Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e332e302f32342d3234203d3e20343031313930.roa
File:                     3139342e32362e332e302f32342d3234203d3e20343031313930.roa (raw, json)
Hash identifier:          LIKAmocMMAfJYEkBfDTJGvC18ZVuFHLl0Op0JOVO1hY=
Subject key identifier:   12:13:B7:1D:47:9B:80:FB:3A:27:67:E1:A7:07:E2:46:69:FC:4C:8D
Certificate issuer:       /CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
Certificate serial:       74F8C5B58A30E4614F96A09E0C5EBA86422D2DB7
Authority key identifier: 45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e332e302f32342d3234203d3e20343031313930.roa
Signing time:             Fri 12 Sep 2025 13:08:24 +0000
ROA not before:           Fri 12 Sep 2025 13:03:24 +0000
ROA not after:            Fri 11 Sep 2026 13:08:24 +0000
asID:                     401190
IP address blocks:        194.26.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:f8:c5:b5:8a:30:e4:61:4f:96:a0:9e:0c:5e:ba:86:42:2d:2d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45e8648e445dccd0d8ee699f5140bb814e43ae1b
        Validity
            Not Before: Sep 12 13:03:24 2025 GMT
            Not After : Sep 11 13:08:24 2026 GMT
        Subject: CN=1213B71D479B80FB3A2767E1A707E24669FC4C8D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:05:7c:25:3a:fe:24:17:65:18:49:24:e4:1b:
                    27:eb:e8:43:29:68:a7:f3:12:94:ec:ee:40:97:45:
                    fc:69:81:b5:05:32:2b:47:c8:3f:92:bd:40:e6:63:
                    6a:47:6e:f7:1d:6e:d6:b9:fd:74:2b:b0:d3:1e:6e:
                    d7:2d:ec:60:61:ea:29:5b:29:68:9f:1a:88:4a:0d:
                    f8:d8:99:5f:af:15:8d:be:27:ec:97:e4:ac:fd:0a:
                    b9:43:2b:59:f3:45:68:d2:d4:e7:05:8d:46:21:d8:
                    7b:2a:12:b7:bb:f2:df:f1:6e:77:9f:d7:10:17:06:
                    70:02:06:b6:6b:6e:12:47:ac:fe:2c:b4:2d:28:43:
                    be:7d:a4:61:5e:41:23:43:f9:0f:86:f6:71:93:20:
                    d4:00:3e:d7:bc:9d:a8:0e:b1:74:d0:af:7e:5c:59:
                    42:5c:54:f5:5f:24:8f:86:38:b8:c6:79:34:58:9e:
                    e0:46:05:df:7a:d4:7a:0a:78:cc:46:26:06:11:9e:
                    48:9c:fa:ce:67:4d:41:49:6b:31:20:bb:8a:27:46:
                    99:52:fd:ee:6b:03:f6:f5:50:57:de:80:05:2d:9e:
                    ee:99:d4:db:d7:e9:a7:b5:f2:93:c2:e2:39:c9:c9:
                    3b:e9:6f:6f:b0:92:27:82:14:f4:ff:2d:8e:58:8c:
                    be:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:13:B7:1D:47:9B:80:FB:3A:27:67:E1:A7:07:E2:46:69:FC:4C:8D
            X509v3 Authority Key Identifier:
                keyid:45:E8:64:8E:44:5D:CC:D0:D8:EE:69:9F:51:40:BB:81:4E:43:AE:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/45E8648E445DCCD0D8EE699F5140BB814E43AE1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RehkjkRdzNDY7mmfUUC7gU5Drhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/933b2fd7-31c1-451c-8288-c1aa0aa12750/0/3139342e32362e332e302f32342d3234203d3e20343031313930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:2c:56:65:ea:76:0e:98:1d:dc:72:4b:09:52:7e:8f:77:f0:
         3d:c5:6a:fd:18:74:a9:df:a4:08:86:a7:96:84:8e:5d:ea:2c:
         07:9f:0d:eb:57:dd:26:46:97:bb:ef:b8:e5:30:c9:7b:57:53:
         d0:9b:43:5f:ab:7f:a6:0a:f2:95:34:13:61:c5:4f:6c:12:6c:
         22:6b:ad:4b:f3:37:ce:2b:30:3e:84:fb:da:cf:98:7d:6c:ef:
         9a:a7:ff:0d:e2:e7:0c:75:be:38:9d:d7:e7:9e:72:34:9f:64:
         89:45:80:59:85:3f:6b:1b:78:cb:03:53:17:22:91:b0:df:3c:
         93:13:02:e2:66:3f:c5:49:44:44:07:ff:ff:b0:b3:de:0b:81:
         84:f8:4f:82:77:a8:42:3e:1a:d4:3e:9c:3f:86:c9:08:2f:0d:
         51:16:ad:56:69:60:7b:41:4c:f1:fc:38:81:27:59:be:6b:94:
         73:9c:b9:b6:87:0e:05:b8:18:3c:ae:a5:4b:2b:dc:22:85:44:
         24:5a:df:1e:3a:b1:68:75:15:b2:13:c1:29:aa:60:9e:4a:7f:
         41:a8:e9:eb:3d:65:4b:38:29:26:c7:77:4f:cd:52:bf:77:12:
         67:2e:66:38:0d:24:88:68:72:11:5f:8d:fa:b2:0e:ad:a7:35:
         83:a8:dd:25
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUdPjFtYow5GFPlqCeDF66hkItLbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDVlODY0OGU0NDVkY2NkMGQ4ZWU2OTlmNTE0MGJiODE0
ZTQzYWUxYjAeFw0yNTA5MTIxMzAzMjRaFw0yNjA5MTExMzA4MjRaMDMxMTAvBgNV
BAMTKDEyMTNCNzFENDc5QjgwRkIzQTI3NjdFMUE3MDdFMjQ2NjlGQzRDOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8BXwlOv4kF2UYSSTkGyfr6EMp
aKfzEpTs7kCXRfxpgbUFMitHyD+SvUDmY2pHbvcdbta5/XQrsNMebtct7GBh6ilb
KWifGohKDfjYmV+vFY2+J+yX5Kz9CrlDK1nzRWjS1OcFjUYh2HsqEre78t/xbnef
1xAXBnACBrZrbhJHrP4stC0oQ759pGFeQSND+Q+G9nGTINQAPte8nagOsXTQr35c
WUJcVPVfJI+GOLjGeTRYnuBGBd961HoKeMxGJgYRnkic+s5nTUFJazEgu4onRplS
/e5rA/b1UFfegAUtnu6Z1NvX6ae18pPC4jnJyTvpb2+wkieCFPT/LY5YjL5zAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQUEhO3HUebgPs6J2fhpwfiRmn8TI0wHwYDVR0j
BBgwFoAURehkjkRdzNDY7mmfUUC7gU5DrhswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTMzYjJmZDctMzFjMS00NTFjLTgyODgtYzFhYTBhYTEy
NzUwLzAvNDVFODY0OEU0NDVEQ0NEMEQ4RUU2OTlGNTE0MEJCODE0RTQzQUUxQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JlaGtqa1Jkek5EWTdtbWZVVUM3Z1U1
RHJocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvOTMzYjJmZDct
MzFjMS00NTFjLTgyODgtYzFhYTBhYTEyNzUwLzAvMzEzOTM0MmUzMjM2MmUzMzJl
MzAyZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzAzMTMxMzkzMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIa
AzANBgkqhkiG9w0BAQsFAAOCAQEAPCxWZep2Dpgd3HJLCVJ+j3fwPcVq/Rh0qd+k
CIanloSOXeosB58N61fdJkaXu++45TDJe1dT0JtDX6t/pgrylTQTYcVPbBJsImut
S/M3ziswPoT72s+YfWzvmqf/DeLnDHW+OJ3X555yNJ9kiUWAWYU/axt4ywNTFyKR
sN88kxMC4mY/xUlERAf//7Cz3guBhPhPgneoQj4a1D6cP4bJCC8NURatVmlge0FM
8fw4gSdZvmuUc5y5tocOBbgYPK6lSyvcIoVEJFrfHjqxaHUVshPBKapgnkp/Qajp
6z1lSzgpJsd3T81Sv3cSZy5mOA0kiGhyEV+N+rIOrac1g6jdJQ==
-----END CERTIFICATE-----