:3f:ce:42:d5:18:5e:90:1d:f8:72:8b:64:
         fd:68:e1:f2:f8:1b:42:86:ad:a5:47:7f:5d:d1:43:b0:fe:9b:
         4a:be:b4:42:24:97:21:4d:12:63:8f:fe:96:c3:4c:7c:8c:14:
         b7:2d:af:c8:eb:bd:5a:63:8f:6b:56:db:ab:ac:bb:1e:b7:b7:
         42:fb:db:0c:98:b8:c3:83:3b:6e:04:dd:23:b7:e4:e8:a7:dd:
         b1:6b:ff:30:55:60:50:17:37:0f:62:92:30:59:7b:72:ab:ae:
         35:dd:15:1f:4d:b1:9f:8a:4b:32:71:d8:0e:57:92:b3:e8:3c:
         f5:b8:e2:06:13:72:1b:6f:9a:8c:bb:9d:1b:85:c3:4e:3c:20:
         61:97:49:73:0f:c5:72:f0:d0:f3:aa:e8:99:b7:c7:e0:63:28:
         4c:19:1f:0e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUQHOBj4jYyvLwJD+9Cs1SLlKWr7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2U1MWNhYzFjZTJhZmUxOTU4YjFmYjZhNjIzNzcxN2Iw
YjVkNDgxMDAeFw0yNTA4MTkyMzU3MDFaFw0yNjA4MTkwMDAyMDFaMDMxMTAvBgNV
BAMTKDJGRDhENjkwMjg1Q0UxQThDMEU4RjgxRDFGNkFFMjdFRDM5QTUxNzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwBT3lQTAsHoA34hmXFuAJNV3e
ZvSNjyUerX2PqlO2j03zqppMxKrzBBZggpGXgium1n1fzs6MLSI9f2qgQfhTtUyy
FxnQqQpJuHribC688VOyGmzvftIs2T7j94vvtGMJV+JHvSeu2LTjrKrHHXc/CWZz
c0ok3oZJLr38EnJBzxQnhesS+2Dknhc5jqkTE2rDAeenl1tQSoRW4h9y3yboaNaL
IkxXVUsHQogItpyoEmJ1xeUp9OHMCZRyernMA0D8oiYFRJT9x3LYtfzbrLBF4Vsg
f92h/nRQUhYT32memVMhxpsd4lc4CaUStiTK8TsqF7M4fZ4JGSBPPPbtGLr7AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUL9jWkChc4ajA6PgdH2riftOaUXYwHwYDVR0j
BBgwFoAUflHKwc4q/hlYsftqYjdxewtdSBAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODgxYjdmMDgtZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJi
ZDMyLzAvN0U1MUNBQzFDRTJBRkUxOTU4QjFGQjZBNjIzNzcxN0IwQjVENDgxMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZsSEt3YzRxX2hsWXNmdHFZamR4ZXd0
ZFNCQS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODgxYjdmMDgt
ZGQ5NC00Y2QwLWFhMzgtODUxMmYxNTJiZDMyLzAvMzEzNDMxMmUzOTM4MmUzNDMy
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWIqMA0G
CSqGSIb3DQEBCwUAA4IBAQC1p7SGf/rxe5y8MnnZkaclUCR/8RaHmd7h1qQwV6KM
/1ty/jhY8MhcmRR/mi3y/i857f9bev49tKexWVzTm7HDcSStaUVbnw08KqhCkHoj
sgDaOfOpxX9SuWL41gADH3M/zkLVGF6QHfhyi2T9aOHy+BtChq2lR39d0UOw/ptK
vrRCJJchTRJjj/6Ww0x8jBS3La/I671aY49rVturrLset7dC+9sMmLjDgztuBN0j
t+Top92xa/8wVWBQFzcPYpIwWXtyq6413RUfTbGfiksycdgOV5Kz6Dz1uOIGE3Ib
b5qMu50bhcNOPCBhl0lzD8Vy8NDzquiZt8fgYyhMGR8O
-----END CERTIFICATE-----