Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e20343031383338.roa
File:                     3139342e32362e322e302f32342d3234203d3e20343031383338.roa (raw, json)
Hash identifier:          hww+5Hf4jmFo7Au813kPo2lBtFDkf7ALOlVDrCFDow8=
Subject key identifier:   3B:96:31:87:98:D4:E6:F3:15:F2:AE:77:96:EF:8D:A5:A7:4E:28:A1
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       6F452B0299796D152BE80E822985AF5C69FDF840
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e20343031383338.roa
Signing time:             Wed 13 Aug 2025 05:14:21 +0000
ROA not before:           Wed 13 Aug 2025 05:09:21 +0000
ROA not after:            Wed 12 Aug 2026 05:14:21 +0000
asID:                     401838
IP address blocks:        194.26.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:45:2b:02:99:79:6d:15:2b:e8:0e:82:29:85:af:5c:69:fd:f8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Aug 13 05:09:21 2025 GMT
            Not After : Aug 12 05:14:21 2026 GMT
        Subject: CN=3B96318798D4E6F315F2AE7796EF8DA5A74E28A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:99:9e:d6:e3:b0:01:da:f9:2d:3d:7a:f7:44:
                    d7:88:26:7c:20:f6:26:fe:7c:b3:9f:41:65:3b:6a:
                    33:4b:a5:81:67:52:8c:3f:4a:ea:70:16:68:2f:73:
                    90:d1:73:2a:cc:42:70:10:99:98:5e:79:ea:b4:16:
                    31:3c:57:4a:36:8d:c6:db:1d:18:b1:a2:3f:a7:b9:
                    20:09:a9:76:9b:01:97:90:e3:50:3d:21:4c:fb:f0:
                    38:2e:32:b1:50:25:b2:8b:79:1f:0c:2b:f6:e8:39:
                    23:22:98:2d:b4:85:cf:0a:1c:b2:38:83:48:2b:cb:
                    ac:71:c4:ef:eb:1f:e3:09:30:36:c7:a3:2f:9f:be:
                    95:85:de:e2:44:8a:c2:4a:73:61:a9:52:07:81:d1:
                    15:e2:1b:e3:1c:01:15:85:a2:a4:f2:e4:89:dd:95:
                    19:83:ad:9d:73:cb:95:19:d8:22:bb:c2:ba:76:d5:
                    1d:e1:e3:58:86:f2:ce:46:4b:bc:18:2d:bb:96:30:
                    9d:f8:2c:1b:24:a1:98:bf:67:36:97:eb:4e:5d:50:
                    34:bd:25:8c:fc:bd:95:47:02:65:8f:8e:94:07:5d:
                    33:0f:d6:bf:9f:13:6c:2c:d9:c0:09:d7:5e:ea:3a:
                    65:54:41:f8:26:61:5d:7d:c4:38:3a:a9:d5:61:a4:
                    61:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:96:31:87:98:D4:E6:F3:15:F2:AE:77:96:EF:8D:A5:A7:4E:28:A1
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e322e302f32342d3234203d3e20343031383338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:9e:78:f5:bb:f8:c6:31:a3:ae:12:3f:52:54:d5:95:48:49:
         9a:f9:4e:a1:86:f8:ea:3e:4b:82:e9:b8:ad:68:9e:6b:ec:b1:
         cd:7a:d7:8c:08:a8:63:ac:4b:1b:0a:fa:2e:49:77:aa:ee:3f:
         ec:f5:37:48:9a:8e:2c:4a:31:2f:87:df:a0:85:b3:f4:ef:2b:
         98:4b:b9:d9:92:55:f8:80:97:57:d6:de:b9:d7:dd:65:d5:e7:
         68:f4:98:6e:1c:06:b6:0c:b0:35:e9:06:22:ab:d1:94:8e:0b:
         7c:67:c1:b9:ca:17:38:ff:e7:24:85:fd:a6:e0:4d:e9:bb:cf:
         e3:ea:87:f2:a6:88:a5:ed:14:7e:cb:76:28:4e:82:04:06:8f:
         d5:d4:b9:50:96:a3:d8:eb:f0:b6:4e:2d:ad:48:d6:0b:1d:dd:
         5a:4f:19:01:fa:37:73:f0:bf:35:49:d8:90:5c:a7:fd:b3:a3:
         cf:e7:ac:2c:1b:63:09:3e:85:d9:8e:0e:0c:07:bc:9a:81:3e:
         65:b0:1a:ef:6f:48:b0:3f:da:df:5d:34:46:5b:be:6f:ef:eb:
         ed:3a:00:1c:20:32:4a:b0:f4:18:50:92:81:0e:44:dd:84:e5:
         04:7c:3f:80:7b:0f:b4:b5:b0:37:97:ee:22:41:f6:68:aa:9f:
         de:ef:a6:b0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUb0UrApl5bRUr6A6CKYWvXGn9+EAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTA4MTMwNTA5MjFaFw0yNjA4MTIwNTE0MjFaMDMxMTAvBgNV
BAMTKDNCOTYzMTg3OThENEU2RjMxNUYyQUU3Nzk2RUY4REE1QTc0RTI4QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjmZ7W47AB2vktPXr3RNeIJnwg
9ib+fLOfQWU7ajNLpYFnUow/SupwFmgvc5DRcyrMQnAQmZheeeq0FjE8V0o2jcbb
HRixoj+nuSAJqXabAZeQ41A9IUz78DguMrFQJbKLeR8MK/boOSMimC20hc8KHLI4
g0gry6xxxO/rH+MJMDbHoy+fvpWF3uJEisJKc2GpUgeB0RXiG+McARWFoqTy5Ind
lRmDrZ1zy5UZ2CK7wrp21R3h41iG8s5GS7wYLbuWMJ34LBskoZi/ZzaX605dUDS9
JYz8vZVHAmWPjpQHXTMP1r+fE2ws2cAJ117qOmVUQfgmYV19xDg6qdVhpGGDAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUO5Yxh5jU5vMV8q53lu+NpadOKKEwHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMjJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMTM4MzMzOC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIa
AjANBgkqhkiG9w0BAQsFAAOCAQEAbp549bv4xjGjrhI/UlTVlUhJmvlOoYb46j5L
gum4rWiea+yxzXrXjAioY6xLGwr6Lkl3qu4/7PU3SJqOLEoxL4ffoIWz9O8rmEu5
2ZJV+ICXV9beudfdZdXnaPSYbhwGtgywNekGIqvRlI4LfGfBucoXOP/nJIX9puBN
6bvP4+qH8qaIpe0Ufst2KE6CBAaP1dS5UJaj2Ovwtk4trUjWCx3dWk8ZAfo3c/C/
NUnYkFyn/bOjz+esLBtjCT6F2Y4ODAe8moE+ZbAa729IsD/a3100Rlu+b+/r7ToA
HCAySrD0GFCSgQ5E3YTlBHw/gHsPtLWwN5fuIkH2aKqf3u+msA==
-----END CERTIFICATE-----